2 vulnerabilities across 2 products scored HIGH or above on June 05, 2026.
- HIGH: 2
[HIGH] joomlacontenteditor.net/joomla_content_editor_(jce)_extension_for_joomla
1 CVE | CVSS 4.0: 10.0 | AAS 9.9
The JCE (Joomla Content Editor) extension for Joomla contains a critical vulnerability (CVE-2026-48907, CVSS 10.0) that allows unauthenticated users to create new editor profiles and upload executable PHP code for remote execution. Joomla administrators using JCE should immediately apply vendor patches or disable the affected extension to prevent compromise of their sites. Consult the vendor advisory at joomlacontenteditor.net for patch availability and remediation guidance.
- CVE-2026-48907 (CVSS 4.0: 10.0)
[HIGH] hclsoftware/digital_experience
1 CVE | CVSS 4.0: 8.7 | AAS 8.6
HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API (CVE-2026-21837, CVSS 8.7) that allows attackers to execute arbitrary operating system commands with application-level privileges, potentially resulting in complete system takeover and data compromise. Organizations deploying HCL Digital Experience should immediately apply the vendor security patch to remediate this actively exploitable vulnerability. Patch details and remediation guidance are available in the HCL support advisory at support.hcl-software.com.
- CVE-2026-21837 (CVSS 4.0: 8.7)