Search Results (55 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-48954 1 Joomla 1 Joomla! 2026-07-10 N/A
Improper validation leads to a generic XSS vector in the language override feature.
CVE-2026-48949 1 Joomla 1 Joomla! 2026-07-10 N/A
Lack of validation leads to an XSS vulnerability in the MFA management views.
CVE-2026-48948 1 Joomla 1 Joomla! 2026-07-10 N/A
An improper access check allows user to download vcard exports of com_contact contacts that are inaccessible.
CVE-2026-48953 1 Joomla 1 Joomla! 2026-07-10 N/A
Lack of escaping leads to an XSS vulnerability in the generic image output layout.
CVE-2026-48951 1 Joomla 1 Joomla! 2026-07-10 N/A
Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components.
CVE-2026-48957 1 Joomla 1 Joomla! 2026-07-10 N/A
An improper access check allows unauthorized users to access com_privacy datasets.
CVE-2026-48956 1 Joomla 1 Joomla! 2026-07-10 N/A
An improper access check allows users to display a list of modules in the frontend.
CVE-2026-48955 1 Joomla 1 Joomla! 2026-07-10 N/A
An improper access check allows unauthorized users to access workflow stage and transition information.
CVE-2026-48950 1 Joomla 1 Joomla! 2026-07-10 N/A
Lack of escaping leads to an XSS vulnerability in the file management view of com_templates.
CVE-2026-48958 1 Joomla 1 Joomla! 2026-07-10 N/A
An improper access check allows unauthorized users to create custom fields via webservices endpoints.
CVE-2026-48947 1 Joomla 1 Joomla! 2026-07-10 N/A
An improper access check allows privileged users to overwrite media files without editing permissions.
CVE-2026-48952 1 Joomla 1 Joomla! 2026-07-10 N/A
Lack of escaping leads to an XSS vulnerability in the update list view of com_installer.
CVE-2026-35222 1 Joomla 2 Joomla!, Joomla\! 2026-06-02 9.8 Critical
Improperly validated order clauses lead to a SQL injection vulnerability in com_tags.
CVE-2026-30894 1 Joomla 2 Joomla!, Joomla\! 2026-06-02 6.1 Medium
Lack of output escaping leads to a XSS vector in the content history component.
CVE-2026-35220 1 Joomla 2 Joomla!, Joomla\! 2026-05-29 4.3 Medium
Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of com_users.
CVE-2026-48896 1 Joomla 2 Joomla!, Joomla\! 2026-05-29 7.5 High
Insufficient state checks lead to a vector that allows to bypass 2FA checks.
CVE-2026-48903 1 Joomla 2 Joomla! Framework Filter Package, Joomla\! 2026-05-29 6.1 Medium
Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components.
CVE-2026-48902 1 Joomla 2 Joomla!, Joomla\! 2026-05-28 9.8 Critical
The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set.
CVE-2026-48897 1 Joomla 2 Joomla!, Joomla\! 2026-05-28 7.5 High
Insufficient state checks lead to a vector that allows to bypass 2FA checks.
CVE-2026-48901 1 Joomla 2 Joomla!, Joomla\! 2026-05-28 7.5 High
The InputFilter::getInstance() method omitted a security sensitive parameter from the instance cache key.