Filtered by vendor Joomla Subscriptions
Filtered by product Joomla! Subscriptions
Total 52 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2026-25900 1 Joomla 2 Joomla!, Joomla\! 2026-05-27 6.1 Medium
Lack of output escaping leads to a XSS vector in the feed modules.
CVE-2026-25901 1 Joomla 2 Joomla!, Joomla\! 2026-05-27 6.1 Medium
Lack of output escaping leads to a XSS vector in the multilingual associations component.
CVE-2026-30895 1 Joomla 2 Joomla!, Joomla\! 2026-05-27 6.1 Medium
Lack of output escaping leads to a XSS vector in the readmore links for com_content.
CVE-2026-35221 1 Joomla 2 Joomla!, Joomla\! 2026-05-27 9.8 Critical
Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder.
CVE-2026-40383 1 Joomla 2 Joomla!, Joomla\! 2026-05-27 9.8 Critical
An improper validation of user-supplied input leads to a local file inclusion vulnerability.
CVE-2026-48898 1 Joomla 2 Joomla!, Joomla\! 2026-05-27 9.8 Critical
An improper access check allows privilege escalation through the com_users batch task.
CVE-2026-48904 1 Joomla 2 Joomla!, Joomla\! 2026-05-27 9.8 Critical
An improper access check allows privelege escalation through the com_users group editing webservice endpoint.
CVE-2026-48900 1 Joomla 2 Joomla!, Joomla\! 2026-05-27 4.3 Medium
An improper access check allowed low privileged users to edit the task types of existing scheduler tasks.
CVE-2026-48899 1 Joomla 2 Joomla!, Joomla\! 2026-05-27 9.8 Critical
An improper access check allows privilege escalation through the com_users batch task.
CVE-2026-21625 2 Joomla, Stackideas 3 Joomla, Joomla!, Easydiscuss 2026-04-18 8.8 High
User provided uploads to the Easy Discuss component for Joomla aren't properly validated. Uploads are purely checked by file extensions, no mime type checks are happening.
CVE-2026-21626 2 Joomla, Stackideas 3 Joomla, Joomla!, Easydiscuss 2026-04-18 7.5 High
Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure
CVE-2026-21624 2 Joomla, Stackideas 3 Joomla, Joomla!, Easydiscuss 2026-04-18 5.4 Medium
Lack of input filterung leads to a persistent XSS vulnerability in the user avatar text handling of the Easy Discuss component for Joomla.
CVE-2025-55758 2 Jdownloads, Joomla 3 Jdownloads, Joomla, Joomla! 2026-04-15 5.4 Medium
Multiple CSRF attack vectors in JDownloads component 1.0.0-4.0.47 for Joomla were discovered.
CVE-2025-55757 2 Joomla, Virtuemart 3 Joomla, Joomla!, Virtuemart 2026-04-15 6.1 Medium
A unauthenticated reflected XSS vulnerability in VirtueMart 1.0.0-4.4.10 for Joomla was discovered.
CVE-2025-54300 1 Joomla 2 Joomla, Joomla! 2026-04-15 N/A
A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. The SVG upload feature does not sanitize uploads.
CVE-2025-54301 1 Joomla 2 Joomla, Joomla! 2026-04-15 N/A
A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. File names are not properly escaped.
CVE-2025-40636 1 Joomla 3 Joomla, Joomla!, Mod Vvisit Counter 2026-04-15 N/A
SQL injection vulnerability in Joomla module mod_vvisit_counter v2.0.4j3. This vulnerability allows an attacker to retrieve database content via the ‘cip_vvisitcounter’ cookie at all endpoints where the plugin counts visits.
CVE-2025-54298 1 Joomla 2 Joomla, Joomla! 2026-04-15 N/A
A stored XSS vulnerability in CommentBox component 1.0.0-1.1.0 for Joomla was discovered.
CVE-2025-54299 2 Joomla, Nobossextensions 2 Joomla!, No Boss Testimonials Component 2026-04-15 N/A
A stored XSS vulnerability in No Boss Testimonials component 1.0.0-3.0.0 and 4.0.0-4.0.2 for Joomla was discovered.
CVE-2025-54475 2 Joomla, Joomsky 3 Joomla, Joomla!, Js Jobs 2026-04-15 N/A
A SQL injection vulnerability in the JS Jobs plugin versions 1.3.2-1.4.4 for Joomla allows low-privilege users to execute arbitrary SQL commands.