Search
Search Results (991 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-48954 | 1 Joomla | 1 Joomla! | 2026-07-10 | N/A |
| Improper validation leads to a generic XSS vector in the language override feature. | ||||
| CVE-2026-48949 | 1 Joomla | 1 Joomla! | 2026-07-10 | N/A |
| Lack of validation leads to an XSS vulnerability in the MFA management views. | ||||
| CVE-2026-48948 | 1 Joomla | 1 Joomla! | 2026-07-10 | N/A |
| An improper access check allows user to download vcard exports of com_contact contacts that are inaccessible. | ||||
| CVE-2026-48953 | 1 Joomla | 1 Joomla! | 2026-07-10 | N/A |
| Lack of escaping leads to an XSS vulnerability in the generic image output layout. | ||||
| CVE-2026-48951 | 1 Joomla | 1 Joomla! | 2026-07-10 | N/A |
| Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components. | ||||
| CVE-2026-48957 | 1 Joomla | 1 Joomla! | 2026-07-10 | N/A |
| An improper access check allows unauthorized users to access com_privacy datasets. | ||||
| CVE-2026-48956 | 1 Joomla | 1 Joomla! | 2026-07-10 | N/A |
| An improper access check allows users to display a list of modules in the frontend. | ||||
| CVE-2026-48955 | 1 Joomla | 1 Joomla! | 2026-07-10 | N/A |
| An improper access check allows unauthorized users to access workflow stage and transition information. | ||||
| CVE-2026-48950 | 1 Joomla | 1 Joomla! | 2026-07-10 | N/A |
| Lack of escaping leads to an XSS vulnerability in the file management view of com_templates. | ||||
| CVE-2026-48958 | 1 Joomla | 1 Joomla! | 2026-07-10 | N/A |
| An improper access check allows unauthorized users to create custom fields via webservices endpoints. | ||||
| CVE-2026-48947 | 1 Joomla | 1 Joomla! | 2026-07-10 | N/A |
| An improper access check allows privileged users to overwrite media files without editing permissions. | ||||
| CVE-2026-48952 | 1 Joomla | 1 Joomla! | 2026-07-10 | N/A |
| Lack of escaping leads to an XSS vulnerability in the update list view of com_installer. | ||||
| CVE-2026-35222 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-06-02 | 9.8 Critical |
| Improperly validated order clauses lead to a SQL injection vulnerability in com_tags. | ||||
| CVE-2026-30894 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-06-02 | 6.1 Medium |
| Lack of output escaping leads to a XSS vector in the content history component. | ||||
| CVE-2026-35220 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-05-29 | 4.3 Medium |
| Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of com_users. | ||||
| CVE-2026-48896 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-05-29 | 7.5 High |
| Insufficient state checks lead to a vector that allows to bypass 2FA checks. | ||||
| CVE-2026-48903 | 1 Joomla | 2 Joomla! Framework Filter Package, Joomla\! | 2026-05-29 | 6.1 Medium |
| Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components. | ||||
| CVE-2026-48902 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-05-28 | 9.8 Critical |
| The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set. | ||||
| CVE-2026-48897 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-05-28 | 7.5 High |
| Insufficient state checks lead to a vector that allows to bypass 2FA checks. | ||||
| CVE-2026-48901 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-05-28 | 7.5 High |
| The InputFilter::getInstance() method omitted a security sensitive parameter from the instance cache key. | ||||