Vnth4Nhnt

#6297of 53,633
43.2Total CVSS
Vulnerabilities · 5
Medium
1
High
3
Critical
1
PT-2026-43288
6.9
2026-05-26
Open Source Matters · Joomla! Cms · CVE-2026-25901
**Name of the Vulnerable Software and Affected Versions** Joomla CMS (affected versions not specified) **Description** Lack of output escaping in the multilingual associations component allows for a Cross-Site Scripting (XSS) vector. XSS is a flaw where an attacker injects malicious scripts into content delivered to other users. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2026-40821
9.9
2026-05-13
Erpnext · Erpnext · CVE-2026-44442
**Name of the Vulnerable Software and Affected Versions** ERPNext versions prior to 16.9.1 **Description** Certain endpoints in this open source Enterprise Resource Planning tool fail to enforce proper authorization checks, which allows users to modify data beyond the permissions assigned to their role. **Recommendations** Update to version 16.9.1.
PT-2026-40823
8.8
2026-05-13
Frappe · Erpnext · CVE-2026-44446
**Name of the Vulnerable Software and Affected Versions** ERPNext versions prior to 15.104.3 ERPNext versions prior to 16.14.0 **Description** Certain endpoints are susceptible to SQL injection, a technique where malicious SQL statements are inserted into entry fields for execution, allowing an attacker to extract sensitive information via specially crafted requests. **Recommendations** Update to version 15.104.3. Update to version 16.14.0.
PT-2026-29502
8.8
2026-04-01
Unknown · Articles Webservice · CVE-2026-21630
Name of the Vulnerable Software and Affected Versions versions not specified Description Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint. The vulnerability exists due to a flaw in how order clauses are constructed, potentially allowing an attacker to inject malicious SQL code. The affected API endpoint is '/articles'. The vulnerability could allow an attacker to manipulate database queries through the `order` parameter. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2026-29506
8.8
2026-04-01
Joomla · Joomla! Cms · CVE-2026-23899
**Name of the Vulnerable Software and Affected Versions** versions prior to 2026-23899 **Description** An improper access check allows unauthorized access to webservice endpoints. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.