CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source):[email protected] Remove this filter

Showing 120 of 248 results
«« First « Prev Page 1 / 13 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2026-57828 The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload that allows registered users uploading executable files and leads to full RCE. 9.0 N/A 2026-07-11 2026-07-11
CVE-2026-57827 The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE. 10.0 N/A 2026-07-11 2026-07-11
CVE-2026-56292 A SQLi vulnerability in AcyMailing component < 10.11.1 for Joomla was discovered. Exploiting this flaw can lead to unauthorized database access and data leakage. 9.2 0.27% 2026-07-09 2026-07-10
CVE-2026-56291 KEV The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE. 10.0 0.84% 2026-07-09 2026-07-11
CVE-2026-48958 An improper access check allows unauthorized users to create custom fields via webservices endpoints. 6.4 0.27% 2026-07-07 2026-07-09
CVE-2026-48957 An improper access check allows unauthorized users to access com_privacy datasets. 6.4 0.24% 2026-07-07 2026-07-09
CVE-2026-48956 An improper access check allows users to display a list of modules in the frontend. 6.4 0.17% 2026-07-07 2026-07-09
CVE-2026-48955 An improper access check allows unauthorized users to access workflow stage and transition information. 6.4 0.21% 2026-07-07 2026-07-09
CVE-2026-48954 Improper validation leads to a generic XSS vector in the language override feature. 5.9 0.15% 2026-07-07 2026-07-09
CVE-2026-48953 Lack of escaping leads to an XSS vulnerability in the generic image output layout. 5.9 0.15% 2026-07-07 2026-07-09
CVE-2026-48952 Lack of escaping leads to an XSS vulnerability in the update list view of com_installer. 5.9 0.15% 2026-07-07 2026-07-09
CVE-2026-48951 Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components. 5.9 0.15% 2026-07-07 2026-07-09
CVE-2026-48950 Lack of escaping leads to an XSS vulnerability in the file management view of com_templates. 5.9 0.15% 2026-07-07 2026-07-09
CVE-2026-48949 Lack of validation leads to an XSS vulnerability in the MFA management views. 5.9 0.15% 2026-07-07 2026-07-09
CVE-2026-48948 An improper access check allows user to download vcard exports of com_contact contacts that are inaccessible. 6.4 0.24% 2026-07-07 2026-07-09
CVE-2026-48947 An improper access check allows privileged users to overwrite media files without editing permissions. 6.4 0.20% 2026-07-07 2026-07-09
CVE-2026-56290 KEV The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE. 10.0 2.91% 2026-06-29 2026-07-08
CVE-2026-49049 The Helix3 plugin for Joomla exposes an ajax handler task, that allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files and update template parameters. 7.5 0.23% 2026-06-29 2026-06-30
CVE-2026-49048 The Joomla extension JoomCCK exposes a front-end controller task, that builds two SQL statements by directly concatenating a user-supplied request parameter into the query string without escaping or parameterisation. 8.7 0.51% 2026-06-28 2026-06-30
CVE-2026-48946 The K2 frontend article-attachment upload path accepts files whose extension is `.php`, and Apache's standard mod_php matches `\.php$` and executes them under the K2 web user. A K2 Author can upload a `shell.php`, then fetch `/media/k2/attachments/shell.php` and execute arbitrary PHP code in the web server's context. 6.3 0.17% 2026-06-25 2026-06-28
«« First « Prev Page 1 / 13 Next »
cvelogic Threat Intelligence