CVE 列表 – 发现高风险与在野利用漏洞

聚合 NVD、CVE 及多源情报,深度解析 RCE 等高危风险。系统集成 CVSS 与 EPSS 模型,动态追踪 Exploit 资源与 PoC 公开状态,研判可利用性。结合官方补丁与修复方案,优化漏洞管理优先级,缩短响应周期,保障资产安全。

分配机构(CNA / 来源):[email protected] 移除此筛选

显示 120250 条结果
«« 第一页 « 上一页 第 1 / 13 页 下一页 »
CVE 描述 最高 CVSS EPSS % 公开时间 更新时间
CVE-2026-57830 The Joomla extension Helix Ultimate is vulnerable to an unauthenticated arbitrary file deletion. 8.8 0.24% 2026-07-13 2026-07-14
CVE-2026-57829 The Joomla extension Helix Ultimate is vulnerable to an unauthenticated stored XSS. 8.7 0.26% 2026-07-13 2026-07-14
CVE-2026-57828 The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload that allows registered users uploading executable files and leads to full RCE. 9.0 0.26% 2026-07-11 2026-07-14
CVE-2026-57827 The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE. 10.0 0.29% 2026-07-11 2026-07-14
CVE-2026-56292 A SQLi vulnerability in AcyMailing component < 10.11.1 for Joomla was discovered. Exploiting this flaw can lead to unauthorized database access and data leakage. 9.2 0.27% 2026-07-09 2026-07-10
CVE-2026-56291 KEV The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE. 10.0 0.84% 2026-07-09 2026-07-11
CVE-2026-48958 An improper access check allows unauthorized users to create custom fields via webservices endpoints. 6.4 0.27% 2026-07-07 2026-07-09
CVE-2026-48957 An improper access check allows unauthorized users to access com_privacy datasets. 6.4 0.24% 2026-07-07 2026-07-09
CVE-2026-48956 An improper access check allows users to display a list of modules in the frontend. 6.4 0.17% 2026-07-07 2026-07-09
CVE-2026-48955 An improper access check allows unauthorized users to access workflow stage and transition information. 6.4 0.21% 2026-07-07 2026-07-09
CVE-2026-48954 Improper validation leads to a generic XSS vector in the language override feature. 5.9 0.15% 2026-07-07 2026-07-09
CVE-2026-48953 Lack of escaping leads to an XSS vulnerability in the generic image output layout. 5.9 0.15% 2026-07-07 2026-07-09
CVE-2026-48952 Lack of escaping leads to an XSS vulnerability in the update list view of com_installer. 5.9 0.15% 2026-07-07 2026-07-09
CVE-2026-48951 Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components. 5.9 0.15% 2026-07-07 2026-07-09
CVE-2026-48950 Lack of escaping leads to an XSS vulnerability in the file management view of com_templates. 5.9 0.15% 2026-07-07 2026-07-09
CVE-2026-48949 Lack of validation leads to an XSS vulnerability in the MFA management views. 5.9 0.15% 2026-07-07 2026-07-09
CVE-2026-48948 An improper access check allows user to download vcard exports of com_contact contacts that are inaccessible. 6.4 0.24% 2026-07-07 2026-07-09
CVE-2026-48947 An improper access check allows privileged users to overwrite media files without editing permissions. 6.4 0.20% 2026-07-07 2026-07-09
CVE-2026-56290 KEV The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE. 10.0 2.91% 2026-06-29 2026-07-08
CVE-2026-49049 The Helix3 plugin for Joomla exposes an ajax handler task, that allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files and update template parameters. 7.5 0.23% 2026-06-29 2026-06-30
«« 第一页 « 上一页 第 1 / 13 页 下一页 »
cvelogic Threat Intelligence