Algernon is a small self-contained pure-Go web server. Prior to 1.17.6, in engine/luahandler.go, the sync.RWMutex protecting LoadCommonFunctions is released before L.Push() and L.PCall() execute. Since gopher-lua’s LState is explicitly not goroutine-safe, concurrent requests race...
An improper validation of user-supplied input leads to a local file inclusion vulnerability. More information : https://developer.joomla.org/security-centre/1041-20260509-core-lfi-in-htmlview-layout-parameter.html
An improper validation of the search parameter of the com_media files API endpoint leads to a path traversal vulnerability. More information : https://developer.joomla.org/security-centre/1042-20260510-core-path-traversal-in-com-media-webservice-endpoint.html
An improper access check allows unauthorized access to com_config webservice endpoints. More information : https://developer.joomla.org/security-centre/1040-20260508-core-improper-access-check-in-com-config-webservice-endpoints.html
Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of com_users. More information : https://developer.joomla.org/security-centre/1037-20260505-core-csrf-in-user-activation-endpoint
Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder. More information : https://developer.joomla.org/security-centre/1038-20260506-core-authenticated-blind-sqli-in-com-finder.html
Improperly validated order clauses lead to a SQL injection vulnerability in com_tags. More information : https://developer.joomla.org/security-centre/1039-20260507-core-authenticated-blind-sqli-in-com-tags.html
Lack of output escaping leads to a XSS vector in the readmore links for com_content. More information : https://developer.joomla.org/security-centre/1036-20260504-core-xss-in-readmore-links
NVIDIA Isaac Launchable for Linux contains a vulnerability where sensitive information is transmitted in clear text. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data...
Lack of output escaping leads to a XSS vector in the feed modules. More information : https://developer.joomla.org/security-centre/1033-20260501-core-xss-in-feed-modules.html
Lack of output escaping leads to a XSS vector in the multilingual associations component. More information : https://developer.joomla.org/security-centre/1034-20260502-core-xss-in-com-associations.html
A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allowed remote attackers to perform Server-Side Request Forgery (SSRF) and exfiltrate service account access tokens. For successful exploitation, an administrator must initially establish an insecure configuration of...
Lack of output escaping leads to a XSS vector in the content history component. More information : https://developer.joomla.org/security-centre/1035-20260503-core-xss-in-com-contenthistory
NVIDIA Transformers4Rec for Linux contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure. More...