Common Vulnerabilities and Exposures (CVE)

CVE-2026-15041

Jul 8, 2026 11:06:57 UTC

A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password verification function uses standard memcmp() for comparing password hashes instead of a constant-time comparison function. A remote attacker could potentially use timing m...

CVE-2026-11610

Jul 8, 2026 10:39:49 UTC

A heap buffer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base). After a successful SASL bind with integrity protection (SSF > 0), an authenticated attacker can send a specially crafted oversized LDAP UNBIN...

CVE-2026-11774

Jul 8, 2026 10:39:49 UTC

An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base). In sasl_io_start_packet(), adding sizeof(uint32_t) to a crafted SASL packet length prefix of 0xFFFFFFFC causes unsigned wraparound to zero, bypa...

CVE-2026-12378

Jul 8, 2026 10:04:03 UTC

The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin through 1.1.28 does not validate data before passing it to a PHP deserialization function, allowing unauthenticated attackers to inject arbitrary PHP objects; w...

CVE-2026-48952

Jul 8, 2026 09:56:50 UTC

Lack of escaping leads to an XSS vulnerability in the update list view of com_installer.

CVE-2026-48947

Jul 8, 2026 09:56:00 UTC

An improper access check allows privileged users to overwrite media files without editing permissions.

CVE-2026-48958

Jul 8, 2026 09:55:50 UTC

An improper access check allows unauthorized users to create custom fields via webservices endpoints.

CVE-2026-48908

Jul 8, 2026 09:55:16 UTC

A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code.

CVE-2026-48950

Jul 8, 2026 09:54:59 UTC

Lack of escaping leads to an XSS vulnerability in the file management view of com_templates.

CVE-2026-48955

Jul 8, 2026 09:54:46 UTC

An improper access check allows unauthorized users to access workflow stage and transition information.

CVE-2026-48956

Jul 8, 2026 09:54:45 UTC

An improper access check allows users to display a list of modules in the frontend.

CVE-2026-48957

Jul 8, 2026 09:53:48 UTC

An improper access check allows unauthorized users to access com_privacy datasets.

CVE-2026-48951

Jul 8, 2026 09:53:34 UTC

Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components.

CVE-2026-56290

Jul 8, 2026 09:53:18 UTC

The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.

CVE-2026-48953

Jul 8, 2026 09:53:08 UTC

Lack of escaping leads to an XSS vulnerability in the generic image output layout.