6.3
CVE-2026-21629 - Joomla! Core - [20260301] - ACL hardening in com_ajax
The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers.
8.6
CVE-2026-23899 - Joomla! Core - [20260306] - Improper access check in webservice endpoints
An improper access check allows unauthorized access to webservice endpoints.
5.9
CVE-2026-21631 - Joomla! Core - [20260303] - XSS vector in com_associations comparison view
Lack of output escaping leads to a XSS vector in the multilingual associations component.
5.9
CVE-2026-21632 - Joomla! Core - [20260304] - XSS vectors in various article title outputs
Lack of output escaping for article titles leads to XSS vectors in various locations.
6.5
CVE-2026-34889 - WordPress Ultimate Addons for WPBakery Page Builder plugin < 3.21.4 - Cross Site Scripting (XSS) vuβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder allows DOM-Based XSS.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a before 3.21.4.
0.0
CVE-2026-23411 - apparmor: fix race between freeing data and fs accessing it
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix race between freeing data and fs accessing it AppArmor was putting the reference to i_private data on its end after removing the original entry from the file system. However the inode can aand does live beyond that β¦
0.0
CVE-2026-23410 - apparmor: fix race on rawdata dereference
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix race on rawdata dereference There is a race condition that leads to a use-after-free situation: because the rawdata inodes are not refcounted, an attacker can start open()ing one of the rawdata files, and at the samβ¦
0.0
CVE-2026-23409 - apparmor: fix differential encoding verification
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix differential encoding verification Differential encoding allows loops to be created if it is abused. To prevent this the unpack should verify that a diff-encode chain terminates. Unfortunately the differential encoβ¦
0.0
CVE-2026-23408 - apparmor: Fix double free of ns_name in aa_replace_profiles()
In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix double free of ns_name in aa_replace_profiles() if ns_name is NULL after 1071 error = aa_unpack(udata, &lh, &ns_name); and if ent->ns_name contains an ns_name in 1089 } else if (ent->ns_nameβ¦
0.0
CVE-2026-23407 - apparmor: fix missing bounds check on DEFAULT table in verify_dfa()
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix missing bounds check on DEFAULT table in verify_dfa() The verify_dfa() function only checks DEFAULT_TABLE bounds when the state is not differentially encoded. When the verification loop traverses the differential eβ¦