Lucene search
K

7328 matches found

Nuclei
Nuclei
added 9 hours ago49 views

Joomla! Component Property - Local File Inclusion

A directory traversal vulnerability in the Real Estate Property comproperties component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1875 info: name: Joomla...

7.5CVSS6.2AI score0.15722EPSS
Exploits1References5
NVD
NVD
added 4 days ago5 views

CVE-2026-55780

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's .NET single-file bundle handler in NanaZip.Codecs.Archive.DotNetSingleFile.cpp sizes its extraction buffer from the bundle entry Size field, which is only checked for sign and is not validat...

2.4CVSS0.00112EPSS
Exploits0References3
NVD
NVD
added last week11 views

CVE-2026-48957

An improper access check allows unauthorized users to access comprivacy datasets...

8.8CVSS0.0024EPSS
Exploits0References1
NVD
NVD
added last week8 views

CVE-2026-48950

Lack of escaping leads to an XSS vulnerability in the file management view of comtemplates...

8.4CVSS0.00147EPSS
Exploits0References1
EUVD
EUVD
added last week7 views

EUVD-2026-42070

Lack of escaping leads to an XSS vulnerability in the update list view of cominstaller...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week9 views

CVE-2026-48952 Joomla! Core - [20260706] - XSS in com_installer

Lack of escaping leads to an XSS vulnerability in the update list view of cominstaller...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1
CVE
CVE
added last week10 views

CVE-2026-48952

CVE-2026-48952 affects Joomla core, specifically the com_installer update list view. Root cause is lack of escaping, resulting in an XSS vulnerability. CVSS 4.0 base score 8.4 ( HIGH ) with network attack vector, low attack complexity, high impact to confidentiality and integrity, and low impact ...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added last week6 views

CVE-2026-48947 Joomla! Core - [20260701] - Incorrect Access Control in com_media webservice endpoints

An improper access check allows privileged users to overwrite media files without editing permissions...

6.4CVSS6AI score0.00197EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week6 views

CVE-2026-48950 Joomla! Core - [20260704] - XSS in com_templates

Lack of escaping leads to an XSS vulnerability in the file management view of comtemplates...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week7 views

CVE-2026-48956 Joomla! Core - [20260710] - Incorrect Access Control in com_modules

An improper access check allows users to display a list of modules in the frontend...

6.4CVSS6AI score0.00168EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week7 views

CVE-2026-48957 Joomla! Core - [20260711] - Incorrect Access Control in com_privacy webservice endpoints

An improper access check allows unauthorized users to access comprivacy datasets...

6.4CVSS6AI score0.0024EPSS
Exploits0References1
EUVD
EUVD
added last week6 views

EUVD-2026-42064

An improper access check allows unauthorized users to access comprivacy datasets...

6.4CVSS6AI score0.0024EPSS
Exploits0References1
CVE
CVE
added last week13 views

CVE-2026-48957

CVE-2026-48957 affects Joomla! Core; the issue is an improper access control in the com_privacy webservice endpoints, enabling unauthorized users to access com_privacy datasets. Multiple sources (NVD entry and CVE records from CIRCL, CVE List, and Joomla security centre) describe the root cause a...

8.8CVSS6AI score0.0024EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52512

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.33.4 pnpm versions prior to 11.0.7 Description A flaw exists where the package manager does not store the hash of dependencies sourced from codeload.github.com in the lockfile. Consequently, a compromised server or...

7.5CVSS5.9AI score0.00116EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2026/06/22 3:31 p.m.9 views

Important: Red Hat Security Advisory: Cost Management Metrics Operator Update

Cost Management Metrics Operator version 4.4.1 release. The Cost Management Metrics Operator is a component of the Red Hat Cost Managment service for Openshift. The operator runs on the latest supported versions of Openshift. This operator obtains OpenShift usage data by querying Prometheus every...

7.5CVSS6.1AI score0.0116EPSS
Exploits4References10
The Hacker News
The Hacker News
added 2026/06/15 11:7 a.m.27 views

152 Chrome Wallpaper Extensions with 105K Installs Linked to Adware and Fake Traffic

Cybersecurity researchers have discovered a network of 152 Google Chrome extensions that act as new tab live wallpaper add-ons to distribute a potentially unwanted program PUP family. The cluster spans 38 separate Chrome Web Store publisher accounts and three brand backends: tabplugins.com,...

5.5AI score
Exploits0
Circl
Circl
added 2026/06/13 6:1 p.m.20 views

CVE-2026-5513

creationtimestamp| type| source ---|---|--- 2026-06-13 18:01:43+00:00| seen| https://bsky.app/profile/pulse-wp.com/post/3mo6tilwrx22o 2026-06-14 06:01:57+00:00| seen| https://infosec.exchange/users/offseq/statuses/116746932965862347 2026-06-14 06:02:36+00:00| seen|...

7.2CVSS6.1AI score0.00312EPSS
Exploits1References9
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/06/12 12:0 a.m.9 views

[20260711] - Core - Incorrect Access Control in com_privacy webservice endpoints

An improper access check allows unauthorized users to access comprivacy datasets...

8.8CVSS6AI score0.0024EPSS
Exploits0Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 8:43 p.m.15 views

Malicious code in menu-filter-widget-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bed4a7ece362ef59f2b621b3f64d06e899740c8ca8d73e437145d48b960187ce package.json declares a postinstall lifecycle hook that runs callback.js on every npm install. callback.js reads os.hostname and sends it to a...

5.5AI score
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/08 10:6 a.m.69 views

invect-xss-report

invect-xss-report Технический отчет о критической уязвимости R...

5.4AI score
Exploits0
Rows per page
Query Builder