7310 matches found
Joomla! Component Property - Local File Inclusion
A directory traversal vulnerability in the Real Estate Property comproperties component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1875 info: name: Joomla...
152 Chrome Wallpaper Extensions with 105K Installs Linked to Adware and Fake Traffic
Cybersecurity researchers have discovered a network of 152 Google Chrome extensions that act as new tab live wallpaper add-ons to distribute a potentially unwanted program PUP family. The cluster spans 38 separate Chrome Web Store publisher accounts and three brand backends: tabplugins.com,...
CVE-2026-5513
creationtimestamp| type| source ---|---|--- 2026-06-13 18:01:43+00:00| seen| https://bsky.app/profile/pulse-wp.com/post/3mo6tilwrx22o 2026-06-14 06:01:57+00:00| seen| https://infosec.exchange/users/offseq/statuses/116746932965862347 2026-06-14 06:02:36+00:00| seen|...
Malicious code in menu-filter-widget-web (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bed4a7ece362ef59f2b621b3f64d06e899740c8ca8d73e437145d48b960187ce package.json declares a postinstall lifecycle hook that runs callback.js on every npm install. callback.js reads os.hostname and sends it to a...
invect-xss-report
invect-xss-report Технический отчет о критической уязвимости R...
UPnPHostFileRead
Description Local arbitrary file read PoC exploit for the Wind...
CVE-2026-30895
Lack of output escaping leads to a XSS vector in the readmore links for comcontent...
CVE-2026-40384
An improper validation of the search parameter of the commedia files API endpoint leads to a path traversal vulnerability...
CVE-2026-35223
An improper access check allows unauthorized access to comconfig webservice endpoints...
CVE-2026-32685
creationtimestamp| type| source ---|---|--- 2026-06-05 09:52:49+00:00| seen| https://bsky.app/profile/janvhs.com/post/3mnjujssgpk2p 2026-06-05 09:52:49+00:00| seen| https://bsky.app/profile/janvhs.com/post/3mnjujssgpk2p 2026-06-05 10:19:37+00:00| seen|...
CVE-2019-25740 Joomla com_jsjobs 1.2.6 Arbitrary File Deletion
Joomla comjsjobs 1.2.6 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating custom userfield parameters. Attackers can send POST requests to the job.savejob task with path traversal sequences in the field2 parameter to delete...
Argamal: Malware hidden in hentai games
In April 2026, we discovered a new malware campaign targeting players of "hentai" games. Once launched, the infected games install a previously unknown malicious implant on the user's machine. After a few days, the implant downloads and executes a Trojan, resulting in full system compromise and...
CVE-2026-35222
Improperly validated order clauses lead to a SQL injection vulnerability in comtags...
BIT-JOOMLA-2026-35222 Joomla! Core - [20260507] - Authenticated blind SQLi in com_tags
Improperly validated order clauses lead to a SQL injection vulnerability in comtags...
BIT-JOOMLA-2026-35220 Joomla! Core - [20260505] - CSRF in user activation endpoint
Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of comusers...
BIT-JOOMLA-2026-30895 Joomla! Core - [20260504] - XSS in readmore links
Lack of output escaping leads to a XSS vector in the readmore links for comcontent...
BIT-JOOMLA-2026-25901 Joomla! Core - [20260502] - XSS in com_associations
Lack of output escaping leads to a XSS vector in the multilingual associations component...
BIT-JOOMLA-2026-48898 Joomla! Core - [20260513] - Privilege escalation through com_users batch task
An improper access check allows privilege escalation through the comusers batch task...
CVE-2026-35222
Improperly validated order clauses lead to a SQL injection vulnerability in comtags...
CVE-2026-35220
Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of comusers...