Search Results (876 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-40384 1 Joomla 2 Joomla!, Joomla\! 2026-05-28 7.5 High
An improper validation of the search parameter of the com_media files API endpoint leads to a path traversal vulnerability.
CVE-2026-35223 1 Joomla 2 Joomla!, Joomla\! 2026-05-28 9.8 Critical
An improper access check allows unauthorized access to com_config webservice endpoints.
CVE-2026-25900 1 Joomla 2 Joomla!, Joomla\! 2026-05-27 6.1 Medium
Lack of output escaping leads to a XSS vector in the feed modules.
CVE-2026-25901 1 Joomla 2 Joomla!, Joomla\! 2026-05-27 6.1 Medium
Lack of output escaping leads to a XSS vector in the multilingual associations component.
CVE-2026-30895 1 Joomla 2 Joomla!, Joomla\! 2026-05-27 6.1 Medium
Lack of output escaping leads to a XSS vector in the readmore links for com_content.
CVE-2026-35221 1 Joomla 2 Joomla!, Joomla\! 2026-05-27 9.8 Critical
Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder.
CVE-2026-40383 1 Joomla 2 Joomla!, Joomla\! 2026-05-27 9.8 Critical
An improper validation of user-supplied input leads to a local file inclusion vulnerability.
CVE-2026-48898 1 Joomla 2 Joomla!, Joomla\! 2026-05-27 9.8 Critical
An improper access check allows privilege escalation through the com_users batch task.
CVE-2026-48904 1 Joomla 2 Joomla!, Joomla\! 2026-05-27 9.8 Critical
An improper access check allows privelege escalation through the com_users group editing webservice endpoint.
CVE-2026-48900 1 Joomla 2 Joomla!, Joomla\! 2026-05-27 4.3 Medium
An improper access check allowed low privileged users to edit the task types of existing scheduler tasks.
CVE-2026-48899 1 Joomla 2 Joomla!, Joomla\! 2026-05-27 9.8 Critical
An improper access check allows privilege escalation through the com_users batch task.
CVE-2026-48905 1 Joomla 2 Joomla! Framework Filter Package, Joomla\! 2026-05-27 6.1 Medium
Lack of input filtering leads to an XSS vector in the HTML filter code.
CVE-2007-4780 1 Joomla 1 Joomla 2026-04-23 N/A
Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to obtain sensitive information (the full path) via unspecified vectors, probably involving direct requests to certain PHP scripts in tmpl/ directories.
CVE-2007-4779 1 Joomla 1 Joomla 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the archive section.
CVE-2007-4781 1 Joomla 1 Joomla 2026-04-23 N/A
administrator/index.php in the installer component (com_installer) in Joomla! 1.5 Beta1, Beta2, and RC1 allows remote authenticated administrators to upload arbitrary files to tmp/ via the "Upload Package File" functionality, which is accessible when com_installer is the value of the option parameter.
CVE-2007-0387 1 Joomla 1 Joomla 2026-04-23 N/A
SQL injection vulnerability in models/category.php in the Weblinks component for Joomla! SVN 20070118 (com_weblinks) allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2009-4599 2 Joomla, Joomshark 2 Joomla, Com Jsjobs 2026-04-23 N/A
Multiple SQL injection vulnerabilities in the JS Jobs (com_jsjobs) component 1.0.5.6 for Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the md parameter in an employer view_company action to index.php or (2) the oi parameter in an employer view_job action to index.php.
CVE-2007-4777 1 Joomla 1 Joomla 2026-04-23 N/A
SQL injection vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to the archive section. NOTE: this may be the same as CVE-2007-4778.
CVE-2007-4923 1 Joomla 1 Joomla Radio 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin.joomlaradiov5.php in the Joomla Radio 5 (com_joomlaradiov5) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
CVE-2007-0373 1 Joomla 1 Joomla 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Joomla! 1.5.0 Beta allow remote attackers to execute arbitrary SQL commands via (1) the searchword parameter in certain files; the where parameter in (2) plugins/search/content.php or (3) plugins/search/weblinks.php; the text parameter in (4) plugins/search/contacts.php, (5) plugins/search/categories.php, or (6) plugins/search/sections.php; or (7) the email parameter in database/table/user.php, which is not properly handled by the check function.