Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
8.7 HIGH
CVE-2019-25762 — Joomla! Component JoomProject 1.1.3.2 Information Disclosure

Joomla! Component JoomProject 1.1.3.2 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive user data by exploiting the projects endpoint. Attacke…

Remote | Information Disclosure
Jun 19, 2026 Jun 22, 2026
Jun 19, 2026
Jun 22, 2026
7.1 HIGH
CVE-2019-25761 — Joomla! Component JoomCRM 1.1.1 SQL Injection via deal_id

Joomla! Component JoomCRM 1.1.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the deal_id parameter.…

Remote | Injection
Jun 19, 2026 Jun 22, 2026
Jun 19, 2026
Jun 22, 2026
6.9 MEDIUM
CVE-2019-25760 — Joomla! Component Easy Shop 1.2.3 Local File Inclusion

Joomla! Component Easy Shop 1.2.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by supplying base64-encoded file paths. Attackers can sen…

| Path Traversal
Jun 19, 2026 Jun 22, 2026
Jun 19, 2026
Jun 22, 2026
7.1 HIGH
CVE-2019-25759 — Joomla! Component vBizz 1.0.7 SQL Injection

Joomla! Component vBizz 1.0.7 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the payid parameter. Att…

Remote | Injection
Jun 19, 2026 Jun 22, 2026
Jun 19, 2026
Jun 22, 2026
8.8 HIGH
CVE-2019-25758 — Joomla! Component vBizz 1.0.7 Remote Code Execution

Joomla! Component vBizz 1.0.7 contains an unrestricted file upload vulnerability that allows authenticated attackers to upload arbitrary PHP files by submitting malicious files through the profile_pi…

Remote | Authentication
Jun 19, 2026 Jun 22, 2026
Jun 19, 2026
Jun 22, 2026
7.1 HIGH
CVE-2019-25757 — Joomla vWishlist 1.0.1 SQL Injection via vproductid Parameter

Joomla vWishlist 1.0.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vproductid and userid param…

Remote | Injection
Jun 19, 2026 Jun 23, 2026
Jun 19, 2026
Jun 23, 2026
8.8 HIGH
CVE-2019-25756 — Joomla! Component vAccount 2.0.2 SQL Injection via vaccount-dashboard

Joomla! Component vAccount 2.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vid parameter. …

Remote | Injection
Jun 19, 2026 Jun 22, 2026
Jun 19, 2026
Jun 22, 2026
8.8 HIGH
CVE-2019-25755 — Joomla vReview 1.9.11 SQL Injection via editReview

Joomla Component vReview 1.9.11 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cmId parameter. …

Remote | Injection
Jun 19, 2026 Jun 22, 2026
Jun 19, 2026
Jun 22, 2026
8.8 HIGH
CVE-2019-25754 — Joomla vRestaurant 1.9.4 SQL Injection via menu-listing-layout

Joomla Component vRestaurant 1.9.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keysearch par…

Remote | Injection
Jun 19, 2026 Jun 22, 2026
Jun 19, 2026
Jun 22, 2026
8.8 HIGH
CVE-2019-25753 — Joomla! Component VMap 1.9.6 SQL Injection via loadmarker

Joomla! Component VMap 1.9.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the latlngbound parameter.…

Remote | Injection
Jun 19, 2026 Jun 22, 2026
Jun 19, 2026
Jun 22, 2026
8.8 HIGH
CVE-2019-25752 — Joomla! Component J-BusinessDirectory 4.9.7 SQL Injection

Joomla! Component J-BusinessDirectory 4.9.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the type…

j-businessdirectory | Remote | Injection
Jun 19, 2026 Jun 22, 2026
Jun 19, 2026
Jun 22, 2026
8.8 HIGH
CVE-2019-25751 — Joomla J-ClassifiedsManager 3.0.5 SQL Injection

Joomla Component J-ClassifiedsManager 3.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST par…

Remote | Injection
Jun 19, 2026 Jun 23, 2026
Jun 19, 2026
Jun 23, 2026
8.8 HIGH
CVE-2019-25750 — Joomla J-MultipleHotelReservation 6.0.7 SQL Injection

Joomla Component J-MultipleHotelReservation 6.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through th…

Remote | Injection
Jun 19, 2026 Jun 22, 2026
Jun 19, 2026
Jun 22, 2026
7.1 HIGH
CVE-2019-25749 — Joomla J-CruisePortal 6.0.4 SQL Injection via cruises

Joomla J-CruisePortal 6.0.4 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the guest_adult parameter.…

Remote | Injection
Jun 19, 2026 Jun 22, 2026
Jun 19, 2026
Jun 22, 2026
8.1 HIGH
CVE-2026-56211 — Libaom: libaom: remote code execution via svc layer context handling with attacker-contro…

A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation. Insufficient bounds validation in the AV1 encoder's SVC (Scalable Video Coding) layer ID control all…

Jun 19, 2026 Jun 30, 2026
Jun 19, 2026
Jun 30, 2026
8.2 HIGH
CVE-2026-56210 — Libaom: libaom: heap-buffer-overflow read via missing bounds check in ctrl_set_layer_id

A heap-buffer-overflow read vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC (Scalable Video Coding) layer ID control function allows setti…

Jun 19, 2026 Jun 30, 2026
Jun 19, 2026
Jun 30, 2026
9.1 CRITICAL
CVE-2026-56209 — Libaom: libaom: arbitrary address write via svc layer context oob and cyclic refresh map …

An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC (Scalable Video Coding) layer ID control function allows an att…

Jun 19, 2026 Jun 30, 2026
Jun 19, 2026
Jun 30, 2026
8.6 HIGH
CVE-2026-56208 — Libaom: libaom: heap buffer overflow in av1 encoder first-pass stats buffer via lap mode

A heap buffer overflow vulnerability was found in libaom, the reference AV1 codec implementation. A flaw in the AV1 encoder's Look-Ahead Processing (LAP) mode causes the first-pass stats ring buffer …

Jun 19, 2026 Jun 30, 2026
Jun 19, 2026
Jun 30, 2026
9.8 CRITICAL
CVE-2026-51846 — Tenda AC7 Stack Buffer Overflow

In Tenda AC7 v15.03.06.44, the wanSpeed parameter of the route /goform/AdvSetMacMtuWan has a stack buffer overflow vulnerability that can lead to remote arbitrary code execution.

Remote | Memory Corruption
Jun 19, 2026 Jun 22, 2026
Jun 19, 2026
Jun 22, 2026
9.8 CRITICAL
CVE-2026-51845 — Tenda AC7 Stack Buffer Overflow

Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the mac parameter.

Remote | Memory Corruption
Jun 19, 2026 Jun 22, 2026
Jun 19, 2026
Jun 22, 2026
Showing 20 of 7989 Results