The password and username reset features created plain http links for https connections if the “Force SSL” flag wasn’t explicitly set. More information : https://developer.joomla.org/security-centre/1050-20260518-core-transport-encryption-downgrade-for-password-and-username-reset-links.html
A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker can provide a specially crafted `.solv`...
Insufficient state checks lead to a vector that allows to bypass 2FA checks. More information : https://developer.joomla.org/security-centre/1043-20260511-core-mfa-authentication-bypass.html
Insufficient state checks lead to a vector that allows to bypass 2FA checks. More information : https://developer.joomla.org/security-centre/1044-20260512-core-mfa-authentication-bypass.html
An improper access check allows privilege escalation through the com_users batch task. More information : https://developer.joomla.org/security-centre/1045-20260513-core-privilege-escalation-through-com-users-batch-task.html
An improper access check allows privilege escalation through the com_users batch task. More information : https://developer.joomla.org/security-centre/1047-20260515-core-incorrect-access-control-in-sample-data-plugins.html
An improper access check allowed low privileged users to edit the task types of existing scheduler tasks. More information : https://developer.joomla.org/security-centre/1048-20260516-core-incorrect-access-control-in-com-scheduler.html
Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, Bugsink resolved sourcemaps and debug files by debug ID without scoping that lookup to the project that owned the uploaded metadata. An authenticated user...
Algernon is a small self-contained pure-Go web server. Prior to 1.17.8, when algernon is started with –domain (or –letsencrypt, which silently turns on –domain at engine/flags.go:372), the request handler resolves the served directory by...
FastNetMon Community Edition through 1.2.9 contains an integer overflow vulnerability in the packet capture buffer allocation. In src/packet_storage.hpp, the allocate_buffer() function computes memory_size_in_bytes as ‘buffer_size_in_packets * (max_captured_packet_size + sizeof(fastnetmon_pcap_pkthdr_t)) + sizeof(fastnetmon_pcap_file_header_t)’ using unsigned int...
FastNetMon Community Edition through 1.2.9 contains an integer overflow in the BGP AS_PATH attribute encoder. In src/bgp_protocol.hpp, the IPv4UnicastAnnounce::get_attributes() function computes attribute_length as ‘sizeof(bgp_as_path_segment_element_t) + this->as_path_asns.size() * sizeof(uint32_t)’ and stores it in a uint8_t...
FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp. The statistics file path defaults to ‘/tmp/fastnetmon.dat’ (src/fastnetmon.cpp line 159). The print_screen_contents_into_file() function (src/fastnetmon_logic.cpp line 2186)...
FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The execute_web_request_secure() function in src/fast_library.cpp creates a boost::asio::ssl::context with tls_client mode and calls set_default_verify_paths() to load CA certificates, but never...
Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, Bugsink issue event pages accept a direct event identifier from the URL and, in affected versions, look up that event without also requiring it...