4 matches found
VulnCheck KEV: CVE-2026-48907
A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution...
CVE-2026-48907
A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution...
CVE-2026-48907
CVE-2026-48907 — Joomla JCE extension unauthenticated RCE is a vulnerability in the Joomla Content Editor (JCE) that allows unauthenticated users to create editor profiles and upload PHP payloads, enabling remote code execution. Technical details across documents show an unrestricted file upload ...
JCE Editor,2.6.25, XSS (Cross Site Scripting)
JCE Editor Pro, Version 2.6.25 only, XSS Cross Site Scripting Resolution: update to 2.6.26 Update notice: https://www.joomlacontenteditor.net/news/jce-pro-2-6-26-released...