Lucene search
K

23 matches found

CNNVD
CNNVD
added 2026/04/02 12:0 a.m.6 views

OneUptime 访问控制错误漏洞

OneUptime is a comprehensive open-source solution developed by OneUptime. It is used to monitor and manage your online services. Versions of OneUptime prior to 10.0.42 contained a access control vulnerability. This vulnerability stemmed from the ability to access notification tests and telephone...

9.1CVSS5.8AI score0.00348EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/07 9:45 p.m.3 views

CVE-2026-25858

macrozheng mall version 1.0.3 and prior contains an authentication vulnerability in the mall-portal password reset workflow that allows an unauthenticated attacker to reset arbitrary user account passwords using only a victim’s telephone number. The password reset flow exposes the one-time passwo...

9.3CVSS5.7AI score0.00615EPSS
Exploits0References4
CVE
CVE
added 2026/02/07 9:45 p.m.16 views

CVE-2026-25858

The CVE-2026-25858 issue affects macrozheng mall up to version 1.0.3 where the mall-portal password reset flow exposes the OTP in the API response and authenticates requests solely by the OTP tied to a telephone number. An unauthenticated attacker can reset arbitrary user passwords using only a k...

9.8CVSS5.7AI score0.00615EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/02/07 9:45 p.m.3 views

CVE-2026-25858 macrozheng mall <= 1.0.3 Unauthenticated Password Reset via OTP Disclosure

macrozheng mall version 1.0.3 and prior contains an authentication vulnerability in the mall-portal password reset workflow that allows an unauthenticated attacker to reset arbitrary user account passwords using only a victim’s telephone number. The password reset flow exposes the one-time passwo...

9.3CVSS6.1AI score0.00615EPSS
Exploits0References6
Malwarebytes
Malwarebytes
added 2025/10/16 10:49 a.m.6 views

Mango discloses data breach at third-party provider

Mango has reported a data breach at one of its external marketing service providers. The Spanish fashion retailer says that only personal contact information has been exposed—no financial data. The breach took place at the service provider and did not affect Mango’s own systems. According to the...

7.2AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-16508

Malware in sbrugna...

7.5CVSS7.6AI score0.01025EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/11/12 6:1 p.m.26 views

CVE-2024-51720 Vulnerabilities in SecuSUITE Server Components Impact SecuSUITE

An insufficient entropy vulnerability in the SecuSUITE Secure Client Authentication SCA Server of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially enroll an attacker-controlled device to the victim’s account and telephone number...

4.8CVSS0.0031EPSS
Exploits0References1
CVE
CVE
added 2024/11/12 6:1 p.m.55 views

CVE-2024-51720

CVE-2024-51720 affects SecuSUITE Secure Client Authentication (SCA) Server, 5.0.420 and earlier. Root cause: insufficient entropy in the enrollment flow, enabling an attacker to enroll an attacker‑controlled device to a victim’s account/phone number. Additional notes from PT-2024-34867 cite lack ...

4.8CVSS5.1AI score0.0031EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.171 views

Viproy CUCDM IP Phone XML Services Speed Dial Attack Tool

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rexml/document' class MetasploitModule 'Viproy CUCDM IP Phone XML Services - Speed Dial Attack Tool', 'Description' = %q The BVSMWeb portal in the web framework...

7.5CVSS6.7AI score0.21879EPSS
Exploits4
WPVulnDB
WPVulnDB
added 2023/11/16 12:0 a.m.12 views

Telephone Number Linker <= 1.2 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its telnumlink shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.4CVSS6.1AI score0.00544EPSS
Exploits0
OSV
OSV
added 2023/11/07 11:15 a.m.1 views

CVE-2023-5743

The Telephone Number Linker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'telnumlink' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.4CVSS7AI score0.00544EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/11/07 11:1 a.m.15 views

CVE-2023-5743 Telephone Number Linker <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Telephone Number Linker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'telnumlink' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00544EPSS
Exploits0References3
CVE
CVE
added 2023/11/07 11:1 a.m.36 views

CVE-2023-5743

CVE-2023-5743 (Telephone Number Linker, WordPress) Stored Cross-Site Scripting via the plugin’s telnumlink shortcode is present in all versions up to 1.2. The vulnerability requires authenticated access (contributor-level or higher) and arises from insufficient input sanitization/output escaping ...

6.4CVSS5.3AI score0.00544EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2023/11/07 12:0 a.m.2 views

WordPress Plugin Telephone Number Linker Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

6.4CVSS6.6AI score0.00544EPSS
Exploits0References5
Patchstack
Patchstack
added 2023/11/07 12:0 a.m.11 views

WordPress Telephone Number Linker Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Software Telephone Number Linker Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5743 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID fce4160970a1 Credits Lana Codes Required...

6.4CVSS6AI score0.00544EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/12/28 5:0 p.m.25 views

CVE-2018-20576

Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phonetest.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan...

5.7AI score0.00412EPSS
Exploits1References2
NVD
NVD
added 2016/04/18 12:59 a.m.21 views

CVE-2016-0847

The Telecom Component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to spoof the originating telephone number of a call via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26864502...

8.4CVSS8AI score0.00233EPSS
Exploits0References3
NVD
NVD
added 2015/04/10 2:59 p.m.22 views

CVE-2015-1113

The Sandbox Profiles component in Apple iOS before 8.3 allows attackers to read the 1 telephone number or 2 e-mail address of a recent contact via a crafted app...

1.9CVSS5.5AI score0.00351EPSS
Exploits0References4
Cvelist
Cvelist
added 2015/04/10 2:0 p.m.22 views

CVE-2015-1113

The Sandbox Profiles component in Apple iOS before 8.3 allows attackers to read the 1 telephone number or 2 e-mail address of a recent contact via a crafted app...

5.5AI score0.00351EPSS
Exploits0References4
NVD
NVD
added 2014/09/18 10:55 a.m.20 views

CVE-2014-4367

Apple iOS before 8 enables Voice Dial during all upgrade actions, which makes it easier for physically proximate attackers to launch unintended calls by speaking a telephone number...

2.1CVSS5.7AI score0.0037EPSS
Exploits0References6
Rows per page
Query Builder