CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source):[email protected] Remove this filter

Showing 120 of 255 results
«« First « Prev Page 1 / 13 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2026-58078 The Joomla extension Quix Page Builder Pro is vulnerable to an unauthenticated SQL injection. 8.7 N/A 2026-07-16 2026-07-16
CVE-2026-58077 The Joomla extension 4Analytics is vulnerable to an unauthenticated stored XSS. A specially crafted unauthenticated request may result in website takeover under some circumstances. 8.7 0.42% 2026-07-15 2026-07-15
CVE-2026-57833 The Joomla extension 4Analytics is vulnerable to an unauthenticated stored XSS in relation to the AI analysis feature. 8.6 0.42% 2026-07-15 2026-07-15
CVE-2026-57832 The Joomla extension EDocman is vulnerable to an unauthenticated SQL injection. 8.7 0.23% 2026-07-15 2026-07-15
CVE-2026-57831 The Joomla extension DP Calendar is vulnerable to an unauthenticated SQL injection. 8.7 0.23% 2026-07-15 2026-07-15
CVE-2026-57830 The Joomla extension Helix Ultimate is vulnerable to an unauthenticated arbitrary file deletion. 8.8 0.24% 2026-07-13 2026-07-14
CVE-2026-57829 The Joomla extension Helix Ultimate is vulnerable to an unauthenticated stored XSS. 8.7 0.15% 2026-07-13 2026-07-14
CVE-2026-57828 The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload that allows registered users uploading executable files and leads to full RCE. 9.0 0.26% 2026-07-11 2026-07-14
CVE-2026-57827 The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE. 10.0 0.29% 2026-07-11 2026-07-14
CVE-2026-56292 A SQLi vulnerability in AcyMailing component < 10.11.1 for Joomla was discovered. Exploiting this flaw can lead to unauthorized database access and data leakage. 9.2 0.27% 2026-07-09 2026-07-10
CVE-2026-56291 KEV The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE. 10.0 0.84% 2026-07-09 2026-07-11
CVE-2026-48958 An improper access check allows unauthorized users to create custom fields via webservices endpoints. 6.4 0.27% 2026-07-07 2026-07-09
CVE-2026-48957 An improper access check allows unauthorized users to access com_privacy datasets. 6.4 0.24% 2026-07-07 2026-07-09
CVE-2026-48956 An improper access check allows users to display a list of modules in the frontend. 6.4 0.17% 2026-07-07 2026-07-09
CVE-2026-48955 An improper access check allows unauthorized users to access workflow stage and transition information. 6.4 0.21% 2026-07-07 2026-07-09
CVE-2026-48954 Improper validation leads to a generic XSS vector in the language override feature. 5.9 0.15% 2026-07-07 2026-07-09
CVE-2026-48953 Lack of escaping leads to an XSS vulnerability in the generic image output layout. 5.9 0.15% 2026-07-07 2026-07-09
CVE-2026-48952 Lack of escaping leads to an XSS vulnerability in the update list view of com_installer. 5.9 0.15% 2026-07-07 2026-07-09
CVE-2026-48951 Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components. 5.9 0.15% 2026-07-07 2026-07-09
CVE-2026-48950 Lack of escaping leads to an XSS vulnerability in the file management view of com_templates. 5.9 0.15% 2026-07-07 2026-07-09
«« First « Prev Page 1 / 13 Next »
cvelogic Threat Intelligence