59508 matches found
PT-2026-39787
A race condition was addressed with improved handling of symbolic links. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to access Contacts without user consent...
[SECURITY] Fedora 42 Update: nextcloud-33.0.3-1.fc42
NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...
[SECURITY] Fedora 44 Update: nextcloud-33.0.3-1.fc44
NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...
CVE-2026-42193 Plunk: SNS webhook forgery
Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, the /webhooks/sns endpoint accepts Amazon SNS notification payloads from unauthenticated requests without verifying the SNS signature, certificate, or topic ARN, meaning anyone can forge a valid-looking webhoo...
MAL-2026-3370 Malicious code in sufiagent (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f2cfd59dcec981250aeaf0633059cfd0af4d5dac6c87a1d54b9e13ce70957858 Designed to run on Android. Under the mask of an AI agent, the code downloads a remote executable on import, and during usage, silently exfiltrates data like...
CVE-2026-41657
Admidio is an open-source user management solution. Prior to version 5.0.9, the contactsdata.php endpoint uses a weaker permission check isAdministratorUsers, requiring only roledituser=true than the frontend UI contacts.php which correctly requires the stronger isAdministrator requiring...
CVE-2026-41657
Admidio is an open-source user management solution. Prior to version 5.0.9, the contactsdata.php endpoint uses a weaker permission check isAdministratorUsers, requiring only roledituser=true than the frontend UI contacts.php which correctly requires the stronger isAdministrator requiring...
CVE-2026-41657 Admidio: Cross-Organization Member Data Exposure via Permission Check Mismatch in contacts_data.php
Admidio is an open-source user management solution. Prior to version 5.0.9, the contactsdata.php endpoint uses a weaker permission check isAdministratorUsers, requiring only roledituser=true than the frontend UI contacts.php which correctly requires the stronger isAdministrator requiring...
EUVD-2026-28266
Admidio is an open-source user management solution. Prior to version 5.0.9, the contactsdata.php endpoint uses a weaker permission check isAdministratorUsers, requiring only roledituser=true than the frontend UI contacts.php which correctly requires the stronger isAdministrator requiring...
CVE-2026-41657 Admidio: Cross-Organization Member Data Exposure via Permission Check Mismatch in contacts_data.php
Admidio is an open-source user management solution. Prior to version 5.0.9, the contactsdata.php endpoint uses a weaker permission check isAdministratorUsers, requiring only roledituser=true than the frontend UI contacts.php which correctly requires the stronger isAdministrator requiring...
Admidio 安全漏洞
Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Versions of Admidio prior to 5.0.9 contained security vulnerabilities. These vulnerabilities...
[20260702] - Core - Incorrect Access Control in com_contact vcf download
An improper access check allows user to download vcard exports of comcontact contacts that are inaccessible...
Malicious code in metoopro (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6e089d4b8b0fe90a96024c1160f198df5ab7ec0b30f1f5765cf81ef4aa640279 Designed to run on Android. Under the mask of an AI agent, the code downloads a remote executable on import, and during usage, silently exfiltrates data like...
MAL-2026-3247 Malicious code in metoopro (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6e089d4b8b0fe90a96024c1160f198df5ab7ec0b30f1f5765cf81ef4aa640279 Designed to run on Android. Under the mask of an AI agent, the code downloads a remote executable on import, and during usage, silently exfiltrates data like...
Admidio Exposes Cross-Organization Member Data via Permission Check Mismatch in contacts_data.php
Summary The contactsdata.php endpoint uses a weaker permission check isAdministratorUsers, requiring only roledituser=true than the frontend UI contacts.php which correctly requires the stronger isAdministrator requiring roladministrator=true and the contactsshowall system setting. A user manager...
GHSA-G8P8-94F2-28GR Admidio Exposes Cross-Organization Member Data via Permission Check Mismatch in contacts_data.php
Summary The contactsdata.php endpoint uses a weaker permission check isAdministratorUsers, requiring only roledituser=true than the frontend UI contacts.php which correctly requires the stronger isAdministrator requiring roladministrator=true and the contactsshowall system setting. A user manager...
PT-2026-37141
Name of the Vulnerable Software and Affected Versions Admidio versions prior to 5.0.9 Description An authorization mismatch exists between the frontend UI and the backend data endpoint. While the frontend correctly restricts the "show all organizations" filter to full administrators, the 'contact...
A week in security (April 20 – April 26)
Last week on Malwarebytes Labs: Medical data of 500,000 UK volunteers listed for sale on Alibaba How cyberattacks on companies affect everyone Apple fixes iOS bug that kept deleted notifications, including chat previews Roblox clamps down on chats and age checks as legal pressure builds Malicious...
Android 17 ends all-or-nothing access to your contacts
Some of the apps on your phone want your contacts. Most don't need them all, but have been happily slurping up the lot for years. Google has decided to do something about that with the next version of Android. Android 17 currently in preview is introducing a new Contact Picker that lets users gra...
Google Blocks 8.3B Policy-Violating Ads in 2025, Launches Android 17 Privacy Overhaul
Google this week announced a new set of Play policy updates to strengthen user privacy and protect businesses against fraud, even as it revealed it blocked or removed over 8.3 billion ads globally and suspended 24.9 million accounts in 2025. The new policy updates relate to contact and location...