In Joomla! Core versions 4.0.0 through 5.4.5 and 6.0.0 through 6.1.0 a high severity vulnerability CVE-2026-48901 was detected. This vulnerability may allow attackers to bypass intended security filters. This occurs because the InputFilter::getInstance() method improperly omits a security-sensitive parameter when constructing the instance cache key. As a result, an incorrectly configured filter object might be retrieved from the cache and reused in a different context, potentially leading to inadequate content filtering and subsequent security issues. To address this issue, users should upgrade Joomla! Core to version 5.4.6 or 6.1.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-48901.
Read more CMSIn Ghost versions 3.24.0 through 6.19.0 a critical severity vulnerability CVE-2026-26980 was detected. This vulnerability allows an unauthenticated attacker to perform arbitrary reads from the database. This occurs due to a SQL Injection flaw within the Content API. A public exploit for this issue is currently available. To address this issue, users should upgrade Ghost to version 6.19.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-26980.
Read more CMSIn PrivateTunnel versions prior to 3.0 and OpenVPN Connect versions prior to 3.1 on Windows a medium severity vulnerability CVE-2014-5455 was detected. This vulnerability allows a local user to gain elevated privileges. This occurs due to an unquoted Windows search path vulnerability in the ptservice service, which enables an attacker to execute arbitrary code by placing a specially crafted program.exe file in the %SYSTEMDRIVE% folder. To address this issue, users should upgrade PrivateTunnel to version 3.0 and OpenVPN Connect to version 3.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2014-5455.
Read more CMSIn Joomla! Framework versions Versions 1.0.0 through 3.0.5 and versions 4.0.0through 4.0.1 a medium severity vulnerability CVE-2026-48903 was detected. This vulnerability allows an attacker to execute arbitrary malicious scripts (Cross-Site Scripting, XSS) in the context of the victim’s browser. This occurs due to inadequate content filtering within the checkAttribute methods, which affects various components. To address this issue, users should upgrade Joomla! Framework to version 5.4.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-48903.
Read more CMSIn Joomla! Core versions 4.1.0 through 5.4.5 a medium severity vulnerability CVE-2026-48900 was detected. This vulnerability allows low-privileged users to edit the task types of existing scheduler tasks due to an improper access control check in the com_scheduler component. To address this issue, users should upgrade Joomla! Core to version 5.4.6 (or later). For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-48900.
Read more CMSIn Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier a low severity vulnerability CVE-2026-34685 was detected. This vulnerability allows a high-privileged attacker to bypass security measures and gain unauthorized write access (potentially leading to arbitrary file system writes). This occurs due to improper input validation. Exploitation of this issue requires user interaction, meaning a victim must visit a maliciously crafted URL or interact with a compromised web page. To address this issue, users should upgrade Adobe Commerce to version 2.4.9 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-34685.
Read more E-commerceIn Joomla! versions before 3.8.2 a high severity vulnerability CVE-2017-16634 was detected. This vulnerability allows third parties to bypass a user’s two-factor authentication (2FA) method, potentially leading to unauthorized account access. To address this issue, users should upgrade Joomla! to version 3.8.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2017-16634.
Read more CMSIn Dolibarr ERP/CRM version 6.0.0 a medium severity vulnerability CVE-2017-14240 was detected. This vulnerability allows attackers to access sensitive information due to a flaw in the document.php file via the file parameter. To address this issue, users should upgrade Dolibarr ERP/CRM to version 6.0.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2017-14240.
Read more ERPIn Dolibarr ERP/CRM versions before 5.0.3 a high severity vulnerability CVE-2017-9435 was detected. This vulnerability allows attackers to execute arbitrary SQL commands due to a SQL injection flaw in the search_supervisor and search_statut parameters within the user/index.php file. To address this issue, users should upgrade Dolibarr ERP/CRM to version 5.0.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2017-9435.
Read more ERP