Total CVEs

143,377

Critical Severity

4,061

High Severity

14,648

Last 7 Days

1,380
Quick preset (or use dates below)
Clear Filters
πŸ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years β†’
Showing 761 - 780 of 39,782 CVEs
CVE-2026-48957 HIGH - 8.8

An improper access check allows unauthorized users to access com_privacy datasets.

Vendor: Joomla! Project
Product: Joomla! CMS
Published: Jul 07, 2026
Source: NVD
CVE-2026-48956 MEDIUM - 5.0

An improper access check allows users to display a list of modules in the frontend.

Vendor: Joomla! Project
Product: Joomla! CMS
Published: Jul 07, 2026
Source: NVD
CVE-2026-48955 MEDIUM - 6.5

An improper access check allows unauthorized users to access workflow stage and transition information.

Vendor: Joomla! Project
Product: Joomla! CMS
Published: Jul 07, 2026
Source: NVD
CVE-2026-48954 MEDIUM - 6.1

Improper validation leads to a generic XSS vector in the language override feature.

Vendor: Joomla! Project
Product: Joomla! CMS
Published: Jul 07, 2026
Source: NVD
CVE-2026-48953 MEDIUM - 6.1

Lack of escaping leads to an XSS vulnerability in the generic image output layout.

Vendor: Joomla! Project
Product: Joomla! CMS
Published: Jul 07, 2026
Source: NVD
CVE-2026-48952 MEDIUM - 6.1

Lack of escaping leads to an XSS vulnerability in the update list view of com_installer.

Vendor: Joomla! Project
Product: Joomla! CMS
Published: Jul 07, 2026
Source: NVD
CVE-2026-48951 MEDIUM - 6.1

Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components.

Vendor: Joomla! Project
Product: Joomla! CMS
Published: Jul 07, 2026
Source: NVD
CVE-2026-48950 MEDIUM - 6.1

Lack of escaping leads to an XSS vulnerability in the file management view of com_templates.

Vendor: Joomla! Project
Product: Joomla! CMS
Published: Jul 07, 2026
Source: NVD
CVE-2026-48949 MEDIUM - 6.1

Lack of validation leads to an XSS vulnerability in the MFA management views.

Vendor: Joomla! Project
Product: Joomla! CMS
Published: Jul 07, 2026
Source: NVD
CVE-2026-48948 HIGH - 8.8

An improper access check allows user to download vcard exports of com_contact contacts that are inaccessible.

Vendor: Joomla! Project
Product: Joomla! CMS
Published: Jul 07, 2026
Source: NVD
CVE-2026-48947 MEDIUM - 4.9

An improper access check allows privileged users to overwrite media files without editing permissions.

Vendor: Joomla! Project
Product: Joomla! CMS
Published: Jul 07, 2026
Source: NVD
CVE-2026-57851 HIGH - 7.8

MSI Feature Manager contains a local privilege escalation vulnerability in the KernCoreLib64.sys kernel driver that allows any locally logged-on user to perform arbitrary physical memory read/write and unrestricted I/O port operations by accessing exposed IOCTL handlers without administrator privile...

Vendor: Micro-Star International (MSI)
Product: KernCoreLib64.sys
Published: Jul 07, 2026
Source: NVD
CVE-2026-23698 HIGH - 7.2

Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents dir...

Vendor: Vtiger
Product: Vtiger CRM
Published: Jul 07, 2026
Source: NVD
CVE-2026-23697 HIGH - 8.8

Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module, bypassing the extension denylist in config.inc.php which omits the .phar...

Vendor: Vtiger
Product: Vtiger CRM
Published: Jul 07, 2026
Source: NVD
CVE-2026-14904 MEDIUM - 6.5

AWS Research and Engineering Studio (RES) is an open-source solution that enables researchers and engineers to create and manage secure virtual desktops and computing resources on AWS. Improper link resolution before file access issue (CWE-59) in the Auth.GetUserPrivateKey API. An authenticated r...

Vendor: AWS
Product: res
Published: Jul 07, 2026
Source: NVD
CVE-2026-13020 HIGH - 8.1

A Weak Password Recovery Mechanism for Forgotten Password exists in Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes. A remote, unauthorized attacker may assume ownership of a user’s account by manipulating this mechanism. ArcGIS Administrators should configure an em...

Vendor: Esri
Product: Portal for ArcGIS
Published: Jul 07, 2026
Source: NVD
CVE-2026-13019 CRITICAL - 9.8

Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes have a missing authentication for critical function vulnerability allows a remote, unauthenticated attacker to access an unprotected API.

Vendor: Esri
Product: Portal for ArcGIS
Published: Jul 07, 2026
Source: NVD
CVE-2025-12799 MEDIUM - 6.5

A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting (XSS) attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling.

Published: Jul 07, 2026
Source: NVD
CVE-2026-56812 HIGH - 7.5

Improper Check for Unusual or Exceptional Conditions vulnerability in phoenixframework phoenix (Presence JavaScript client) allows an attacker with ordinary channel access to cause a persistent client-side denial of service against every viewer of a presence channel topic. This vulnerability is ass...

Vendor: phoenixframework
Product: phoenix
Published: Jul 07, 2026
Source: NVD
CVE-2026-56811 HIGH - 7.5

Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix (Phoenix.Socket module) allows an unauthenticated attacker to cause a denial of service against any endpoint that mounts a Phoenix socket with a reachable channel transport (WebSocket or LongPoll). This v...

Vendor: phoenixframework
Product: phoenix
Published: Jul 07, 2026
Source: NVD