362 matches found
CVE-2026-48958
An improper access check allows unauthorized users to create custom fields via webservices endpoints...
CVE-2026-48947
Technical details (affected products, exact vulnerable component, exploit methods, and fixes) are not disclosed in the provided documents. Monitor for updates.
CVE-2026-48958 Joomla! Core - [20260712] - Incorrect Access Control in com_fields webservice endpoints
An improper access check allows unauthorized users to create custom fields via webservices endpoints...
CVE-2026-48958
In Joomla! Core, the CVE-2026-48958 issue is due to improper access control in the com_fields webservice endpoints, enabling unauthorized users to create custom fields via web services. Affected versions include Joomla! 4.0.x (before 5.4.7) and 6.0.x (before 6.1.2). The underlying impact is eleva...
CVE-2026-48957 Joomla! Core - [20260711] - Incorrect Access Control in com_privacy webservice endpoints
An improper access check allows unauthorized users to access comprivacy datasets...
CVE-2026-48957
CVE-2026-48957 affects Joomla! Core; the issue is an improper access control in the com_privacy webservice endpoints, enabling unauthorized users to access com_privacy datasets. Multiple sources (NVD entry and CVE records from CIRCL, CVE List, and Joomla security centre) describe the root cause a...
CVE-2026-48957 Joomla! Core - [20260711] - Incorrect Access Control in com_privacy webservice endpoints
An improper access check allows unauthorized users to access comprivacy datasets...
PT-2026-51455
Name of the Vulnerable Software and Affected Versions Actual versions prior to 26.6.0 Description Actual is a local-first personal finance tool that fails to neutralize formula-trigger characters when exporting data to CSV. The functions exportToCSV and exportQueryToCSV in...
Joomla! Webservice - Password Disclosure
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints. id: CVE-2023-23752 info: name: Joomla! Webservice - Password Disclosure author: badboycxcc,Sascha Brendel severity: medium description: | An issue was discovered in...
[20260711] - Core - Incorrect Access Control in com_privacy webservice endpoints
An improper access check allows unauthorized users to access comprivacy datasets...
PT-2026-48622
Name of the Vulnerable Software and Affected Versions Spring Web Services versions 5.0.0 through 5.0.1 Spring Web Services versions 4.1.0 through 4.1.3 Spring Web Services versions 4.0.0 through 4.0.18 Spring Web Services versions 3.1.0 through 3.1.8 Description When WS-Addressing is used with...
BIT-JOOMLA-2026-40384 Joomla! Core - [20260510] - Path traversal in com_media webservice endpoint
An improper validation of the search parameter of the commedia files API endpoint leads to a path traversal vulnerability...
BIT-JOOMLA-2026-35223 Joomla! Core - [20260508] - Improper access check in com_config webservice endpoints
An improper access check allows unauthorized access to comconfig webservice endpoints...
BIT-JOOMLA-2026-48904 Joomla! Core - [20260514] - Privilege escalation through com_users webservice endpoints
An improper access check allows privelege escalation through the comusers group editing webservice endpoint...
CVE-2026-48904
An improper access check allows privelege escalation through the comusers group editing webservice endpoint...
CVE-2026-48904
An improper access check allows privelege escalation through the comusers group editing webservice endpoint...
CVE-2026-35223
An improper access check allows unauthorized access to comconfig webservice endpoints...
CVE-2026-35223
An improper access check allows unauthorized access to comconfig webservice endpoints...
CVE-2026-40384
CVE-2026-40384 affects Joomla! Core — com_media webservice endpoint. The issue is improper validation of the search parameter in the com_media files API, enabling path traversal. Documented across NVD, CVE records, and security feeds; impact described as path traversal with high confidentiality i...
CVE-2026-35223
An improper access check allows unauthorized access to comconfig webservice endpoints...