Christos Papakonstantinou

#6612of 53,633
41.1Total CVSS
Vulnerabilities · 5
Medium
2
High
1
Critical
2
PT-2026-43314
8.2
2026-05-26
Joomla · Joomla! Cms · CVE-2026-48896
**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined (affected versions not specified) **Description** Insufficient state checks create a vector that allows the bypass of two-factor authentication (2FA) checks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2026-43316
9.8
2026-05-26
Joomla · Joomla! Cms · CVE-2026-48898
**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined (affected versions not specified) **Description** An improper access check allows privilege escalation through the `com users` batch task. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2026-43322
9.8
2026-05-26
Com Users · Com Users · CVE-2026-48904
**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined (affected versions not specified) **Description** An improper access check allows privilege escalation through the 'com users group editing webservice' endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2026-43024
6.8
2026-05-25
Rust · Cargo · CVE-2026-5222
**Name of the Vulnerable Software and Affected Versions** Cargo versions 1.68 through 1.95 **Description** Cargo incorrectly normalized URLs of third-party registries using the sparse index protocol. In scenarios where a hosting provider allows multiple registries to be hosted with arbitrary names within the same domain, an attacker capable of publishing crates in a registry could obtain the credentials of other users of that same registry. **Recommendations** Update to version 1.96.
PT-2026-43025
6.5
2026-05-25
Rust · Cargo · CVE-2026-5223
**Name of the Vulnerable Software and Affected Versions** Cargo versions prior to 1.96.0 **Description** Cargo incorrectly handled symbolic links (symlinks)—which are files that point to another file or directory—inside crate tarballs downloaded from third-party registries. This allows a malicious crate to override the source code of another crate originating from the same registry. **Recommendations** Update to version 1.96.0.