Search
Search Results (55 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-40384 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-05-28 | 7.5 High |
| An improper validation of the search parameter of the com_media files API endpoint leads to a path traversal vulnerability. | ||||
| CVE-2026-35223 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-05-28 | 9.8 Critical |
| An improper access check allows unauthorized access to com_config webservice endpoints. | ||||
| CVE-2026-25900 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-05-27 | 6.1 Medium |
| Lack of output escaping leads to a XSS vector in the feed modules. | ||||
| CVE-2026-25901 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-05-27 | 6.1 Medium |
| Lack of output escaping leads to a XSS vector in the multilingual associations component. | ||||
| CVE-2026-30895 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-05-27 | 6.1 Medium |
| Lack of output escaping leads to a XSS vector in the readmore links for com_content. | ||||
| CVE-2026-35221 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-05-27 | 9.8 Critical |
| Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder. | ||||
| CVE-2026-40383 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-05-27 | 9.8 Critical |
| An improper validation of user-supplied input leads to a local file inclusion vulnerability. | ||||
| CVE-2026-48898 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-05-27 | 9.8 Critical |
| An improper access check allows privilege escalation through the com_users batch task. | ||||
| CVE-2026-48904 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-05-27 | 9.8 Critical |
| An improper access check allows privelege escalation through the com_users group editing webservice endpoint. | ||||
| CVE-2026-48900 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-05-27 | 4.3 Medium |
| An improper access check allowed low privileged users to edit the task types of existing scheduler tasks. | ||||
| CVE-2026-48899 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-05-27 | 9.8 Critical |
| An improper access check allows privilege escalation through the com_users batch task. | ||||
| CVE-2026-48905 | 1 Joomla | 2 Joomla! Framework Filter Package, Joomla\! | 2026-05-27 | 6.1 Medium |
| Lack of input filtering leads to an XSS vector in the HTML filter code. | ||||
| CVE-2026-21625 | 2 Joomla, Stackideas | 3 Joomla, Joomla!, Easydiscuss | 2026-04-18 | 8.8 High |
| User provided uploads to the Easy Discuss component for Joomla aren't properly validated. Uploads are purely checked by file extensions, no mime type checks are happening. | ||||
| CVE-2026-21626 | 2 Joomla, Stackideas | 3 Joomla, Joomla!, Easydiscuss | 2026-04-18 | 7.5 High |
| Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure | ||||
| CVE-2026-21624 | 2 Joomla, Stackideas | 3 Joomla, Joomla!, Easydiscuss | 2026-04-18 | 5.4 Medium |
| Lack of input filterung leads to a persistent XSS vulnerability in the user avatar text handling of the Easy Discuss component for Joomla. | ||||
| CVE-2025-54475 | 2 Joomla, Joomsky | 3 Joomla, Joomla!, Js Jobs | 2026-04-15 | N/A |
| A SQL injection vulnerability in the JS Jobs plugin versions 1.3.2-1.4.4 for Joomla allows low-privilege users to execute arbitrary SQL commands. | ||||
| CVE-2025-54476 | 1 Joomla | 2 Joomla, Joomla! | 2026-04-15 | N/A |
| Improper handling of input could lead to an XSS vector in the checkAttribute method of the input filter framework class. | ||||
| CVE-2025-55757 | 2 Joomla, Virtuemart | 3 Joomla, Joomla!, Virtuemart | 2026-04-15 | 6.1 Medium |
| A unauthenticated reflected XSS vulnerability in VirtueMart 1.0.0-4.4.10 for Joomla was discovered. | ||||
| CVE-2025-54477 | 1 Joomla | 2 Joomla, Joomla! | 2026-04-15 | 5.3 Medium |
| Improper handling of authentication requests lead to a user enumeration vector in the passkey authentication method. | ||||
| CVE-2025-55758 | 2 Jdownloads, Joomla | 3 Jdownloads, Joomla, Joomla! | 2026-04-15 | 5.4 Medium |
| Multiple CSRF attack vectors in JDownloads component 1.0.0-4.0.47 for Joomla were discovered. | ||||