Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Google Structured Data

Source -

CNA

CNA CVEs -

2

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
2Vulnerabilities found
CVE-2026-48906
Assigner-Joomla! Project
ShareView Details
Assigner-Joomla! Project
CVSS Score-9.3||CRITICAL
EPSS-0.05% / 16.43%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 09:11
Updated-05 Jun, 2026 | 07:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Extension - tassos.gr - Arbitrary File Deletion in Novarain/Tassos Framework < 6.1.0 for Joomla

The vulnerability in the Tassos Framework Plugin allows users to delete arbitrary files on the affected sites.

Action-Not Available
Vendor-tassostassos.gr
Product-advanced_custom_fieldsengageboxsmile_packmailchimp_auto-subscribetassos_frameworkconvert_formsgoogle_structured_datatassos_code_snippetsAdvanced Custom FieldsMailChimp Auto-SubscribeGoogle Structured DataSmile PackEngageBoxNovarain/Tassos Framework (plg_system_nrframework)Convert FormsTassos Code Snippets
CWE ID-CWE-284
Improper Access Control
CVE-2026-21627
Assigner-Joomla! Project
ShareView Details
Assigner-Joomla! Project
CVSS Score-9.5||CRITICAL
EPSS-0.02% / 5.04%
||
7 Day CHG~0.00%
Published-20 Feb, 2026 | 14:22
Updated-23 Feb, 2026 | 05:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Extension - tassos.gr - SQL injection and Unauthenticated File Read in Novarain/Tassos Framework v4.10.14 – v6.0.37 for Joomla

The vulnerability was rooted in how the Tassos Framework plugin handled specific AJAX requests through Joomla’s com_ajax entry point. Under certain conditions, internal framework functionality could be invoked without proper restriction.

Action-Not Available
Vendor-tassos.gr
Product-Smile PackAdvanced Custom FieldsConvert FormsGoogle Structured DataEngageBoxNovarain/Tassos Framework (plg_system_nrframework)
CWE ID-CWE-284
Improper Access Control