Joomla! Component Property - Local File Inclusion

A directory traversal vulnerability in the Real Estate Property comproperties component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1875 info: name: Joomla...

Malicious code in menu-filter-widget-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bed4a7ece362ef59f2b621b3f64d06e899740c8ca8d73e437145d48b960187ce package.json declares a postinstall lifecycle hook that runs callback.js on every npm install. callback.js reads os.hostname and sends it to a...

invect-xss-report

invect-xss-report Технический отчет о критической уязвимости R...

UPnPHostFileRead

Description Local arbitrary file read PoC exploit for the Wind...

CVE-2026-30895

Lack of output escaping leads to a XSS vector in the readmore links for comcontent...

CVE-2026-40384

An improper validation of the search parameter of the commedia files API endpoint leads to a path traversal vulnerability...

CVE-2026-35223

An improper access check allows unauthorized access to comconfig webservice endpoints...

CVE-2026-32685

creationtimestamp| type| source ---|---|--- 2026-06-05 09:52:49+00:00| seen| https://bsky.app/profile/janvhs.com/post/3mnjujssgpk2p 2026-06-05 09:52:49+00:00| seen| https://bsky.app/profile/janvhs.com/post/3mnjujssgpk2p 2026-06-05 10:19:37+00:00| seen|...

CVE-2019-25740 Joomla com_jsjobs 1.2.6 Arbitrary File Deletion

Joomla comjsjobs 1.2.6 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating custom userfield parameters. Attackers can send POST requests to the job.savejob task with path traversal sequences in the field2 parameter to delete...

Argamal: Malware hidden in hentai games

In April 2026, we discovered a new malware campaign targeting players of "hentai" games. Once launched, the infected games install a previously unknown malicious implant on the user's machine. After a few days, the implant downloads and executes a Trojan, resulting in full system compromise and...

CVE-2026-35222

Improperly validated order clauses lead to a SQL injection vulnerability in comtags...

BIT-JOOMLA-2026-35222 Joomla! Core - [20260507] - Authenticated blind SQLi in com_tags

Improperly validated order clauses lead to a SQL injection vulnerability in comtags...

BIT-JOOMLA-2026-35220 Joomla! Core - [20260505] - CSRF in user activation endpoint

Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of comusers...

BIT-JOOMLA-2026-30895 Joomla! Core - [20260504] - XSS in readmore links

Lack of output escaping leads to a XSS vector in the readmore links for comcontent...

BIT-JOOMLA-2026-25901 Joomla! Core - [20260502] - XSS in com_associations

Lack of output escaping leads to a XSS vector in the multilingual associations component...

BIT-JOOMLA-2026-48898 Joomla! Core - [20260513] - Privilege escalation through com_users batch task

An improper access check allows privilege escalation through the comusers batch task...

CVE-2026-35220

Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of comusers...

CVE-2026-35222

Improperly validated order clauses lead to a SQL injection vulnerability in comtags...

EUVD-2026-31892

Improperly built filter clauses lead to a SQL injection vulnerability in the search query for comfinder...

CVE-2026-35221 Joomla! Core - [20260506] - Authenticated blind SQLi in com_finder

Improperly built filter clauses lead to a SQL injection vulnerability in the search query for comfinder...