CVE-2019-10946 (joomla!)

An issue was discovered in Joomla! before 3.9.5. The “refresh list of helpsites” endpoint of com_users lacks access checks, allowing calls from unauthenticated users.
Source: NIST
CVE-2019-10946 (joomla!)