6.3
CVE-2026-21629 - Joomla! Core - [20260301] - ACL hardening in com_ajax
The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers.
8.6
CVE-2026-23899 - Joomla! Core - [20260306] - Improper access check in webservice endpoints
An improper access check allows unauthorized access to webservice endpoints.
5.9
CVE-2026-21631 - Joomla! Core - [20260303] - XSS vector in com_associations comparison view
Lack of output escaping leads to a XSS vector in the multilingual associations component.
5.9
CVE-2026-21632 - Joomla! Core - [20260304] - XSS vectors in various article title outputs
Lack of output escaping for article titles leads to XSS vectors in various locations.
6.5
CVE-2026-34889 - WordPress Ultimate Addons for WPBakery Page Builder plugin < 3.21.4 - Cross Site Scripting (XSS) vuβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder allows DOM-Based XSS.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a before 3.21.4.
6.9
CVE-2026-5261 - Shandong Hoteam InforCenter PLM BaseHandler.ashx uploadFileToIIS unrestricted upload
A vulnerability was identified in Shandong Hoteam InforCenter PLM up to 8.3.8. The impacted element is the function uploadFileToIIS of the file /Base/BaseHandler.ashx. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit is β¦
10
CVE-2026-4370 - Improper TLS Client/Server authentication and certificate verification on Database Cluster
A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from version 4.0 until 4.0.4, where the internal Dqlite database cluster fails to perform proper TLS client and server authentication. Specifically, the Juju controller's database endpoint does not validate client certificatβ¦
4.4
CVE-2026-28265 -
PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files.
5.3
CVE-2026-5259 - AutohomeCorp frostmourne Alarm Preview AlarmController.java server-side request forgery
A vulnerability was determined in AutohomeCorp frostmourne up to 1.0. The affected element is an unknown function of the file frostmourne-monitor/src/main/java/com/autohome/frostmourne/monitor/controller/AlarmController.java of the component Alarm Preview. Executing a manipulation can lead to serveβ¦
4.7
CVE-2026-27101 - Secure Connect Gateway Path Traversal Allowing Remote Execution by Privileged Attacker
Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application version(s) 5.28.00.xx to 5.32.00.xx, contain(s) an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker within the management network could potentially exploit this vuβ¦