Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-57827 | The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE. | 10.0 | 0.29% | 2026-07-11 | 2026-07-13 |
| CVE-2026-56291 KEV | The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE. | 10.0 | 0.84% | 2026-07-09 | 2026-07-11 |
| CVE-2026-56290 KEV | The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE. | 10.0 | 2.91% | 2026-06-29 | 2026-07-08 |
| CVE-2026-48939 KEV | A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution. | 10.0 | 1.50% | 2026-06-20 | 2026-07-11 |
| CVE-2026-48908 KEV | A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code. | 10.0 | 1.57% | 2026-06-20 | 2026-07-08 |
| CVE-2026-48907 KEV | A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution. | 10.0 | 80.42% | 2026-06-05 | 2026-06-17 |
| CVE-2026-21628 | A improperly secured file management feature allows uploads of dangerous data types for unauthenticated users, leading to remote code execution. | 10.0 | 0.47% | 2026-03-05 | 2026-06-17 |
| CVE-2026-48902 | The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set. | 9.8 | 0.19% | 2026-05-26 | 2026-06-17 |
| CVE-2025-26855 | A SQL injection in Articles Calendar extension 1.0.0 - 1.0.1.0007 for Joomla allows attackers to execute arbitrary SQL commands. | 9.8 | 0.37% | 2025-07-18 | 2026-06-17 |
| CVE-2025-26854 | A SQL injection in Articles Good Search extension 1.0.0 - 1.2.4.0011 for Joomla allows attackers to execute arbitrary SQL commands. | 9.8 | 0.37% | 2025-07-18 | 2026-06-17 |
| CVE-2025-25226 | Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Please note: the affected method is a protected method. It has no usages in the original packages in neither the 2.x nor 3.x branch and therefore the vulnerability in question can not be exploited when using the original database class. However, classes extending the affected class might be affected, if the vulnerable method is used. | 9.8 | 0.45% | 2025-04-08 | 2026-06-17 |
| CVE-2025-22204 | Improper control of generation of code in the sourcerer extension for Joomla in versions before 11.0.0 lead to a remote code execution vulnerability. | 9.8 | 0.76% | 2025-02-04 | 2026-06-17 |
| CVE-2024-40744 | Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.8. | 9.8 | 0.49% | 2024-12-04 | 2026-06-17 |
| CVE-2023-49708 | SQLi vulnerability in Starshop component for Joomla. | 9.8 | 0.83% | 2023-12-14 | 2026-06-17 |
| CVE-2023-49707 | SQLi vulnerability in S5 Register module for Joomla. | 9.8 | 0.83% | 2023-12-14 | 2026-06-17 |
| CVE-2023-40630 | Unauthenticated LFI/SSRF in JCDashboards component for Joomla. | 9.8 | 0.71% | 2023-12-14 | 2026-06-17 |
| CVE-2023-40629 | SQLi vulnerability in LMS Lite component for Joomla. | 9.8 | 0.83% | 2023-12-14 | 2026-06-17 |
| CVE-2023-39970 | Unrestricted Upload of File with Dangerous Type vulnerability in AcyMailing component for Joomla. It allows remote code execution. | 9.8 | 0.88% | 2023-08-17 | 2026-06-17 |
| CVE-2023-38044 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. | 9.8 | 0.54% | 2023-08-07 | 2026-06-17 |
| CVE-2023-34477 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. | 9.8 | 0.50% | 2023-08-07 | 2026-06-17 |