7328 matches found
Joomla! Component Property - Local File Inclusion
A directory traversal vulnerability in the Real Estate Property comproperties component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1875 info: name: Joomla...
CVE-2026-55780
NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's .NET single-file bundle handler in NanaZip.Codecs.Archive.DotNetSingleFile.cpp sizes its extraction buffer from the bundle entry Size field, which is only checked for sign and is not validat...
CVE-2026-48957
An improper access check allows unauthorized users to access comprivacy datasets...
CVE-2026-48950
Lack of escaping leads to an XSS vulnerability in the file management view of comtemplates...
EUVD-2026-42070
Lack of escaping leads to an XSS vulnerability in the update list view of cominstaller...
CVE-2026-48952 Joomla! Core - [20260706] - XSS in com_installer
Lack of escaping leads to an XSS vulnerability in the update list view of cominstaller...
CVE-2026-48952
CVE-2026-48952 affects Joomla core, specifically the com_installer update list view. Root cause is lack of escaping, resulting in an XSS vulnerability. CVSS 4.0 base score 8.4 ( HIGH ) with network attack vector, low attack complexity, high impact to confidentiality and integrity, and low impact ...
CVE-2026-48947 Joomla! Core - [20260701] - Incorrect Access Control in com_media webservice endpoints
An improper access check allows privileged users to overwrite media files without editing permissions...
CVE-2026-48950 Joomla! Core - [20260704] - XSS in com_templates
Lack of escaping leads to an XSS vulnerability in the file management view of comtemplates...
CVE-2026-48956 Joomla! Core - [20260710] - Incorrect Access Control in com_modules
An improper access check allows users to display a list of modules in the frontend...
CVE-2026-48957 Joomla! Core - [20260711] - Incorrect Access Control in com_privacy webservice endpoints
An improper access check allows unauthorized users to access comprivacy datasets...
EUVD-2026-42064
An improper access check allows unauthorized users to access comprivacy datasets...
CVE-2026-48957
CVE-2026-48957 affects Joomla! Core; the issue is an improper access control in the com_privacy webservice endpoints, enabling unauthorized users to access com_privacy datasets. Multiple sources (NVD entry and CVE records from CIRCL, CVE List, and Joomla security centre) describe the root cause a...
PT-2026-52512
Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.33.4 pnpm versions prior to 11.0.7 Description A flaw exists where the package manager does not store the hash of dependencies sourced from codeload.github.com in the lockfile. Consequently, a compromised server or...
Important: Red Hat Security Advisory: Cost Management Metrics Operator Update
Cost Management Metrics Operator version 4.4.1 release. The Cost Management Metrics Operator is a component of the Red Hat Cost Managment service for Openshift. The operator runs on the latest supported versions of Openshift. This operator obtains OpenShift usage data by querying Prometheus every...
152 Chrome Wallpaper Extensions with 105K Installs Linked to Adware and Fake Traffic
Cybersecurity researchers have discovered a network of 152 Google Chrome extensions that act as new tab live wallpaper add-ons to distribute a potentially unwanted program PUP family. The cluster spans 38 separate Chrome Web Store publisher accounts and three brand backends: tabplugins.com,...
CVE-2026-5513
creationtimestamp| type| source ---|---|--- 2026-06-13 18:01:43+00:00| seen| https://bsky.app/profile/pulse-wp.com/post/3mo6tilwrx22o 2026-06-14 06:01:57+00:00| seen| https://infosec.exchange/users/offseq/statuses/116746932965862347 2026-06-14 06:02:36+00:00| seen|...
[20260711] - Core - Incorrect Access Control in com_privacy webservice endpoints
An improper access check allows unauthorized users to access comprivacy datasets...
Malicious code in menu-filter-widget-web (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bed4a7ece362ef59f2b621b3f64d06e899740c8ca8d73e437145d48b960187ce package.json declares a postinstall lifecycle hook that runs callback.js on every npm install. callback.js reads os.hostname and sends it to a...
invect-xss-report
invect-xss-report Технический отчет о критической уязвимости R...