Filtered by vendor Joomla
Subscriptions
Total
991 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-35223 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-05-28 | 9.8 Critical |
| An improper access check allows unauthorized access to com_config webservice endpoints. | ||||
| CVE-2026-25900 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-05-27 | 6.1 Medium |
| Lack of output escaping leads to a XSS vector in the feed modules. | ||||
| CVE-2026-25901 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-05-27 | 6.1 Medium |
| Lack of output escaping leads to a XSS vector in the multilingual associations component. | ||||
| CVE-2026-30895 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-05-27 | 6.1 Medium |
| Lack of output escaping leads to a XSS vector in the readmore links for com_content. | ||||
| CVE-2026-35221 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-05-27 | 9.8 Critical |
| Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder. | ||||
| CVE-2026-40383 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-05-27 | 9.8 Critical |
| An improper validation of user-supplied input leads to a local file inclusion vulnerability. | ||||
| CVE-2026-48898 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-05-27 | 9.8 Critical |
| An improper access check allows privilege escalation through the com_users batch task. | ||||
| CVE-2026-48904 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-05-27 | 9.8 Critical |
| An improper access check allows privelege escalation through the com_users group editing webservice endpoint. | ||||
| CVE-2026-48900 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-05-27 | 4.3 Medium |
| An improper access check allowed low privileged users to edit the task types of existing scheduler tasks. | ||||
| CVE-2026-48899 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-05-27 | 9.8 Critical |
| An improper access check allows privilege escalation through the com_users batch task. | ||||
| CVE-2026-48905 | 1 Joomla | 2 Joomla! Framework Filter Package, Joomla\! | 2026-05-27 | 6.1 Medium |
| Lack of input filtering leads to an XSS vector in the HTML filter code. | ||||
| CVE-2026-48903 | 1 Joomla | 1 Joomla\! | 2026-05-27 | 6.1 Medium |
| Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components. | ||||
| CVE-2007-4955 | 1 Joomla | 1 Flash Fun Component | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in admin.joomlaflashfun.php in the Flash Fun! (com_joomlaflashfun) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. | ||||
| CVE-2007-3249 | 1 Joomla | 1 Letterman Subscriber | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in mod_lettermansubscribe.php in the Letterman Subscriber (mod_letterman) before 1.2.5 module for Joomla! allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter. | ||||
| CVE-2008-0754 | 1 Joomla | 1 Com Rapidrecipe | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in index.php in the Rapid Recipe (com_rapidrecipe) 1.6.5 component for Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the user_id parameter in a showuser action or (2) the category_id parameter in a viewcategorysrecipes action. | ||||
| CVE-2008-0746 | 2 Joomla, Mambo | 2 Com Gallery, Com Gallery | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in the Gallery (com_gallery) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action. | ||||
| CVE-2009-0420 | 2 Joomla, Rd-media | 2 Joomla, Rd-autos | 2026-04-23 | N/A |
| SQL injection vulnerability in the RD-Autos (com_rdautos) 1.5.5 Stable component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | ||||
| CVE-2008-0802 | 2 Joomla, Mediaslide | 2 Com Mediaslide, Com Mediaslide | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in the MediaSlide (com_mediaslide) 0.5 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the albumnum parameter in a contact action. | ||||
| CVE-2009-3438 | 2 Joomla, Witchakorn Kamolpornwijit | 2 Joomla, Com Facebook | 2026-04-23 | N/A |
| SQL injection vulnerability in the JoomlaFacebook (com_facebook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a student action to index.php. | ||||
| CVE-2008-0689 | 1 Joomla | 1 Com Marketplace | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in the Marketplace (com_marketplace) 1.1.1 and 1.1.1-pl1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show_category action. | ||||