CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

494 matches found

The Hacker News•added 2026/06/17 5:50 a.m.•12 views

CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added a maximum-severity security flaw impacting Widget Factory Joomla Content Editor JCE to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerability, tracked as...

10CVSS6.2AI score0.80425EPSS

Exploits10

VulnCheck KEV•added 2026/06/12 12:0 a.m.•15 views

VulnCheck KEV: CVE-2026-48907

A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution...

10CVSS5.3AI score0.80425EPSS

In wildExploits10References6

GithubExploit•added 2026/06/11 1:14 p.m.•152 views

Exploit for CVE-2026-48907

CVE-2026-48907 Educational PoC ⚠️ This repository is for ed...

10CVSS5.7AI score0.80425EPSS

Exploits10

GithubExploit•added 2026/06/09 4:30 p.m.•120 views

Exploit for CVE-2026-48907

CVE-2026-48907: Unauthenticated RCE in JCE Joomla Proof o...

10CVSS5.7AI score0.80425EPSS

Exploits10

ATTACKERKB•added 2026/06/05 7:31 a.m.•13 views

CVE-2026-48907

A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution...

10CVSS5.6AI score0.80425EPSS

Exploits10References2Affected Software1

CVE•added 2026/06/05 7:31 a.m.•345 views

CVE-2026-48907

CVE-2026-48907 — Joomla JCE extension unauthenticated RCE is a vulnerability in the Joomla Content Editor (JCE) that allows unauthenticated users to create editor profiles and upload PHP payloads, enabling remote code execution. Technical details across documents show an unrestricted file upload ...

10CVSS5.6AI score0.80425EPSS

In wildExploits10References3Affected Software1