Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-58078 | The Joomla extension Quix Page Builder Pro is vulnerable to an unauthenticated SQL injection. | 8.7 | N/A | 2026-07-16 | 2026-07-16 |
| CVE-2026-58077 | The Joomla extension 4Analytics is vulnerable to an unauthenticated stored XSS. A specially crafted unauthenticated request may result in website takeover under some circumstances. | 8.7 | 0.42% | 2026-07-15 | 2026-07-15 |
| CVE-2026-57833 | The Joomla extension 4Analytics is vulnerable to an unauthenticated stored XSS in relation to the AI analysis feature. | 8.6 | 0.42% | 2026-07-15 | 2026-07-15 |
| CVE-2026-57832 | The Joomla extension EDocman is vulnerable to an unauthenticated SQL injection. | 8.7 | 0.23% | 2026-07-15 | 2026-07-15 |
| CVE-2026-57831 | The Joomla extension DP Calendar is vulnerable to an unauthenticated SQL injection. | 8.7 | 0.23% | 2026-07-15 | 2026-07-15 |
| CVE-2026-57830 | The Joomla extension Helix Ultimate is vulnerable to an unauthenticated arbitrary file deletion. | 8.8 | 0.24% | 2026-07-13 | 2026-07-14 |
| CVE-2026-57829 | The Joomla extension Helix Ultimate is vulnerable to an unauthenticated stored XSS. | 8.7 | 0.15% | 2026-07-13 | 2026-07-14 |
| CVE-2026-57828 | The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload that allows registered users uploading executable files and leads to full RCE. | 9.0 | 0.26% | 2026-07-11 | 2026-07-14 |
| CVE-2026-57827 | The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE. | 10.0 | 0.29% | 2026-07-11 | 2026-07-14 |
| CVE-2026-56292 | A SQLi vulnerability in AcyMailing component < 10.11.1 for Joomla was discovered. Exploiting this flaw can lead to unauthorized database access and data leakage. | 9.2 | 0.27% | 2026-07-09 | 2026-07-10 |
| CVE-2026-56291 KEV | The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE. | 10.0 | 0.84% | 2026-07-09 | 2026-07-11 |
| CVE-2026-48958 | An improper access check allows unauthorized users to create custom fields via webservices endpoints. | 6.4 | 0.27% | 2026-07-07 | 2026-07-09 |
| CVE-2026-48957 | An improper access check allows unauthorized users to access com_privacy datasets. | 6.4 | 0.24% | 2026-07-07 | 2026-07-09 |
| CVE-2026-48956 | An improper access check allows users to display a list of modules in the frontend. | 6.4 | 0.17% | 2026-07-07 | 2026-07-09 |
| CVE-2026-48955 | An improper access check allows unauthorized users to access workflow stage and transition information. | 6.4 | 0.21% | 2026-07-07 | 2026-07-09 |
| CVE-2026-48954 | Improper validation leads to a generic XSS vector in the language override feature. | 5.9 | 0.15% | 2026-07-07 | 2026-07-09 |
| CVE-2026-48953 | Lack of escaping leads to an XSS vulnerability in the generic image output layout. | 5.9 | 0.15% | 2026-07-07 | 2026-07-09 |
| CVE-2026-48952 | Lack of escaping leads to an XSS vulnerability in the update list view of com_installer. | 5.9 | 0.15% | 2026-07-07 | 2026-07-09 |
| CVE-2026-48951 | Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components. | 5.9 | 0.15% | 2026-07-07 | 2026-07-09 |
| CVE-2026-48950 | Lack of escaping leads to an XSS vulnerability in the file management view of com_templates. | 5.9 | 0.15% | 2026-07-07 | 2026-07-09 |