Joomla! Webservice - Password Disclosure

An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints. id: CVE-2023-23752 info: name: Joomla! Webservice - Password Disclosure author: badboycxcc,Sascha Brendel severity: medium description: | An issue was discovered in...

CVE-2026-48900

An improper access check allowed low privileged users to edit the task types of existing scheduler tasks...

CVE-2026-41649

Outline is a service that allows for collaborative documentation. The shares.create API endpoint starting in version 0.86.0 and prior to version 1.7.0 has an insecure direct object reference.. When both collectionId and documentId are provided in the request, the authorization logic only checks...

CVE-2026-48898

An improper access check allows privilege escalation through the comusers batch task...

CVE-2026-35223

An improper access check allows unauthorized access to comconfig webservice endpoints...

CVE-2026-45155

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.7 and 33.0.0 to before 33.0.1, a missing access check on API level allowed to add unknown circles by their ID directly to other circles. Since circle IDs have 62^15 complexity by...

CVE-2026-45155

Nextcloud Server is affected by CVE-2026-45155 due to a missing API-level access check that allows adding unknown circle IDs to other circles. Affected versions are 32.0.0–32.0.6 and 33.0.0–33.0.0 (i.e., before 32.0.7 and before 33.0.1). The underlying issue could enable unauthorized membership t...

CVE-2026-45155 Nextcloud: Private circle can be added to another circle via API

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.7 and 33.0.0 to before 33.0.1, a missing access check on API level allowed to add unknown circles by their ID directly to other circles. Since circle IDs have 62^15 complexity by...

PT-2026-45538

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.12, and 32.0.0 to before 32.0.3, a missing check of a relation allowed authenticated users with access to any file comment, to read the content of all comments. It is recommended th...

CVE-2026-1933

A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-onl...

BIT-JOOMLA-2026-48898 Joomla! Core - [20260513] - Privilege escalation through com_users batch task

An improper access check allows privilege escalation through the comusers batch task...

Linux Distros Unpatched Vulnerability : CVE-2026-46054

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - selinux: fix overlayfs mmap and mprotect access checks The existing SELinux security model for overlayfs is to allow access if the current task is able to acces...

CVE-2026-48899

An improper access check allows privilege escalation through the comusers batch task...

CVE-2026-35223

An improper access check allows unauthorized access to comconfig webservice endpoints...

EUVD-2026-31880

An improper access check allows privilege escalation through the comusers batch task...

CVE-2026-48899

An improper access check allows privilege escalation through the comusers batch task...

EUVD-2026-31879

An improper access check allowed low privileged users to edit the task types of existing scheduler tasks...

EUVD-2026-31877

An improper access check allows unauthorized access to comconfig webservice endpoints...

CVE-2026-35223 Joomla! Core - [20260508] - Improper access check in com_config webservice endpoints

An improper access check allows unauthorized access to comconfig webservice endpoints...

CVE-2026-35223 Joomla! Core - [20260508] - Improper access check in com_config webservice endpoints

An improper access check allows unauthorized access to comconfig webservice endpoints...