Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.5 MEDIUM
CVE-2026-49271 — libheif: Wrapped icef compressed-unit range check causes out-of-bounds read in uncompress…

libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compressed-unit offsets using unit_offset + unit_size. Becau…

Remote | Memory Corruption
Jun 19, 2026 Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
8.2 HIGH
CVE-2019-25752 — Joomla! Component J-BusinessDirectory 4.9.7 SQL Injection

Joomla! Component J-BusinessDirectory 4.9.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the type…

Remote | Injection
Jun 19, 2026 Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
8.2 HIGH
CVE-2019-25751 — Joomla J-ClassifiedsManager 3.0.5 SQL Injection

Joomla Component J-ClassifiedsManager 3.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST par…

Remote | Injection
Jun 19, 2026 Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
8.2 HIGH
CVE-2019-25750 — Joomla J-MultipleHotelReservation 6.0.7 SQL Injection

Joomla Component J-MultipleHotelReservation 6.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through th…

Remote | Injection
Jun 19, 2026 Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
6.5 MEDIUM
CVE-2026-49359 — PhpWeasyPrint vulnerable to SSRF and local file disclosure via the attachment option

PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, `pontedilana/php-weasyprint` fetches the content of option values server-side via `file_get_…

Remote | Server-Side Request Forgery
Jun 19, 2026 Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
7.1 HIGH
CVE-2019-25749 — Joomla J-CruisePortal 6.0.4 SQL Injection via cruises

Joomla J-CruisePortal 6.0.4 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the guest_adult parameter.…

Remote | Injection
Jun 19, 2026 Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
8.1 HIGH
CVE-2026-49286 — PhpWeasyPrint vulnerable to PHAR deserialization via output filename (CVE-2023-28115 case…

PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, `pontedilana/php-weasyprint` guarded the output filename against the `phar://` stream wrappe…

Remote | Misconfiguration
Jun 19, 2026 Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
8.8 HIGH
CVE-2019-25748 — Joomla JHotelReservation 6.0.7 SQL Injection via search-hotels

Joomla JHotelReservation 6.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rooms parameter. …

Remote | Injection
Jun 19, 2026 Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
8.2 HIGH
CVE-2026-49260 — PhpWeasyPrint: shell command injection via configurable WeasyPrint binary path due to inv…

PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.5.1, `pontedilana/php-weasyprint` builds the shell command for WeasyPrint by passing the binary p…

| Injection
Jun 19, 2026 Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
8.8 HIGH
CVE-2017-20282 — Joomla! Component jCart for OpenCart 2.0 SQL Injection

Joomla! Component jCart for OpenCart 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the product_id para…

Remote | Injection
Jun 19, 2026 Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
8.8 HIGH
CVE-2017-20281 — Joomla! Component Extra Search 2.2.8 SQL Injection

Joomla! Component Extra Search 2.2.8 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the establename paramet…

Remote | Injection
Jun 19, 2026 Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
8.8 HIGH
CVE-2017-20280 — Joomla Component Myportfolio 3.0.2 SQL Injection via pid Parameter

Joomla Component Myportfolio 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the pid parameter. Attack…

Remote | Injection
Jun 19, 2026 Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
8.8 HIGH
CVE-2017-20279 — Joomla Payage 2.05 SQL Injection via aid Parameter

Joomla Payage 2.05 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the aid parameter. Attackers can send GET…

Remote | Injection
Jun 19, 2026 Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
8.8 HIGH
CVE-2017-20278 — Joomla JoomRecipe 1.0.3 SQL Injection via category parameter

Joomla Component JoomRecipe 1.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the category parameter. At…

Remote | Injection
Jun 19, 2026 Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
8.8 HIGH
CVE-2017-20277 — Joomla JoomRecipe 1.0.4 Component Blind SQL Injection via search_author

Joomla JoomRecipe 1.0.4 component contains a blind SQL injection vulnerability in the search_author parameter on the search results page. Attackers can inject SQL code through POST requests to the se…

Remote | Injection
Jun 19, 2026 Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
8.8 HIGH
CVE-2017-20276 — Joomla! Component SIMGenealogy 2.1.5 SQL Injection

Joomla! Component SIMGenealogy 2.1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the type parameter. Att…

Remote | Injection
Jun 19, 2026 Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
8.8 HIGH
CVE-2017-20275 — Joomla! Component PHP-Bridge 1.2.3 SQL Injection via id Parameter

Joomla! Component PHP-Bridge 1.2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter.…

Remote | Injection
Jun 19, 2026 Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
8.8 HIGH
CVE-2017-20274 — Joomla LMS King Professional 3.2.4.0 SQL Injection via learningpath

Joomla LMS King Professional 3.2.4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cp_id parameter. At…

Remote | Injection
Jun 19, 2026 Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
8.1 HIGH
CVE-2026-56211 — Libaom: libaom: remote code execution via svc layer context handling with attacker-contro…

A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation. Insufficient bounds validation in the AV1 encoder's SVC (Scalable Video Coding) layer ID control all…

enterprise_linux enterprise_linux hardened_images enterprise_linux_ai | Remote | Memory Corruption
Jun 19, 2026 Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
8.2 HIGH
CVE-2026-56210 — Libaom: libaom: heap-buffer-overflow read via missing bounds check in ctrl_set_layer_id

A heap-buffer-overflow read vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC (Scalable Video Coding) layer ID control function allows setti…

enterprise_linux enterprise_linux hardened_images enterprise_linux_ai | Remote | Memory Corruption
Jun 19, 2026 Jun 19, 2026
Jun 19, 2026
Jun 19, 2026
Showing 20 of 7580 Results