CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source):[email protected] Remove this filter

Showing 4160 of 259 results
«« First « Prev Page 3 / 13 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2026-48907 KEV A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution. 10.0 80.42% 2026-06-05 2026-06-17
CVE-2026-48906 The vulnerability in the Tassos Framework Plugin allows users to delete arbitrary files on the affected sites. 9.3 0.27% 2026-05-27 2026-06-17
CVE-2026-48905 Lack of input filtering leads to an XSS vector in the HTML filter code. 6.9 0.14% 2026-05-26 2026-06-17
CVE-2026-48904 An improper access check allows privelege escalation through the com_users group editing webservice endpoint. 8.2 0.29% 2026-05-26 2026-06-17
CVE-2026-48903 Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components. 6.9 0.14% 2026-05-26 2026-06-17
CVE-2026-48902 The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set. 9.8 0.19% 2026-05-26 2026-06-17
CVE-2026-48901 The InputFilter::getInstance() method omitted a security sensitive parameter from the instance cache key. 7.5 0.24% 2026-05-26 2026-06-17
CVE-2026-48900 An improper access check allowed low privileged users to edit the task types of existing scheduler tasks. 6.4 0.15% 2026-05-26 2026-06-17
CVE-2026-48899 An improper access check allows privilege escalation through the com_users batch task. 5.3 0.23% 2026-05-26 2026-06-17
CVE-2026-48898 An improper access check allows privilege escalation through the com_users batch task. 8.2 0.27% 2026-05-26 2026-06-17
CVE-2026-48897 Insufficient state checks lead to a vector that allows to bypass 2FA checks. 8.2 0.21% 2026-05-26 2026-06-17
CVE-2026-48896 Insufficient state checks lead to a vector that allows to bypass 2FA checks. 8.2 0.30% 2026-05-26 2026-06-17
CVE-2026-40384 An improper validation of the search parameter of the com_media files API endpoint leads to a path traversal vulnerability. 5.9 0.45% 2026-05-26 2026-06-17
CVE-2026-40383 An improper validation of user-supplied input leads to a local file inclusion vulnerability. 7.5 0.48% 2026-05-26 2026-06-17
CVE-2026-35223 An improper access check allows unauthorized access to com_config webservice endpoints. 8.6 0.35% 2026-05-26 2026-06-17
CVE-2026-35222 Improperly validated order clauses lead to a SQL injection vulnerability in com_tags. 6.9 0.31% 2026-05-26 2026-06-17
CVE-2026-35221 Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder. 6.9 0.31% 2026-05-26 2026-06-17
CVE-2026-35220 Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of com_users. 4.6 0.10% 2026-05-26 2026-06-17
CVE-2026-30895 Lack of output escaping leads to a XSS vector in the readmore links for com_content. 6.9 0.18% 2026-05-26 2026-06-17
CVE-2026-30894 Lack of output escaping leads to a XSS vector in the content history component. 6.9 0.18% 2026-05-26 2026-06-17
«« First « Prev Page 3 / 13 Next »
cvelogic Threat Intelligence