Overview
Description
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution
Statistics
- 1 Post
Last activity: 3 hours ago
Overview
Description
The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
Statistics
- 1 Post
Last activity: 1 hour ago
Fediverse
📰 CISA Adds Two Actively Exploited Joomla Plugin Flaws to KEV Catalog
📢 CISA KEV UPDATE: Two Joomla plugin vulnerabilities are now listed as actively exploited. CVE-2026-48939 (iCagenda) & CVE-2026-56291 (Balbooa Forms) allow file uploads and server takeover. Patch immediately! #CISA #KEV #Joomla #Vulnerability
🌐 cyber[.]netsecops[.]io
Overview
- arraytics
- Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered)
14 Apr 2026
Published
14 Apr 2026
Updated
CVSS v3.1
MEDIUM (4.3)
EPSS
0.18%
KEV
Description
The Eventin – Events Calendar, Event Booking, Ticket & Registration (AI Powered) plugin for WordPress is vulnerable to unauthorized access of data due to a improper capability check on the get_item_permissions_check() function in all versions up to, and including, 4.1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read arbitrary order data including customer PII (name, email, phone) by iterating order IDs.
Statistics
- 1 Post
Last activity: 1 hour ago
Overview
Description
A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution.
Statistics
- 1 Post
Last activity: 1 hour ago
Fediverse
📰 CISA Adds Two Actively Exploited Joomla Plugin Flaws to KEV Catalog
📢 CISA KEV UPDATE: Two Joomla plugin vulnerabilities are now listed as actively exploited. CVE-2026-48939 (iCagenda) & CVE-2026-56291 (Balbooa Forms) allow file uploads and server takeover. Patch immediately! #CISA #KEV #Joomla #Vulnerability
🌐 cyber[.]netsecops[.]io
Overview
- ivanti
- Sentry
09 Jun 2026
Published
10 Jun 2026
Updated
CVSS v3.1
CRITICAL (9.9)
EPSS
47.19%
KEV
Description
An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access
Statistics
- 1 Post
Last activity: 3 hours ago
Overview
Description
The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.0.1 to version 2.43 fail to validate the RDATA content against the RDATA length in a DNS response when processing A6, CERT, LOC, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory.
These functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.
Statistics
- 1 Post
Last activity: 21 hours ago