CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source):[email protected] Remove this filter

Showing 120 of 255 results
«« First « Prev Page 1 / 13 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2025-22212 A SQL injection vulnerability in the Convert Forms component versions 1.0.0-1.0.0 - 4.4.9 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the submission management area in backend. 2.7 0.30% 2025-03-05 2026-06-17
CVE-2026-48940 A Joomla user with K2 "create item" rights (Author tier by default) can submit an article whose `embedVideo` POST field contains a raw `<script>` tag; K2 stores it verbatim and renders it unescaped to any visitor of the article page. 3.4 0.17% 2026-06-25 2026-06-28
CVE-2025-22211 A SQL injection vulnerability in the JoomShopping component versions 1.0.0-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the country management area in backend. 3.4 0.34% 2025-02-25 2026-06-17
CVE-2025-25228 A SQL injection in VirtueMart component 1.0.0 - 4.4.7 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the product management area in backend. 3.8 0.21% 2025-04-21 2026-06-17
CVE-2024-21723 Inadequate parsing of URLs could result into an open redirect. 4.3 0.54% 2024-02-28 2026-06-17
CVE-2023-39973 Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. It allows the unauthorized removal of attachments from campaigns. 4.3 0.33% 2023-08-17 2026-06-17
CVE-2023-39972 Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized users to create new mailing lists. 4.3 0.33% 2023-08-17 2026-06-17
CVE-2023-23751 An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs. 4.3 0.44% 2023-02-01 2026-06-17
CVE-2022-27909 In Joomla component 'jDownloads 3.9.8.2 Stable' the remote user can change some parameters in the address bar and see the names of other users' files 4.3 0.79% 2022-05-06 2026-06-17
CVE-2026-35220 Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of com_users. 4.6 0.10% 2026-05-26 2026-06-17
CVE-2025-22209 A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'searchpaymentstatus' parameter in the Employer Payment History search feature. 4.7 0.27% 2025-02-15 2026-06-17
CVE-2025-22208 A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'filter_email' parameter in the GDPR Erase Data Request search feature. 4.7 0.60% 2025-02-15 2026-06-17
CVE-2025-22206 A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.2 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'fieldfor' parameter in the GDPR Field feature. 4.7 9.16% 2025-02-04 2026-06-17
CVE-2026-21625 User provided uploads to the Easy Discuss component for Joomla aren't properly validated. Uploads are purely checked by file extensions, no mime type checks are happening. 4.8 0.35% 2026-01-16 2026-06-17
CVE-2025-54476 Improper handling of input could lead to an XSS vector in the checkAttribute method of the input filter framework class. 4.8 0.29% 2025-09-30 2026-06-17
CVE-2025-27444 A reflected XSS vulnerability in RSform!Pro component 3.0.0 - 3.3.13 for Joomla was discovered. The issue arises from the improper handling of the filter[dateFrom] GET parameter, which is reflected unescaped in the administrative backend interface. This allows an authenticated attacker with admin or editor privileges to inject arbitrary JavaScript code by crafting a malicious URL. 4.8 0.26% 2025-06-04 2026-06-17
CVE-2025-54295 A Reflected XSS vulnerability in DJ-Reviews component 1.0-1.3.6 for Joomla was discovered. 5.1 0.30% 2025-07-23 2026-06-17
CVE-2025-50058 A stored XSS vulnerability in the RSDirectory! component 1.0.0-2.2.8 Joomla was discovered. The issue allows remote authenticated attackers to inject arbitrary web script or HTML via the review reply component. 5.1 0.36% 2025-07-18 2026-06-17
CVE-2025-50056 A reflected XSS vulnerability in RSMail! component 1.19.20 - 1.22.26 28 Joomla was discovered. The issue allows remote attackers to inject arbitrary web script or HTML via the crafted parameter. 5.1 0.37% 2025-07-18 2026-06-17
CVE-2026-48945 The K2 article gallery upload path accepts a zip/tar archive, extracts it under `/media/k2/galleries/<id>/`, and only renames image files (gif/jpg/jpeg/png/webp) to safe names — non-image files (including `.php`) are extracted as-is and remain executable via direct HTTP access. 5.3 0.20% 2026-06-25 2026-06-28
«« First « Prev Page 1 / 13 Next »
cvelogic Threat Intelligence