Filtered by vendor Joomla
Subscriptions
Total
959 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-3773 | 1 Joomla | 1 Joomla | 2026-04-16 | N/A |
| Unspecified vulnerability in Joomla! before 1.0.4 has unknown impact and attack vectors, related to "Potential misuse of Media component file management functions." | ||||
| CVE-2006-1027 | 1 Joomla | 1 Joomla | 2026-04-16 | N/A |
| feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 allows remote attackers to obtain sensitive information via a "/" (slash) in the feed parameter to index.php, which reveals the path in an error message. | ||||
| CVE-2006-4469 | 1 Joomla | 1 Joomla\! | 2026-04-16 | N/A |
| Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11 allows remote attackers to perform "remote execution," related to "Injection Flaws." | ||||
| CVE-2006-4229 | 2 Joomla, Mambo | 2 Moslistmessenger Component, Moslistmessenger Component | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in archive.php in the mosListMessenger Component (com_lm) before 20060719 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2006-4242 | 1 Joomla | 1 Jim Instant Messaging Component | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in install.jim.php in the JIM 1.0.1 component for Joomla or Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2006-1956 | 2 Joomla, Mambo | 2 Joomla, Mambo | 2026-04-16 | N/A |
| The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to obtain sensitive information via an invalid feed parameter, which reveals the path in an error message. | ||||
| CVE-2025-54297 | 1 Joomla | 1 Joomla | 2026-04-15 | N/A |
| A stored XSS vulnerability in CComment component 5.0.0-6.1.14 for Joomla was discovered. | ||||
| CVE-2025-54300 | 1 Joomla | 2 Joomla, Joomla! | 2026-04-15 | N/A |
| A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. The SVG upload feature does not sanitize uploads. | ||||
| CVE-2025-54476 | 1 Joomla | 2 Joomla, Joomla! | 2026-04-15 | N/A |
| Improper handling of input could lead to an XSS vector in the checkAttribute method of the input filter framework class. | ||||
| CVE-2025-54477 | 1 Joomla | 2 Joomla, Joomla! | 2026-04-15 | 5.3 Medium |
| Improper handling of authentication requests lead to a user enumeration vector in the passkey authentication method. | ||||
| CVE-2025-54299 | 2 Joomla, Nobossextensions | 2 Joomla!, No Boss Testimonials Component | 2026-04-15 | N/A |
| A stored XSS vulnerability in No Boss Testimonials component 1.0.0-3.0.0 and 4.0.0-4.0.2 for Joomla was discovered. | ||||
| CVE-2025-54298 | 1 Joomla | 2 Joomla, Joomla! | 2026-04-15 | N/A |
| A stored XSS vulnerability in CommentBox component 1.0.0-1.1.0 for Joomla was discovered. | ||||
| CVE-2025-54473 | 1 Joomla | 2 Joomla, Joomla! | 2026-04-15 | N/A |
| An authenticated RCE vulnerability in Phoca Commander component 1.0.0-4.0.0 and 5.0.0-5.0.1 for Joomla was discovered. The issue allows code execution via the unzip feature. | ||||
| CVE-2025-54475 | 2 Joomla, Joomsky | 3 Joomla, Joomla!, Js Jobs | 2026-04-15 | N/A |
| A SQL injection vulnerability in the JS Jobs plugin versions 1.3.2-1.4.4 for Joomla allows low-privilege users to execute arbitrary SQL commands. | ||||
| CVE-2025-54301 | 1 Joomla | 2 Joomla, Joomla! | 2026-04-15 | N/A |
| A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. File names are not properly escaped. | ||||
| CVE-2025-40636 | 1 Joomla | 3 Joomla, Joomla!, Mod Vvisit Counter | 2026-04-15 | N/A |
| SQL injection vulnerability in Joomla module mod_vvisit_counter v2.0.4j3. This vulnerability allows an attacker to retrieve database content via the ‘cip_vvisitcounter’ cookie at all endpoints where the plugin counts visits. | ||||
| CVE-2025-55757 | 2 Joomla, Virtuemart | 3 Joomla, Joomla!, Virtuemart | 2026-04-15 | 6.1 Medium |
| A unauthenticated reflected XSS vulnerability in VirtueMart 1.0.0-4.4.10 for Joomla was discovered. | ||||
| CVE-2025-54474 | 1 Joomla | 2 Joomla, Joomla! | 2026-04-15 | N/A |
| A SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands. | ||||
| CVE-2025-55758 | 2 Jdownloads, Joomla | 3 Jdownloads, Joomla, Joomla! | 2026-04-15 | 5.4 Medium |
| Multiple CSRF attack vectors in JDownloads component 1.0.0-4.0.47 for Joomla were discovered. | ||||
| CVE-2026-21632 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-04-10 | 5.4 Medium |
| Lack of output escaping for article titles leads to XSS vectors in various locations. | ||||