Search Results (55 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-40384 1 Joomla 2 Joomla!, Joomla\! 2026-05-28 7.5 High
An improper validation of the search parameter of the com_media files API endpoint leads to a path traversal vulnerability.
CVE-2026-35223 1 Joomla 2 Joomla!, Joomla\! 2026-05-28 9.8 Critical
An improper access check allows unauthorized access to com_config webservice endpoints.
CVE-2026-25900 1 Joomla 2 Joomla!, Joomla\! 2026-05-27 6.1 Medium
Lack of output escaping leads to a XSS vector in the feed modules.
CVE-2026-25901 1 Joomla 2 Joomla!, Joomla\! 2026-05-27 6.1 Medium
Lack of output escaping leads to a XSS vector in the multilingual associations component.
CVE-2026-30895 1 Joomla 2 Joomla!, Joomla\! 2026-05-27 6.1 Medium
Lack of output escaping leads to a XSS vector in the readmore links for com_content.
CVE-2026-35221 1 Joomla 2 Joomla!, Joomla\! 2026-05-27 9.8 Critical
Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder.
CVE-2026-40383 1 Joomla 2 Joomla!, Joomla\! 2026-05-27 9.8 Critical
An improper validation of user-supplied input leads to a local file inclusion vulnerability.
CVE-2026-48898 1 Joomla 2 Joomla!, Joomla\! 2026-05-27 9.8 Critical
An improper access check allows privilege escalation through the com_users batch task.
CVE-2026-48904 1 Joomla 2 Joomla!, Joomla\! 2026-05-27 9.8 Critical
An improper access check allows privelege escalation through the com_users group editing webservice endpoint.
CVE-2026-48900 1 Joomla 2 Joomla!, Joomla\! 2026-05-27 4.3 Medium
An improper access check allowed low privileged users to edit the task types of existing scheduler tasks.
CVE-2026-48899 1 Joomla 2 Joomla!, Joomla\! 2026-05-27 9.8 Critical
An improper access check allows privilege escalation through the com_users batch task.
CVE-2026-48905 1 Joomla 2 Joomla! Framework Filter Package, Joomla\! 2026-05-27 6.1 Medium
Lack of input filtering leads to an XSS vector in the HTML filter code.
CVE-2026-21625 2 Joomla, Stackideas 3 Joomla, Joomla!, Easydiscuss 2026-04-18 8.8 High
User provided uploads to the Easy Discuss component for Joomla aren't properly validated. Uploads are purely checked by file extensions, no mime type checks are happening.
CVE-2026-21626 2 Joomla, Stackideas 3 Joomla, Joomla!, Easydiscuss 2026-04-18 7.5 High
Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure
CVE-2026-21624 2 Joomla, Stackideas 3 Joomla, Joomla!, Easydiscuss 2026-04-18 5.4 Medium
Lack of input filterung leads to a persistent XSS vulnerability in the user avatar text handling of the Easy Discuss component for Joomla.
CVE-2025-54475 2 Joomla, Joomsky 3 Joomla, Joomla!, Js Jobs 2026-04-15 N/A
A SQL injection vulnerability in the JS Jobs plugin versions 1.3.2-1.4.4 for Joomla allows low-privilege users to execute arbitrary SQL commands.
CVE-2025-54476 1 Joomla 2 Joomla, Joomla! 2026-04-15 N/A
Improper handling of input could lead to an XSS vector in the checkAttribute method of the input filter framework class.
CVE-2025-55757 2 Joomla, Virtuemart 3 Joomla, Joomla!, Virtuemart 2026-04-15 6.1 Medium
A unauthenticated reflected XSS vulnerability in VirtueMart 1.0.0-4.4.10 for Joomla was discovered.
CVE-2025-54477 1 Joomla 2 Joomla, Joomla! 2026-04-15 5.3 Medium
Improper handling of authentication requests lead to a user enumeration vector in the passkey authentication method.
CVE-2025-55758 2 Jdownloads, Joomla 3 Jdownloads, Joomla, Joomla! 2026-04-15 5.4 Medium
Multiple CSRF attack vectors in JDownloads component 1.0.0-4.0.47 for Joomla were discovered.