Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-48907 KEV | A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution. | 10.0 | 80.42% | 2026-06-05 | 2026-06-17 |
| CVE-2026-48906 | The vulnerability in the Tassos Framework Plugin allows users to delete arbitrary files on the affected sites. | 9.3 | 0.27% | 2026-05-27 | 2026-06-17 |
| CVE-2026-48905 | Lack of input filtering leads to an XSS vector in the HTML filter code. | 6.9 | 0.14% | 2026-05-26 | 2026-06-17 |
| CVE-2026-48904 | An improper access check allows privelege escalation through the com_users group editing webservice endpoint. | 8.2 | 0.29% | 2026-05-26 | 2026-06-17 |
| CVE-2026-48903 | Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components. | 6.9 | 0.14% | 2026-05-26 | 2026-06-17 |
| CVE-2026-48902 | The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set. | 9.8 | 0.19% | 2026-05-26 | 2026-06-17 |
| CVE-2026-48901 | The InputFilter::getInstance() method omitted a security sensitive parameter from the instance cache key. | 7.5 | 0.24% | 2026-05-26 | 2026-06-17 |
| CVE-2026-48900 | An improper access check allowed low privileged users to edit the task types of existing scheduler tasks. | 6.4 | 0.15% | 2026-05-26 | 2026-06-17 |
| CVE-2026-48899 | An improper access check allows privilege escalation through the com_users batch task. | 5.3 | 0.23% | 2026-05-26 | 2026-06-17 |
| CVE-2026-48898 | An improper access check allows privilege escalation through the com_users batch task. | 8.2 | 0.27% | 2026-05-26 | 2026-06-17 |
| CVE-2026-48897 | Insufficient state checks lead to a vector that allows to bypass 2FA checks. | 8.2 | 0.21% | 2026-05-26 | 2026-06-17 |
| CVE-2026-48896 | Insufficient state checks lead to a vector that allows to bypass 2FA checks. | 8.2 | 0.30% | 2026-05-26 | 2026-06-17 |
| CVE-2026-40384 | An improper validation of the search parameter of the com_media files API endpoint leads to a path traversal vulnerability. | 5.9 | 0.45% | 2026-05-26 | 2026-06-17 |
| CVE-2026-40383 | An improper validation of user-supplied input leads to a local file inclusion vulnerability. | 7.5 | 0.48% | 2026-05-26 | 2026-06-17 |
| CVE-2026-35223 | An improper access check allows unauthorized access to com_config webservice endpoints. | 8.6 | 0.35% | 2026-05-26 | 2026-06-17 |
| CVE-2026-35222 | Improperly validated order clauses lead to a SQL injection vulnerability in com_tags. | 6.9 | 0.31% | 2026-05-26 | 2026-06-17 |
| CVE-2026-35221 | Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder. | 6.9 | 0.31% | 2026-05-26 | 2026-06-17 |
| CVE-2026-35220 | Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of com_users. | 4.6 | 0.10% | 2026-05-26 | 2026-06-17 |
| CVE-2026-30895 | Lack of output escaping leads to a XSS vector in the readmore links for com_content. | 6.9 | 0.18% | 2026-05-26 | 2026-06-17 |
| CVE-2026-30894 | Lack of output escaping leads to a XSS vector in the content history component. | 6.9 | 0.18% | 2026-05-26 | 2026-06-17 |