Lucene search
K

216 matches found

NVD
NVD
added 2026/06/29 3:16 p.m.10 views

CVE-2026-56290

The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...

10CVSS0.00356EPSS
Exploits3References4
Cvelist
Cvelist
added 2026/06/29 2:34 p.m.36 views

CVE-2026-49049 Joomla Extension - joomshaper.com - Unauthenticated access to Helix3 template ajax handler

The Helix3 plugin for Joomla exposes an ajax handler task, that allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files and update template parameters...

0.00228EPSS
Exploits2References1
EUVD
EUVD
added 2026/06/29 2:31 p.m.8 views

EUVD-2026-40121

The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...

10CVSS5.8AI score0.00356EPSS
Exploits3References1
CVE
CVE
added 2026/06/29 2:31 p.m.80 views

CVE-2026-56290

CVE-2026-56290 affects Joomla Page Builder CK (com_pagebuilderck). The root cause is an unauthenticated file upload path via browse.ajaxAddPicture that accepts a user-controlled destination with only trivial sanitization and no authentication gate, enabling an attacker to upload PHP/executable fi...

10CVSS5.8AI score0.00356EPSS
In wildExploits3References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/29 2:31 p.m.9 views

CVE-2026-56290 Joomla Extension - joomlack.fr - Unauthenticated file upload in Page Builder CK extension < 3.6.0

The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...

10CVSS5.8AI score0.00356EPSS
Exploits3References1
Cvelist
Cvelist
added 2026/06/29 2:31 p.m.37 views

CVE-2026-56290 Joomla Extension - joomlack.fr - Unauthenticated file upload in Page Builder CK extension < 3.6.0

The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...

10CVSS0.00356EPSS
Exploits3References1
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.8 views

PT-2026-53285

Name of the Vulnerable Software and Affected Versions Page Builder CK extension for Joomla versions prior to 3.6.0 Description The Page Builder CK extension for Joomla contains an unauthenticated arbitrary file upload flaw. The issue stems from improper input validation and insufficient server-si...

10CVSS6.7AI score0.00356EPSS
Exploits3References21
NVD
NVD
added 2026/06/28 7:16 p.m.13 views

CVE-2026-49048

The Joomla extension JoomCCK exposes a front-end controller task, that builds two SQL statements by directly concatenating a user-supplied request parameter into the query string without escaping or parameterisation...

9.8CVSS0.00505EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/28 6:37 p.m.13 views

EUVD-2026-40003

The Joomla extension JoomCCK exposes a front-end controller task, that builds two SQL statements by directly concatenating a user-supplied request parameter into the query string without escaping or parameterisation...

5.8AI score0.00505EPSS
Exploits1References1
CVE
CVE
added 2026/06/28 6:37 p.m.38 views

CVE-2026-49048

The CVE-2026-49048 issue affects the Joomla extension JoomCCK (com_joomcck). A front-end controller task (tags.save) builds two SQL statements by directly concatenating a user-supplied request parameter into the query string without escaping or parameterisation, enabling unauthenticated SQL injec...

9.8CVSS5.8AI score0.00505EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/28 6:37 p.m.10 views

CVE-2026-49048 Joomla Extension - joomcoder.com - Unauthenticated SQL Injection in JoomCCK extension for Joomla < 6.4.1

The Joomla extension JoomCCK exposes a front-end controller task, that builds two SQL statements by directly concatenating a user-supplied request parameter into the query string without escaping or parameterisation...

8.7CVSS5.8AI score0.00505EPSS
Exploits1References1
CVE
CVE
added 2026/06/25 3:26 p.m.13 views

CVE-2026-48945

The CVE describes a vulnerability in the K2 Joomla extension (getk2.com) where the article gallery upload path accepts a zip/tar archive and extracts it to /media/k2/galleries//. The extractor renames image files (gif/jpg/jpeg/png/webp) to safe names, but non-image files (including .php) are extr...

5.3CVSS5.9AI score0.00197EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/25 3:25 p.m.4 views

CVE-2026-48941 Joomla Extension - getk2.org - Unauthenticated folder delete in K2 extension for Joomla < 2.26

The K2 frontend item.checkin task accepts an unauthenticated sigProFolder query parameter and uses it directly to address a JFolder::delete call under /media/k2/galleries/...

5.8AI score0.00159EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 3:25 p.m.32 views

CVE-2026-48941 Joomla Extension - getk2.org - Unauthenticated folder delete in K2 extension for Joomla < 2.26

The K2 frontend item.checkin task accepts an unauthenticated sigProFolder query parameter and uses it directly to address a JFolder::delete call under /media/k2/galleries/...

0.00159EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 3:24 p.m.12 views

CVE-2026-48944

Summary: CVE-2026-48944 affects the K2 Joomla extension (getk2.com) where the frontend article-save handler accepts a parameter attachment[N][existing] that is concatenated with JPATH_SITE/ and passed to JFile::copy(). Since JPath::clean does not strip “..” and there is no allow-list of source pa...

6.5CVSS5.9AI score0.00295EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/25 3:23 p.m.14 views

CVE-2026-48942

Affected software: K2 extension for Joomla (getk2.com), version constraint listed as K2 ≤ 2.26. Vulnerability: two templates render the database column __#k2_users.image directly into HTML src attributes without HTML escaping, revealing a stored-XSS risk. Root cause: lack of escaping when injecti...

6.1CVSS5.8AI score0.00149EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/20 1:16 p.m.13 views

CVE-2026-48939

A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution...

10CVSS0.00564EPSS
Exploits3References5
Cvelist
Cvelist
added 2026/06/20 11:57 a.m.33 views

CVE-2026-48908 Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2

A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code...

10CVSS0.00803EPSS
Exploits5References1
CVE
CVE
added 2026/06/20 11:57 a.m.354 views

CVE-2026-48908

CVE-2026-48908 affects the Joomla extension SP Page Builder (com_sppagebuilder). Reports and PoCs confirm unauthenticated file upload via the asset.uploadCustomIcon task, allowing arbitrary files to be written to the webroot and potentially executing PHP code. Affected versions are 1.0.0 through ...

10CVSS6.1AI score0.00803EPSS
In wildExploits5References5Affected Software1
Cvelist
Cvelist
added 2026/06/20 11:56 a.m.36 views

CVE-2026-48939 Joomla Extension - icagenda.com - Remote Code Execution in iCaganda extension for Joomla < 4.0.8/3.9.15

A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution...

10CVSS0.00564EPSS
Exploits3References1
Rows per page
Query Builder