Lucene search
+L

59508 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.15 views

CVE-2026-41657

Admidio is an open-source user management solution. Prior to version 5.0.9, the contactsdata.php endpoint uses a weaker permission check isAdministratorUsers, requiring only roledituser=true than the frontend UI contacts.php which correctly requires the stronger isAdministrator requiring...

4.9CVSS5.4AI score0.00322EPSS
Exploits0References1
Fedora
Fedora
added 2026/06/05 4:10 a.m.19 views

[SECURITY] Fedora 43 Update: nextcloud-33.0.4-1.fc43

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

9.1CVSS5.8AI score0.00586EPSS
Exploits1
HackRead
HackRead
added 2026/06/03 9:27 p.m.16 views

How to Recover Data from iCloud Backup Without Resetting Your iPhone

Restore data from an iCloud backup without the necessity of resetting your iPhone. Discover proven methods to get back your photos, messages, contacts, and many more things in a very easy way...

5.8AI score
Exploits0
OSV
OSV
added 2026/06/03 4:10 p.m.9 views

DRUPAL-CONTRIB-2026-039

This module configures default editorial workflows for LocalGov Drupal content types. It provides a Drupal content moderation workflow, a content approvals dashboard, content scheduling and content preview. The module doesn't sufficiently restrict access to a view of Service Contacts at which...

9.8CVSS5.8AI score0.00331EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/03 10:1 a.m.16 views

CVE-2026-0075

In multiple functions, there is a possible way to access the contacts database due to a SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS6AI score0.00094EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.13 views

PT-2026-46079

This module configures default editorial workflows for LocalGov Drupal content types. It provides a Drupal content moderation workflow, a content approvals dashboard, content scheduling and content preview. The module doesn't sufficiently restrict access to a view of Service Contacts at which...

5.8AI score
Exploits0References2
Drupal
Drupal
added 2026/06/03 12:0 a.m.15 views

LocalGov Workflows - Moderately critical - Information disclosure - SA-CONTRIB-2026-039

This module configures default editorial workflows for LocalGov Drupal content types. It provides a Drupal content moderation workflow, a content approvals dashboard, content scheduling and content preview. The module doesn't sufficiently restrict access to a view of Service Contacts at which...

9.8CVSS5.8AI score0.00331EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.23 views

PT-2026-46112

Name of the Vulnerable Software and Affected Versions LocalGov Workflows versions 0.0.0 through 1.6.0 Description Missing authorization allows forceful browsing within the module, which configures default editorial workflows for content types, including content moderation, approvals dashboards,...

6.1AI score0.00331EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/02 12:31 a.m.15 views

EUVD-2026-33791

In multiple functions, there is a possible way to access the contacts database due to a SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

6AI score0.00094EPSS
Exploits0References2
NVD
NVD
added 2026/06/01 10:16 p.m.17 views

CVE-2026-0075

In multiple functions, there is a possible way to access the contacts database due to a SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS0.00094EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:14 p.m.12 views

CVE-2026-0075

In multiple functions, there is a possible way to access the contacts database due to a SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

6AI score0.00094EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/01 9:14 p.m.12 views

CVE-2026-0075

In multiple functions, there is a possible way to access the contacts database due to a SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

6AI score0.00094EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/01 9:14 p.m.41 views

CVE-2026-0075

In multiple functions, there is a possible way to access the contacts database due to a SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00094EPSS
Exploits0References1
CVE
CVE
added 2026/06/01 9:14 p.m.25 views

CVE-2026-0075

The CVE-2026-0075 entry describes a SQL injection that could permit access to the contacts database, enabling local escalation of privilege with no additional privileges required and no user interaction needed. Connected documents (including RH/CVE, EUVD, NVD, CNNVD, and others) reiterate the sam...

7.8CVSS6AI score0.00094EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.24 views

PT-2026-45585

In multiple functions, there is a possible way to access the contacts database due to a SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

6AI score0.00094EPSS
Exploits0References2
OSV
OSV
added 2026/06/01 12:0 a.m.12 views

ASB-A-465133716

In multiple functions, there is a possible way to access the contacts database due to a SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS6AI score0.00094EPSS
Exploits0References2
NVD
NVD
added 2026/05/27 9:16 a.m.15 views

CVE-2025-13167

Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in contact functionality in Synology Contacts before 1.0.10-20659 allows remote authenticated users to read or write specific files containing non-sensitive information via unspecified vectors...

5.4CVSS0.00254EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 8:34 a.m.16 views

CVE-2025-13167

Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in contact functionality in Synology Contacts before 1.0.10-20659 allows remote authenticated users to read or write specific files containing non-sensitive information via unspecified vectors...

5.4CVSS5.8AI score0.00254EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/27 8:34 a.m.15 views

EUVD-2025-209954

Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in contact functionality in Synology Contacts before 1.0.10-20659 allows remote authenticated users to read or write specific files containing non-sensitive information via unspecified vectors...

5.4CVSS5.8AI score0.00254EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 8:34 a.m.11 views

CVE-2025-13167

Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in contact functionality in Synology Contacts before 1.0.10-20659 allows remote authenticated users to read or write specific files containing non-sensitive information via unspecified vectors...

5.4CVSS5.8AI score0.00254EPSS
Exploits0References1
Rows per page
Query Builder