Search Results (366284 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-26027 1 Joomla 1 Joomla\! 2026-02-25 5.3 Medium
An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL checks could allow unauthorized change of the category for an article.
CVE-2021-23128 1 Joomla 1 Joomla\! 2026-02-25 9.1 Critical
An issue was discovered in Joomla! 3.2.0 through 3.9.24. The core shipped but unused randval implementation within FOF (FOFEncryptRandval) used an potential insecure implemetation. That has now been replaced with a call to 'random_bytes()' and its backport that is shipped within random_compat.
CVE-2022-23794 1 Joomla 1 Joomla\! 2026-02-25 5.3 Medium
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application.
CVE-2021-26038 1 Joomla 1 Joomla\! 2026-02-25 7.5 High
An issue was discovered in Joomla! 2.5.0 through 3.9.27. Install action in com_installer lack the required hardcoded ACL checks for superusers. A default system is not affected cause the default ACL for com_installer is limited to super users already.
CVE-2022-23799 1 Joomla 1 Joomla\! 2026-02-25 9.8 Critical
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Under specific circumstances, JInput pollutes method-specific input bags with $_REQUEST data.
CVE-2021-26033 1 Joomla 1 Joomla\! 2026-02-25 6.5 Medium
An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in the AJAX reordering endpoint.
CVE-2021-23124 1 Joomla 1 Joomla\! 2026-02-25 6.1 Medium
An issue was discovered in Joomla! 3.9.0 through 3.9.23. The lack of escaping in mod_breadcrumbs aria-label attribute allows XSS attacks.
CVE-2022-27911 1 Joomla 1 Joomla\! 2026-02-25 5.3 Medium
An issue was discovered in Joomla! 4.2.0. Multiple Full Path Disclosures because of missing '_JEXEC or die check' caused by the PSR12 changes.
CVE-2022-23796 1 Joomla 1 Joomla\! 2026-02-25 6.1 Medium
An issue was discovered in Joomla! 3.7.0 through 3.10.6. Lack of input validation could allow an XSS attack using com_fields.
CVE-2021-26039 1 Joomla 1 Joomla\! 2026-02-25 6.1 Medium
An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the imagelist view of com_media leads to a XSS vulnerability.
CVE-2022-23793 1 Joomla 1 Joomla\! 2026-02-25 7.5 High
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Extracting an specifilcy crafted tar package could write files outside of the intended path.
CVE-2021-23126 1 Joomla 1 Joomla\! 2026-02-25 5.3 Medium
An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand() function within the process of generating the 2FA secret.
CVE-2021-23131 1 Joomla 1 Joomla\! 2026-02-25 7.5 High
An issue was discovered in Joomla! 3.2.0 through 3.9.24. Missing input validation within the template manager.
CVE-2021-26030 1 Joomla 1 Joomla\! 2026-02-25 6.1 Medium
An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate escaping allowed XSS attacks using the logo parameter of the default templates on error page
CVE-2025-13523 1 Mattermost 1 Confluence 2026-02-24 7.7 High
Mattermost Confluence plugin version <1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connection link that, when visited, renders the attacker's display name without proper sanitization. Mattermost Advisory ID: MMSA-2025-00557
CVE-2022-3194 1 Dokan 1 Dokan 2026-02-24 5.4 Medium
The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators.
CVE-2022-3915 1 Dokan 1 Dokan 2026-02-24 9.8 Critical
The Dokan WordPress plugin before 3.7.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users
CVE-2025-62326 1 Hcltech 1 Digital Experience 2026-02-24 6.1 Medium
HCL Digital Experience is susceptible to stored cross-site scripting (XSS) in the administrative user interface which would require elevated privileges to exploit.
CVE-2019-25364 2 Tabs Laboratories Corporation, Tabslab 2 Win10 Mailcarrier, Mailcarrier 2026-02-24 9.8 Critical
MailCarrier 2.51 contains a buffer overflow vulnerability in the POP3 USER command that allows remote attackers to execute arbitrary code. Attackers can send a crafted oversized buffer to the POP3 service, overwriting memory and potentially gaining remote system access.
CVE-2019-25326 2 Northwest Performance Software, Nwpsw 2 Ippulse, Ippulse 2026-02-24 6.2 Medium
ipPulse 1.92 contains a denial of service vulnerability that allows local attackers to crash the application by providing an oversized input in the Enter Key field. Attackers can generate a 256-byte buffer of repeated 'A' characters to trigger an application crash when pasting the malicious content.