CVEリスト - 高リスク・悪用確認済み脆弱性

NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。

Assigner(CNA/発行元):[email protected] この条件を外す

CVSS スコア
表示中 120 / 255
«« 先頭 « 前へ 1 / 13 次へ »
CVE 説明 CVSS 最大値 EPSS(%) 公開 更新
CVE-2025-22212 A SQL injection vulnerability in the Convert Forms component versions 1.0.0-1.0.0 - 4.4.9 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the submission management area in backend. 2.7 0.30% 2025-03-05 2026-06-17
CVE-2026-48940 A Joomla user with K2 "create item" rights (Author tier by default) can submit an article whose `embedVideo` POST field contains a raw `<script>` tag; K2 stores it verbatim and renders it unescaped to any visitor of the article page. 3.4 0.17% 2026-06-25 2026-06-28
CVE-2025-22211 A SQL injection vulnerability in the JoomShopping component versions 1.0.0-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the country management area in backend. 3.4 0.34% 2025-02-25 2026-06-17
CVE-2025-25228 A SQL injection in VirtueMart component 1.0.0 - 4.4.7 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the product management area in backend. 3.8 0.21% 2025-04-21 2026-06-17
CVE-2024-21723 Inadequate parsing of URLs could result into an open redirect. 4.3 0.54% 2024-02-28 2026-06-17
CVE-2023-39973 Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. It allows the unauthorized removal of attachments from campaigns. 4.3 0.33% 2023-08-17 2026-06-17
CVE-2023-39972 Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized users to create new mailing lists. 4.3 0.33% 2023-08-17 2026-06-17
CVE-2023-23751 An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs. 4.3 0.44% 2023-02-01 2026-06-17
CVE-2022-27909 In Joomla component 'jDownloads 3.9.8.2 Stable' the remote user can change some parameters in the address bar and see the names of other users' files 4.3 0.79% 2022-05-06 2026-06-17
CVE-2026-35220 Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of com_users. 4.6 0.10% 2026-05-26 2026-06-17
CVE-2025-22209 A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'searchpaymentstatus' parameter in the Employer Payment History search feature. 4.7 0.27% 2025-02-15 2026-06-17
CVE-2025-22208 A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'filter_email' parameter in the GDPR Erase Data Request search feature. 4.7 0.60% 2025-02-15 2026-06-17
CVE-2025-22206 A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.2 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'fieldfor' parameter in the GDPR Field feature. 4.7 9.16% 2025-02-04 2026-06-17
CVE-2026-21625 User provided uploads to the Easy Discuss component for Joomla aren't properly validated. Uploads are purely checked by file extensions, no mime type checks are happening. 4.8 0.35% 2026-01-16 2026-06-17
CVE-2025-54476 Improper handling of input could lead to an XSS vector in the checkAttribute method of the input filter framework class. 4.8 0.29% 2025-09-30 2026-06-17
CVE-2025-27444 A reflected XSS vulnerability in RSform!Pro component 3.0.0 - 3.3.13 for Joomla was discovered. The issue arises from the improper handling of the filter[dateFrom] GET parameter, which is reflected unescaped in the administrative backend interface. This allows an authenticated attacker with admin or editor privileges to inject arbitrary JavaScript code by crafting a malicious URL. 4.8 0.26% 2025-06-04 2026-06-17
CVE-2025-54295 A Reflected XSS vulnerability in DJ-Reviews component 1.0-1.3.6 for Joomla was discovered. 5.1 0.30% 2025-07-23 2026-06-17
CVE-2025-50058 A stored XSS vulnerability in the RSDirectory! component 1.0.0-2.2.8 Joomla was discovered. The issue allows remote authenticated attackers to inject arbitrary web script or HTML via the review reply component. 5.1 0.36% 2025-07-18 2026-06-17
CVE-2025-50056 A reflected XSS vulnerability in RSMail! component 1.19.20 - 1.22.26 28 Joomla was discovered. The issue allows remote attackers to inject arbitrary web script or HTML via the crafted parameter. 5.1 0.37% 2025-07-18 2026-06-17
CVE-2026-48945 The K2 article gallery upload path accepts a zip/tar archive, extracts it under `/media/k2/galleries/<id>/`, and only renames image files (gif/jpg/jpeg/png/webp) to safe names — non-image files (including `.php`) are extracted as-is and remain executable via direct HTTP access. 5.3 0.20% 2026-06-25 2026-06-28
«« 先頭 « 前へ 1 / 13 次へ »
cvelogic Threat Intelligence