Lucene search
+L

362 matches found

NVD
NVD
added 2026/07/07 7:16 p.m.11 views

CVE-2026-48958

An improper access check allows unauthorized users to create custom fields via webservices endpoints...

8.8CVSS0.00262EPSS
Exploits0References1
CVE
CVE
added 2026/07/07 5:32 p.m.20 views

CVE-2026-48947

Technical details (affected products, exact vulnerable component, exploit methods, and fixes) are not disclosed in the provided documents. Monitor for updates.

6.4CVSS6AI score0.00197EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/07/07 5:32 p.m.35 views

CVE-2026-48958 Joomla! Core - [20260712] - Incorrect Access Control in com_fields webservice endpoints

An improper access check allows unauthorized users to create custom fields via webservices endpoints...

6.4CVSS0.00262EPSS
Exploits0References1
CVE
CVE
added 2026/07/07 5:32 p.m.22 views

CVE-2026-48958

In Joomla! Core, the CVE-2026-48958 issue is due to improper access control in the com_fields webservice endpoints, enabling unauthorized users to create custom fields via web services. Affected versions include Joomla! 4.0.x (before 5.4.7) and 6.0.x (before 6.1.2). The underlying impact is eleva...

8.8CVSS6AI score0.00262EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/07/07 5:30 p.m.34 views

CVE-2026-48957 Joomla! Core - [20260711] - Incorrect Access Control in com_privacy webservice endpoints

An improper access check allows unauthorized users to access comprivacy datasets...

6.4CVSS0.0024EPSS
Exploits0References1
CVE
CVE
added 2026/07/07 5:30 p.m.14 views

CVE-2026-48957

CVE-2026-48957 affects Joomla! Core; the issue is an improper access control in the com_privacy webservice endpoints, enabling unauthorized users to access com_privacy datasets. Multiple sources (NVD entry and CVE records from CIRCL, CVE List, and Joomla security centre) describe the root cause a...

8.8CVSS6AI score0.0024EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/07/07 5:30 p.m.7 views

CVE-2026-48957 Joomla! Core - [20260711] - Incorrect Access Control in com_privacy webservice endpoints

An improper access check allows unauthorized users to access comprivacy datasets...

6.4CVSS6AI score0.0024EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.21 views

PT-2026-51455

Name of the Vulnerable Software and Affected Versions Actual versions prior to 26.6.0 Description Actual is a local-first personal finance tool that fails to neutralize formula-trigger characters when exporting data to CSV. The functions exportToCSV and exportQueryToCSV in...

4.2CVSS6.7AI score0.00286EPSS
Exploits0References10
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.84 views

Joomla! Webservice - Password Disclosure

An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints. id: CVE-2023-23752 info: name: Joomla! Webservice - Password Disclosure author: badboycxcc,Sascha Brendel severity: medium description: | An issue was discovered in...

7.5CVSS6.7AI score0.99827EPSS
Exploits43References5
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/06/12 12:0 a.m.10 views

[20260711] - Core - Incorrect Access Control in com_privacy webservice endpoints

An improper access check allows unauthorized users to access comprivacy datasets...

8.8CVSS6AI score0.0024EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.28 views

PT-2026-48622

Name of the Vulnerable Software and Affected Versions Spring Web Services versions 5.0.0 through 5.0.1 Spring Web Services versions 4.1.0 through 4.1.3 Spring Web Services versions 4.0.0 through 4.0.18 Spring Web Services versions 3.1.0 through 3.1.8 Description When WS-Addressing is used with...

8.6CVSS5.8AI score0.00383EPSS
Exploits0References6
OSV
OSV
added 2026/05/29 8:44 a.m.8 views

BIT-JOOMLA-2026-40384 Joomla! Core - [20260510] - Path traversal in com_media webservice endpoint

An improper validation of the search parameter of the commedia files API endpoint leads to a path traversal vulnerability...

7.5CVSS5.8AI score0.00445EPSS
Exploits0References2
OSV
OSV
added 2026/05/29 8:44 a.m.7 views

BIT-JOOMLA-2026-35223 Joomla! Core - [20260508] - Improper access check in com_config webservice endpoints

An improper access check allows unauthorized access to comconfig webservice endpoints...

9.8CVSS5.8AI score0.00348EPSS
Exploits0References2
OSV
OSV
added 2026/05/27 8:47 a.m.14 views

BIT-JOOMLA-2026-48904 Joomla! Core - [20260514] - Privilege escalation through com_users webservice endpoints

An improper access check allows privelege escalation through the comusers group editing webservice endpoint...

9.8CVSS5.8AI score0.00292EPSS
Exploits0References2
OSV
OSV
added 2026/05/26 5:16 p.m.2 views

CVE-2026-48904

An improper access check allows privelege escalation through the comusers group editing webservice endpoint...

9.8CVSS6AI score
Exploits0References1
NVD
NVD
added 2026/05/26 5:16 p.m.18 views

CVE-2026-48904

An improper access check allows privelege escalation through the comusers group editing webservice endpoint...

9.8CVSS0.00292EPSS
Exploits0References1
NVD
NVD
added 2026/05/26 5:16 p.m.17 views

CVE-2026-35223

An improper access check allows unauthorized access to comconfig webservice endpoints...

9.8CVSS0.00348EPSS
Exploits0References1
OSV
OSV
added 2026/05/26 5:16 p.m.2 views

CVE-2026-35223

An improper access check allows unauthorized access to comconfig webservice endpoints...

9.8CVSS6AI score
Exploits0References1
CVE
CVE
added 2026/05/26 4:45 p.m.27 views

CVE-2026-40384

CVE-2026-40384 affects Joomla! Core — com_media webservice endpoint. The issue is improper validation of the search parameter in the com_media files API, enabling path traversal. Documented across NVD, CVE records, and security feeds; impact described as path traversal with high confidentiality i...

7.5CVSS5.8AI score0.00445EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/26 4:43 p.m.12 views

CVE-2026-35223

An improper access check allows unauthorized access to comconfig webservice endpoints...

8.6CVSS5.8AI score0.00348EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder