CVE-2026-4890HIGHCVSS 7.5

CVE-2026-4890

Published May 11, 2026·Updated Jul 2, 2026

Description

A Denial of Service (DoS) vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.

Public Exploits & PoCs10 found

[POC] GHSA-3mgp-fx93-9xv5 — CVE-2026-48908-PoC

Unauthenticated RCE PoC for CVE-2026-48908 — SP Page Builder for Joomla (≤ 6.6.1): arbitrary file upload via asset.uploadCustomIcon. Self-cleaning, token-guarded. Authorized testing only.

1

[POC] GHSA-3mgp-fx93-9xv5 — CVE-2026-48908

CVE-2026-48908

1

[POC] GHSA-3mgp-fx93-9xv5 — CVE-2026-48909

CVE-2026-48909 PoC

[POC] CVE-2026-48907 — joomla-jce-cve-2026-48907-detection

Defensive lab validation and SOC detection guidance for CVE-2026-48907 in Joomla JCE <= 2.9.99.4, including Apache/Joomla/auditd telemetry, webshell artifacts, Sigma rules, MITRE ATT&CK mapping and mitigation recommendations.

[POC] CVE-2026-48907 — CVE-2026-48907

CVE-2026-48907 is a critical improper access control vulnerability in the JCE editor extension for Joomla. It allows unauthenticated attackers to create new editor profiles, which can ultimately lead to arbitrary PHP file upload and remote code execution on affected systems

[POC] CVE-2026-48907 — CVE-2026-48907

CVE-2026-48907

[POC] CVE-2026-48907 — CVE-2026-48907

CVE-2026-48907

[POC] CVE-2026-48907 — CVE-2026-48907

PoC for CVE-2026-48907 - Joomla! JCE extension < 2.9.99.5 unauthenticated RCE

[POC] CVE-2026-48907 — CVE-2026-48907-Unauthenticated-RCE-in-JCE

CVE-2026-48907: Unauthenticated RCE in JCE (Proof Of Concept)

[POC] GHSA-3mgp-fx93-9xv5 — CVE-2026-48908-SP-Page-Builder-Joomla

CVE-2026-48908 - SP Page Builder Joomla Unauthenticated RCE

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free