| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-25900 | Joomla! Core - [20260501] - XSS in feed modules | Joomla! Project | Joomla! CMS | - | - | 2026-05-26 16:43:14 | Deep Dive |
| CVE-2026-48904🧪 | Joomla! Core - [20260514] - Privilege escalation through com_users webservice endpoints | Joomla! Project | Joomla! CMS | 超危 | - | 2026-05-26 16:43:09 | Deep Dive |
| CVE-2026-30895 | Joomla! Core - [20260504] - XSS in readmore links | Joomla! Project | Joomla! CMS | - | - | 2026-05-26 16:43:03 | Deep Dive |
| CVE-2026-48898 | Joomla! Core - [20260513] - Privilege escalation through com_users batch task | Joomla! Project | Joomla! CMS | 超危 | - | 2026-05-26 16:42:59 | Deep Dive |
| CVE-2026-30894 | Joomla! Core - [20260503] - XSS in com_contenthistory | Joomla! Project | Joomla! CMS | - | - | 2026-05-26 16:42:58 | Deep Dive |
| CVE-2026-48901 | Joomla! Core - [20260517] - Incorrect Cache Key Construction for InputFilter objects | Joomla! Project | Joomla! CMS | - | - | 2026-05-26 16:42:41 | Deep Dive |
| CVE-2025-71310 | Backdrop CMS 安全漏洞 | BackdropCMS | GDPR cookies module for Backdrop CMS | - | - | 2026-05-26 01:06:56 | Deep Dive |
| CVE-2018-25353 | Redaxo CMS Mediapool Addon 5.5.1 Arbitrary File Upload | Redaxo | Redaxo CMS Mediapool | High | 8.8 | 2026-05-23 18:30:54 | Deep Dive |
| CVE-2026-8353 | Concrete CMS version 9.0 to 9.5.0 is vulnerable to Stored XSS via page name in atomik theme | Concrete CMS | Concrete CMS | 中危 | - | 2026-05-22 14:18:07 | Deep Dive |
| CVE-2026-8347 | Concrete CMS 9.5.0 and below is vulnerable to IDOR + wrong-authorization-level in Express association Reorder dialog | Concrete CMS | Concrete CMS | 中危 | - | 2026-05-22 14:06:34 | Deep Dive |
| CVE-2026-8340 | Concrete CMS 9.5.0 and below is vulnerable to CSRF via Backend\File::approveVersion | Concrete CMS | Concrete CMS | - | - | 2026-05-22 13:58:56 | Deep Dive |
| CVE-2026-8139 | Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via external-link page cvName | Concrete CMS | Concrete CMS | - | - | 2026-05-21 21:45:50 | Deep Dive |
| CVE-2026-7890 | Concrete CMS 9.5.0 is vulnerable to SSRF via RSS Displayer Block | Concrete CMS | Concrete CMS | - | - | 2026-05-21 21:43:45 | Deep Dive |
| CVE-2026-8409 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/delete | Concrete CMS | Concrete CMS | - | - | 2026-05-21 21:40:56 | Deep Dive |
| CVE-2026-8410 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/bulk/delete | Concrete CMS | Concrete CMS | - | - | 2026-05-21 21:32:53 | Deep Dive |
| CVE-2026-8411 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/delete | Concrete CMS | Concrete CMS | - | - | 2026-05-21 21:32:02 | Deep Dive |
| CVE-2026-8412 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/cache | Concrete CMS | Concrete CMS | - | - | 2026-05-21 21:31:21 | Deep Dive |
| CVE-2026-8413 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/design | Concrete CMS | Concrete CMS | - | - | 2026-05-21 21:30:28 | Deep Dive |
| CVE-2026-8414 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/event/duplicate | Concrete CMS | Concrete CMS | - | - | 2026-05-21 21:29:51 | Deep Dive |
| CVE-2026-8415 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/express/association/reorder | Concrete CMS | Concrete CMS | - | - | 2026-05-21 21:29:13 | Deep Dive |