Lucene search
K

216 matches found

NVD
NVD
added 5 days ago9 views

CVE-2026-56290

The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...

10CVSS0.00329EPSS
Exploits2References3
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-49049 Joomla Extension - joomshaper.com - Unauthenticated access to Helix3 template ajax handler

The Helix3 plugin for Joomla exposes an ajax handler task, that allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files and update template parameters...

0.00228EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-56290 Joomla Extension - joomlack.fr - Unauthenticated file upload in Page Builder CK extension < 3.6.0

The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...

10CVSS0.00329EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 5 days ago7 views

CVE-2026-56290 Joomla Extension - joomlack.fr - Unauthenticated file upload in Page Builder CK extension < 3.6.0

The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...

10CVSS5.8AI score0.00329EPSS
Exploits2References1
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-40121

The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...

10CVSS5.8AI score0.00329EPSS
Exploits2References1
CVE
CVE
added 5 days ago28 views

CVE-2026-56290

CVE-2026-56290 affects the Joomla extension Page Builder CK (listed as Page Builder CK extension

10CVSS5.8AI score0.00329EPSS
In wildExploits2References3Affected Software1
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-53285

Name of the Vulnerable Software and Affected Versions Page Builder CK versions prior to 3.6.0 Description The Joomla extension Page Builder CK contains an unauthenticated arbitrary file upload flaw. The issue stems from improper input validation and insufficient server-side restrictions on upload...

10CVSS6.5AI score0.00329EPSS
Exploits2References12
NVD
NVD
added 6 days ago13 views

CVE-2026-49048

The Joomla extension JoomCCK exposes a front-end controller task, that builds two SQL statements by directly concatenating a user-supplied request parameter into the query string without escaping or parameterisation...

9.8CVSS0.00505EPSS
Exploits1References1
EUVD
EUVD
added 6 days ago13 views

EUVD-2026-40003

The Joomla extension JoomCCK exposes a front-end controller task, that builds two SQL statements by directly concatenating a user-supplied request parameter into the query string without escaping or parameterisation...

5.8AI score0.00505EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 6 days ago8 views

CVE-2026-49048 Joomla Extension - joomcoder.com - Unauthenticated SQL Injection in JoomCCK extension for Joomla < 6.4.1

The Joomla extension JoomCCK exposes a front-end controller task, that builds two SQL statements by directly concatenating a user-supplied request parameter into the query string without escaping or parameterisation...

8.7CVSS5.8AI score0.00505EPSS
Exploits1References1
CVE
CVE
added 6 days ago32 views

CVE-2026-49048

The CVE-2026-49048 issue affects the Joomla extension JoomCCK (com_joomcck). A front-end controller task (tags.save) builds two SQL statements by directly concatenating a user-supplied request parameter into the query string without escaping or parameterisation, enabling unauthenticated SQL injec...

9.8CVSS5.8AI score0.00505EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/06/25 3:26 p.m.10 views

CVE-2026-48945

The CVE describes a vulnerability in the K2 Joomla extension (getk2.com) where the article gallery upload path accepts a zip/tar archive and extracts it to /media/k2/galleries//. The extractor renames image files (gif/jpg/jpeg/png/webp) to safe names, but non-image files (including .php) are extr...

5.3CVSS5.9AI score0.00197EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/25 3:25 p.m.4 views

CVE-2026-48941 Joomla Extension - getk2.org - Unauthenticated folder delete in K2 extension for Joomla < 2.26

The K2 frontend item.checkin task accepts an unauthenticated sigProFolder query parameter and uses it directly to address a JFolder::delete call under /media/k2/galleries/...

5.8AI score0.00159EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 3:25 p.m.31 views

CVE-2026-48941 Joomla Extension - getk2.org - Unauthenticated folder delete in K2 extension for Joomla < 2.26

The K2 frontend item.checkin task accepts an unauthenticated sigProFolder query parameter and uses it directly to address a JFolder::delete call under /media/k2/galleries/...

0.00159EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 3:24 p.m.10 views

CVE-2026-48944

Summary: CVE-2026-48944 affects the K2 Joomla extension (getk2.com) where the frontend article-save handler accepts a parameter attachment[N][existing] that is concatenated with JPATH_SITE/ and passed to JFile::copy(). Since JPath::clean does not strip “..” and there is no allow-list of source pa...

6.5CVSS5.9AI score0.00295EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/25 3:23 p.m.10 views

CVE-2026-48942

Affected software: K2 extension for Joomla (getk2.com), version constraint listed as K2 ≤ 2.26. Vulnerability: two templates render the database column __#k2_users.image directly into HTML src attributes without HTML escaping, revealing a stored-XSS risk. Root cause: lack of escaping when injecti...

6.1CVSS5.8AI score0.00149EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/20 1:16 p.m.13 views

CVE-2026-48939

A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution...

10CVSS0.00522EPSS
Exploits2References5
Cvelist
Cvelist
added 2026/06/20 11:57 a.m.30 views

CVE-2026-48908 Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2

A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code...

10CVSS0.00734EPSS
Exploits3References1
CVE
CVE
added 2026/06/20 11:57 a.m.246 views

CVE-2026-48908

SP Page Builder for Joomla (joomshaper.com) is affected by CVE-2026-48908. Versions prior to 6.6.12 allow unauthenticated users to upload arbitrary files, enabling PHP code upload and execution. This vulnerability can impact confidentiality, integrity, and availability of the affected site. The C...

10CVSS6.1AI score0.00734EPSS
In wildExploits3References3Affected Software1
CVE
CVE
added 2026/06/20 11:56 a.m.57 views

CVE-2026-48939

The CVE-2026-48939 entry concerns the iCagenda extension for Joomla. The vulnerability is in the file attachment feature, permitting arbitrary file uploads that can lead to PHP code execution. This is described across multiple sources (NVD and CVE listings) as a remote code execution risk affecti...

10CVSS6AI score0.00522EPSS
Exploits2References5Affected Software1
Rows per page
Query Builder