261
CVEs
30
Critical
63
High
1
KEV
38
PoC
78
Unpatched C/H
14.9%
Patch Rate
6.0%
Avg EPSS
Severity Breakdown
CRITICAL
30
HIGH
63
MEDIUM
163
LOW
4
Monthly CVE Trend
Affected Products (30)
PHP
23
Open Redirect
6
Jux Real Estate
3
Js Jobs
3
Easydiscuss
3
Fedora
2
Hikashop
2
Debian Linux
2
Phpmailer
1
Financial Services Loan Loss Forecasting And Provisioning
1
Snapcenter
1
Bi Publisher
1
Knowledge
1
Healthcare Translational Research
1
Healthcare Foundation
1
Insurance Ifrs 17 Analyzer
1
Retail Back Office
1
Insurance Performance Insight
1
Cloudforms
1
Junos
1
Financial Services Institutional Performance Analytics
1
Communications Session Report Manager
1
Business Process Management Suite
1
Leap
1
Agile Product Lifecycle Management For Process
1
Financial Services Retail Performance Analytics
1
Hospitality Simphony
1
Financial Services Balance Sheet Planning
1
Enterprise Session Border Controller
1
Financial Services Market Risk Measurement And Management
1
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2017-8917 | SQL injection vulnerability in Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 94.5%. | CRITICAL | 9.8 | 94.5% | 179 |
PoC
|
| CVE-2016-10045 | The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 93.4%. | CRITICAL | 9.8 | 93.4% | 177 |
PoC
|
| CVE-2015-8562 | Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 92.9%. | HIGH | 7.5 | 92.9% | 165 |
PoC
No patch
|
| CVE-2015-7297 | SQL injection vulnerability in Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 91.6%. | HIGH | 7.5 | 91.6% | 164 |
PoC
No patch
|
| CVE-2016-8869 | The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 91.9%. | CRITICAL | 9.8 | 91.9% | 161 |
PoC
|
| CVE-2016-8870 | The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla!. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 91.5%. | HIGH | 8.1 | 91.5% | 152 |
PoC
|
| CVE-2015-7857 | SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 72.2%. | HIGH | 7.5 | 72.2% | 145 |
PoC
No patch
|
| CVE-2015-7858 | SQL injection vulnerability in Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 69.1%. | HIGH | 7.5 | 69.1% | 142 |
PoC
No patch
|
| CVE-2013-5576 | administrator/components/com_media/helpers/media.php in the media manager in Joomla!. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 52.1%. | MEDIUM | 6.8 | 52.1% | 121 |
PoC
|
| CVE-2014-7228 | Akeeba Restore (restore.php), as used in Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 7.5 | 6.1% | 79 |
PoC
No patch
|
| CVE-2014-7981 | SQL injection vulnerability in Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 14.3%. | HIGH | 7.5 | 14.3% | 72 |
PoC
No patch
|
| CVE-2017-14596 | In Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 2.6% | 72 |
PoC
No patch
|
| CVE-2016-9836 | The file scanning mechanism of JFilterInput::isFileSafe() in Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 0.4% | 69 |
PoC
No patch
|
| CVE-2019-10945 | An issue was discovered in Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 38.0% | 69 |
PoC
No patch
|
| CVE-2016-9838 | An issue was discovered in components/com_users/models/registration.php in Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available. | HIGH | 7.5 | 2.9% | 60 |
PoC
|