Filtered by vendor Joomla
Subscriptions
Filtered by product Joomla!
Subscriptions
Total
52 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25900 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-05-27 | 6.1 Medium |
| Lack of output escaping leads to a XSS vector in the feed modules. | ||||
| CVE-2026-25901 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-05-27 | 6.1 Medium |
| Lack of output escaping leads to a XSS vector in the multilingual associations component. | ||||
| CVE-2026-30895 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-05-27 | 6.1 Medium |
| Lack of output escaping leads to a XSS vector in the readmore links for com_content. | ||||
| CVE-2026-35221 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-05-27 | 9.8 Critical |
| Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder. | ||||
| CVE-2026-40383 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-05-27 | 9.8 Critical |
| An improper validation of user-supplied input leads to a local file inclusion vulnerability. | ||||
| CVE-2026-48898 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-05-27 | 9.8 Critical |
| An improper access check allows privilege escalation through the com_users batch task. | ||||
| CVE-2026-48904 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-05-27 | 9.8 Critical |
| An improper access check allows privelege escalation through the com_users group editing webservice endpoint. | ||||
| CVE-2026-48900 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-05-27 | 4.3 Medium |
| An improper access check allowed low privileged users to edit the task types of existing scheduler tasks. | ||||
| CVE-2026-48899 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-05-27 | 9.8 Critical |
| An improper access check allows privilege escalation through the com_users batch task. | ||||
| CVE-2026-21625 | 2 Joomla, Stackideas | 3 Joomla, Joomla!, Easydiscuss | 2026-04-18 | 8.8 High |
| User provided uploads to the Easy Discuss component for Joomla aren't properly validated. Uploads are purely checked by file extensions, no mime type checks are happening. | ||||
| CVE-2026-21626 | 2 Joomla, Stackideas | 3 Joomla, Joomla!, Easydiscuss | 2026-04-18 | 7.5 High |
| Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure | ||||
| CVE-2026-21624 | 2 Joomla, Stackideas | 3 Joomla, Joomla!, Easydiscuss | 2026-04-18 | 5.4 Medium |
| Lack of input filterung leads to a persistent XSS vulnerability in the user avatar text handling of the Easy Discuss component for Joomla. | ||||
| CVE-2025-55758 | 2 Jdownloads, Joomla | 3 Jdownloads, Joomla, Joomla! | 2026-04-15 | 5.4 Medium |
| Multiple CSRF attack vectors in JDownloads component 1.0.0-4.0.47 for Joomla were discovered. | ||||
| CVE-2025-55757 | 2 Joomla, Virtuemart | 3 Joomla, Joomla!, Virtuemart | 2026-04-15 | 6.1 Medium |
| A unauthenticated reflected XSS vulnerability in VirtueMart 1.0.0-4.4.10 for Joomla was discovered. | ||||
| CVE-2025-54300 | 1 Joomla | 2 Joomla, Joomla! | 2026-04-15 | N/A |
| A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. The SVG upload feature does not sanitize uploads. | ||||
| CVE-2025-54301 | 1 Joomla | 2 Joomla, Joomla! | 2026-04-15 | N/A |
| A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. File names are not properly escaped. | ||||
| CVE-2025-40636 | 1 Joomla | 3 Joomla, Joomla!, Mod Vvisit Counter | 2026-04-15 | N/A |
| SQL injection vulnerability in Joomla module mod_vvisit_counter v2.0.4j3. This vulnerability allows an attacker to retrieve database content via the ‘cip_vvisitcounter’ cookie at all endpoints where the plugin counts visits. | ||||
| CVE-2025-54298 | 1 Joomla | 2 Joomla, Joomla! | 2026-04-15 | N/A |
| A stored XSS vulnerability in CommentBox component 1.0.0-1.1.0 for Joomla was discovered. | ||||
| CVE-2025-54299 | 2 Joomla, Nobossextensions | 2 Joomla!, No Boss Testimonials Component | 2026-04-15 | N/A |
| A stored XSS vulnerability in No Boss Testimonials component 1.0.0-3.0.0 and 4.0.0-4.0.2 for Joomla was discovered. | ||||
| CVE-2025-54475 | 2 Joomla, Joomsky | 3 Joomla, Joomla!, Js Jobs | 2026-04-15 | N/A |
| A SQL injection vulnerability in the JS Jobs plugin versions 1.3.2-1.4.4 for Joomla allows low-privilege users to execute arbitrary SQL commands. | ||||