In Joomla versions before 6.6.2 a critical severity vulnerability CVE-2026-48908 was detected. This vulnerability allows unauthenticated users to upload arbitrary files, resulting in the upload and execution of PHP code. To address this issue, users should upgrade Joomla to version 6.6.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-48908.
Read more CMSIn Joomla versions 3.2.1 through 3.9.14, versions 4.0.0 through 4.0.7 a critical severity vulnerability CVE-2026-48939 was detected. This vulnerability allows attackers to upload arbitrary files via the iCagenda file attachment feature, enabling PHP code upload and remote code execution. To address this issue, users should upgrade Joomla to version 3.9.15 and 4.0.8 (or later). For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-48939.
Read more CMSIn WordPress versions 1.21.16 a high severity vulnerability CVE-2020-37255 was detected. This vulnerability allows unauthenticated attackers to obtain valid administrator session cookies and access the WordPress dashboard without credentials. To address this issue, users should upgrade plugin to version beyond 1.2.4.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2020-37255.
Read more CMSIn OpenVPN versions 2.6.0 to 2.6.6 a critical severity vulnerability CVE-2023-46850 was detected. This vulnerability allows a remote attacker to cause undefined behavior, leak memory buffers, or potentially achieve Remote Code Execution (RCE). This occurs due to a Use-After-Free (UAF) flaw that is triggered when sending network buffers to a remote peer. To address this issue, users should upgrade OpenVPN to a patched version 2.6.8 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-46850.
Read more CMSIn WooCommerce version 7.1.0 a critical severity vulnerability CVE-2022-50972 was detected. This vulnerability allows an attacker to execute arbitrary PHP code and write malicious PHP files directly to the web root. This occurs due to improper sanitization of the product-type parameter within the class-wc-meta-box-product-images.php endpoint, which permits the injection of shell commands. To address this issue, users should upgrade WooCommerce to a patched version 7.1.1 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2022-50972.
In OpenVPN versions 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 a medium severity vulnerability CVE-2026-40215 was detected. This vulnerability allows remote attackers to potentially cause a server crash (Denial of Service) or leak sensitive heap memory. This occurs due to a race condition triggered during TLS session promotion, which leads to a use-after-free vulnerability. To address this issue, users should upgrade OpenVPN to a patched version 2.6.20 or 2.7.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-40215.
Read more CMSIn Umbraco CMS versions 14.0.0 to before 17.4.0 a medium severity vulnerability CVE-2026-46609 was detected. This vulnerability allows an authenticated attacker to inject arbitrary HTML or execute malicious JavaScript in the context of another user’s browser (Stored XSS / HTML Injection). This occurs because the Umbraco Backoffice confirmation dialog fails to properly apply output encoding to user-supplied data from an input field before rendering it. If an attacker injects a malicious payload, it will be executed or displayed when an administrator or another user triggers the affected confirmation dialog. To address this issue, users should upgrade Umbraco CMS to version 17.4.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-46609.
Read more CMSIn OpenVPN versions 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 a medium severity vulnerability CVE-2026-35058 was detected. This vulnerability allows an authenticated attacker to cause a Denial of Service (DoS) by crashing the application. This occurs due to improper validation of packet length during the tls-crypt-v2 key extraction process. By sending a specially crafted packet, an attacker can trigger a fatal assertion, which leads to the termination of the service. To address this issue, users should upgrade OpenVPN to a patched version 2.6.20 and 2.7.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-35058.
Read more CMSIn Joomla! Core versions 3.9.0 up to and including 5.4.5 and 6.0.0 up to and including 6.1.0 a critical severity vulnerability CVE-2026-48902 was detected. This vulnerability may allow network attackers to intercept sensitive account recovery tokens. This occurs because the password and username reset features improperly generate plain HTTP links, even for HTTPS connections, if the “Force SSL” configuration flag is not explicitly enabled. As a result, the reset links are transmitted without transport encryption, potentially leading to unauthorized account access. To address this issue, users should upgrade Joomla! Core to version 5.4.6 or 6.1.1 (or later) or explicitly enable the “Force SSL” setting. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-48902.
Read more CMS