Filtered by vendor Joomla Subscriptions
Filtered by product Joomla! Subscriptions
Total 52 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-54473 1 Joomla 2 Joomla, Joomla! 2026-04-15 N/A
An authenticated RCE vulnerability in Phoca Commander component 1.0.0-4.0.0 and 5.0.0-5.0.1 for Joomla was discovered. The issue allows code execution via the unzip feature.
CVE-2025-54474 1 Joomla 2 Joomla, Joomla! 2026-04-15 N/A
A SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands.
CVE-2025-54476 1 Joomla 2 Joomla, Joomla! 2026-04-15 N/A
Improper handling of input could lead to an XSS vector in the checkAttribute method of the input filter framework class.
CVE-2025-54477 1 Joomla 2 Joomla, Joomla! 2026-04-15 5.3 Medium
Improper handling of authentication requests lead to a user enumeration vector in the passkey authentication method.
CVE-2026-21632 1 Joomla 2 Joomla!, Joomla\! 2026-04-10 5.4 Medium
Lack of output escaping for article titles leads to XSS vectors in various locations.
CVE-2026-21631 1 Joomla 2 Joomla!, Joomla\! 2026-04-10 5.4 Medium
Lack of output escaping leads to a XSS vector in the multilingual associations component.
CVE-2026-23899 1 Joomla 2 Joomla!, Joomla\! 2026-04-10 8.8 High
An improper access check allows unauthorized access to webservice endpoints.
CVE-2026-21629 1 Joomla 2 Joomla!, Joomla\! 2026-04-10 7.3 High
The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers.
CVE-2026-23898 1 Joomla 2 Joomla!, Joomla\! 2026-04-10 7.2 High
Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism.
CVE-2026-21630 1 Joomla 2 Joomla!, Joomla\! 2026-04-10 8.8 High
Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint.
CVE-2025-63083 1 Joomla 3 Joomla, Joomla!, Joomla\! 2026-01-30 6.1 Medium
Lack of output escaping leads to a XSS vector in the pagebreak plugin.
CVE-2025-63082 1 Joomla 3 Joomla, Joomla!, Joomla\! 2026-01-30 6.1 Medium
Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags.