聚合 NVD、CVE 及多源情报,深度解析 RCE 等高危风险。系统集成 CVSS 与 EPSS 模型,动态追踪 Exploit 资源与 PoC 公开状态,研判可利用性。结合官方补丁与修复方案,优化漏洞管理优先级,缩短响应周期,保障资产安全。
分配机构(CNA / 来源):[email protected] 移除此筛选
| CVE | 描述 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|
| CVE-2026-57830 | The Joomla extension Helix Ultimate is vulnerable to an unauthenticated arbitrary file deletion. | 8.8 | 0.24% | 2026-07-13 | 2026-07-14 |
| CVE-2026-57829 | The Joomla extension Helix Ultimate is vulnerable to an unauthenticated stored XSS. | 8.7 | 0.26% | 2026-07-13 | 2026-07-14 |
| CVE-2026-57828 | The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload that allows registered users uploading executable files and leads to full RCE. | 9.0 | 0.26% | 2026-07-11 | 2026-07-14 |
| CVE-2026-57827 | The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE. | 10.0 | 0.29% | 2026-07-11 | 2026-07-14 |
| CVE-2026-56292 | A SQLi vulnerability in AcyMailing component < 10.11.1 for Joomla was discovered. Exploiting this flaw can lead to unauthorized database access and data leakage. | 9.2 | 0.27% | 2026-07-09 | 2026-07-10 |
| CVE-2026-56291 KEV | The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE. | 10.0 | 0.84% | 2026-07-09 | 2026-07-11 |
| CVE-2026-48958 | An improper access check allows unauthorized users to create custom fields via webservices endpoints. | 6.4 | 0.27% | 2026-07-07 | 2026-07-09 |
| CVE-2026-48957 | An improper access check allows unauthorized users to access com_privacy datasets. | 6.4 | 0.24% | 2026-07-07 | 2026-07-09 |
| CVE-2026-48956 | An improper access check allows users to display a list of modules in the frontend. | 6.4 | 0.17% | 2026-07-07 | 2026-07-09 |
| CVE-2026-48955 | An improper access check allows unauthorized users to access workflow stage and transition information. | 6.4 | 0.21% | 2026-07-07 | 2026-07-09 |
| CVE-2026-48954 | Improper validation leads to a generic XSS vector in the language override feature. | 5.9 | 0.15% | 2026-07-07 | 2026-07-09 |
| CVE-2026-48953 | Lack of escaping leads to an XSS vulnerability in the generic image output layout. | 5.9 | 0.15% | 2026-07-07 | 2026-07-09 |
| CVE-2026-48952 | Lack of escaping leads to an XSS vulnerability in the update list view of com_installer. | 5.9 | 0.15% | 2026-07-07 | 2026-07-09 |
| CVE-2026-48951 | Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components. | 5.9 | 0.15% | 2026-07-07 | 2026-07-09 |
| CVE-2026-48950 | Lack of escaping leads to an XSS vulnerability in the file management view of com_templates. | 5.9 | 0.15% | 2026-07-07 | 2026-07-09 |
| CVE-2026-48949 | Lack of validation leads to an XSS vulnerability in the MFA management views. | 5.9 | 0.15% | 2026-07-07 | 2026-07-09 |
| CVE-2026-48948 | An improper access check allows user to download vcard exports of com_contact contacts that are inaccessible. | 6.4 | 0.24% | 2026-07-07 | 2026-07-09 |
| CVE-2026-48947 | An improper access check allows privileged users to overwrite media files without editing permissions. | 6.4 | 0.20% | 2026-07-07 | 2026-07-09 |
| CVE-2026-56290 KEV | The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE. | 10.0 | 2.91% | 2026-06-29 | 2026-07-08 |
| CVE-2026-49049 | The Helix3 plugin for Joomla exposes an ajax handler task, that allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files and update template parameters. | 7.5 | 0.23% | 2026-06-29 | 2026-06-30 |