Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

234 New today
65,696 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
294
Jun 23
355
Jun 24
376
Jun 25
33
Jun 26
Critical
High
Medium
Low
Latest
CVE CVSS 6.5

Joomla Extension – getk2.com – Exposure of sensitive files via attachment copy in K2 extension for Joomla < 2.26_CVE-2026-48944

The K2 frontend article-save handler accepts an `attachment[N][existing]` POST field that is concatenated with `JPATH_SITE/` and passed to `JFile::copy()`. `JPath::clean` does NOT strip `..`, and there is no allow-list of source paths. An Author can therefore copy `configurati...

CVE-2026-48944 getk2.com K2 extension for Joomla 1.0-2.26
Read analysis

Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.5 CVE-2026-48943

Joomla Extension – getk2.com – Authenticated user property mass-assignment in K2 extension for Joomla < 2.26_CVE-2026-48943

K2 ≤ 2.24 contains a mass-assignment defect in the K2 system user plugin `plg_user_k2`. A Registered Joomla user, by including the field `K2UserFor...

getk2.com K2 extension for Joomla 1.0-2.26 CVE
MEDIUM 6.5 CVE-2026-48941

Joomla Extension – getk2.com – Unauthenticated folder delete in K2 extension for Joomla < 2.26_CVE-2026-48941

The K2 frontend `item.checkin` task accepts an unauthenticated `sigProFolder` query parameter and uses it directly to address a `JFolder::delete()`...

getk2.com K2 extension for Joomla 1.0-2.26 CVE
LOW 3.4 CVE-2026-48940

Joomla Extension – getk2.com – Stored-XSS in K2 extension for Joomla < 2.26_CVE-2026-48940

A Joomla user with K2 "create item" rights (Author tier by default) can submit an article whose `embedVideo` POST field contains a raw `` tag; K2 s...

getk2.com K2 extension for Joomla 1.0-2.26 CVE
HIGH 7.5 CVE-2026-12844

List::SomeUtils::XS versions before 0.59 for Perl have a heap buffer overflow in the pairwise function_CVE-2026-12844

List::SomeUtils::XS versions before 0.59 for Perl have a heap buffer overflow in the pairwise function. pairwise() collects the values returned by...

DROLSKY List::SomeUtils::XS CVE
HIGH 7.8 CVE-2026-54917

SeaweedFS: Path traversal in the S3 and Iceberg REST gateways allows cross-bucket access_CVE-2026-54917

SeaweedFS is a distributed storage system for object storage (S3), file systems, and Iceberg tables. Prior to 4.30, the S3 API gateway and the Iceb...

seaweedfs seaweedfs < 4.30 CVE
CRITICAL 9.3 CVE-2026-50549

Cursor Desktop sandbox escape via symlink and failed path canonicalization_CVE-2026-50549

Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default. Before a Write, t...

cursor cursor < 3.0 CVE
CRITICAL 9.3 CVE-2026-50548

Cursor Desktop sandbox escape via agent-controlled working directory_CVE-2026-50548

Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default, and the sandbox g...

cursor cursor < 3.0 CVE
HIGH 7.1 CVE-2026-4930

DPA Countermeasures weakening on Series 3 devices_CVE-2026-4930

SYMCRYPTO is the SiXG301's host side hardware engine accessed by PSA crypto library that accelerates symmetric cryptographic operations (AES encryp...

silabs.com Simplicity SDK CVE
MEDIUM 5.3 CVE-2026-28898

CVE-2026-28898_CVE-2026-28898

swift-nio-http2's HTTP/2-to-HTTP/1.1 codec did not validate pseudo-header values for control characters before placing them into the translated HTT...

Apple swift-nio-http2 CVE