CVE-2026-7652 LatePoint <= 5.5.0 - Unauthenticated Account Takeover via Weak Password Recovery Mechanism

The LatePoint plugin for WordPress is vulnerable to Account Takeover via Weak Password Recovery Mechanism in the unauthenticated guest booking flow in versions up to, and including, 5.5.0 This is due to the saveconnectedwordpressuser function propagating a LatePoint customer's email address to it...

CVE-2026-7652

The LatePoint plugin for WordPress is vulnerable to Account Takeover via Weak Password Recovery Mechanism in the unauthenticated guest booking flow in versions up to, and including, 5.5.0 This is due to the saveconnectedwordpressuser function propagating a LatePoint customer's email address to it...

Environment Variable Exposure

github.com/knadh/listmonk is vulnerable to Environment Variable Exposure. The vulnerability is due to the use of env and expandenv template functions in Sprig, which allows non-super-admin users to capture sensitive environment variables in multi-user installations...

CVE-2019-12764

An issue was discovered in Joomla! before 3.9.7. The update server URL of comjoomlaupdate can be manipulated by non Super-Admin users...

BIT-JOOMLA-2023-23751 [20230102] - Core - Missing ACL checks for com_actionlogs

An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access comactionlogs...

CVE-2023-23751

An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access comactionlogs...

CVE-2023-23751 [20230102] - Core - Missing ACL checks for com_actionlogs

An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access comactionlogs...

PT-2023-19176 · Joomla · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla! versions 4.0.0 through 4.2.4 Description: An issue was discovered that allows non super-admin users to access com actionlogs due to a missing ACL check. Recommendations: For Joomla! versions 4.0.0 through 4.2.4, consider restricting...

CVE-2019-12764

An issue was discovered in Joomla! before 3.9.7. The update server URL of comjoomlaupdate can be manipulated by non Super-Admin users...

Code injection

An issue was discovered in Joomla! before 3.9.7. The update server URL of comjoomlaupdate can be manipulated by non Super-Admin users...

CVE-2019-12764

CVE-2019-12764 affects Joomla! prior to 3.9.7. The vulnerability is in the update server URL for component com_joomlaupdate, which can be manipulated by non Super-Admin users. Documented impact indicates potential integrity/confidentiality risk via update source redirection, but explicit exploita...

PT-2019-12931 · Joomla · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla! versions prior to 3.9.7 Description: An issue was discovered where the update server URL of com joomlaupdate can be manipulated by non Super-Admin users. Recommendations: For versions prior to 3.9.7, update to version 3.9.7 or later t...

[20190603] - Core - ACL hardening of com_joomlaupdate

The update server URL of comjoomlaupdate can be manipulated by non Super-Admin users...