Total
631 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4650 | 1 Joomla | 1 Joomla\! | 2026-04-16 | 5.0 MEDIUM | 5.3 MEDIUM |
| Joomla! 1.03 does not restrict the number of "Search" Mambots, which allows remote attackers to cause a denial of service (resource consumption) via a large number of Search Mambots. | |||||
| CVE-2006-4468 | 1 Joomla | 1 Joomla\! | 2026-04-16 | 6.8 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to unvalidated input, allow attackers to have an unknown impact via unspecified vectors involving the (1) mosMail, (2) JosIsValidEmail, and (3) josSpoofValue functions; (4) the lack of inclusion of globals.php in administrator/index.php; (5) the Admin User Manager; and (6) the poll module. | |||||
| CVE-2006-4472 | 1 Joomla | 1 Joomla\! | 2026-04-16 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Joomla! before 1.0.11 allow attackers to bypass user authentication via unknown vectors involving the (1) do_pdf command and the (2) emailform com_content task. | |||||
| CVE-2006-1957 | 2 Joomla, Mambo-foundation | 2 Joomla\!, Mambo | 2026-04-16 | 5.0 MEDIUM | N/A |
| The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to cause a denial of service (disk consumption and possibly web-server outage) via multiple requests with different values of the feed parameter. | |||||
| CVE-2026-21629 | 1 Joomla | 1 Joomla\! | 2026-04-09 | N/A | 7.3 HIGH |
| The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers. | |||||
| CVE-2026-21630 | 1 Joomla | 1 Joomla\! | 2026-04-09 | N/A | 8.8 HIGH |
| Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint. | |||||
| CVE-2026-21632 | 1 Joomla | 1 Joomla\! | 2026-04-09 | N/A | 5.4 MEDIUM |
| Lack of output escaping for article titles leads to XSS vectors in various locations. | |||||
| CVE-2026-23899 | 1 Joomla | 1 Joomla\! | 2026-04-09 | N/A | 8.8 HIGH |
| An improper access check allows unauthorized access to webservice endpoints. | |||||
| CVE-2026-23898 | 1 Joomla | 1 Joomla\! | 2026-04-09 | N/A | 7.2 HIGH |
| Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism. | |||||
| CVE-2026-21631 | 1 Joomla | 1 Joomla\! | 2026-04-09 | N/A | 5.4 MEDIUM |
| Lack of output escaping leads to a XSS vector in the multilingual associations component. | |||||
| CVE-2025-63083 | 1 Joomla | 1 Joomla\! | 2026-01-30 | N/A | 6.1 MEDIUM |
| Lack of output escaping leads to a XSS vector in the pagebreak plugin. | |||||
| CVE-2025-63082 | 1 Joomla | 1 Joomla\! | 2026-01-30 | N/A | 6.1 MEDIUM |
| Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags. | |||||
| CVE-2023-23752 | 1 Joomla | 1 Joomla\! | 2025-10-24 | N/A | 5.3 MEDIUM |
| An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints. | |||||
| CVE-2024-27184 | 1 Joomla | 1 Joomla\! | 2025-06-04 | N/A | 6.1 MEDIUM |
| Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not.. | |||||
| CVE-2024-27185 | 1 Joomla | 1 Joomla\! | 2025-06-04 | N/A | 9.1 CRITICAL |
| The pagination class includes arbitrary parameters in links, leading to cache poisoning attack vectors. | |||||
| CVE-2024-27186 | 1 Joomla | 1 Joomla\! | 2025-06-04 | N/A | 6.1 MEDIUM |
| The mail template feature lacks an escaping mechanism, causing XSS vectors in multiple extensions. | |||||
| CVE-2024-27187 | 1 Joomla | 1 Joomla\! | 2025-06-04 | N/A | 7.5 HIGH |
| Improper Access Controls allows backend users to overwrite their username when disallowed. | |||||
| CVE-2024-40743 | 1 Joomla | 1 Joomla\! | 2025-06-04 | N/A | 6.1 MEDIUM |
| The stripImages and stripIframes methods didn't properly process inputs, leading to XSS vectors. | |||||
| CVE-2024-40747 | 1 Joomla | 1 Joomla\! | 2025-06-04 | N/A | 6.1 MEDIUM |
| Various module chromes didn't properly process inputs, leading to XSS vectors. | |||||
| CVE-2024-40748 | 1 Joomla | 1 Joomla\! | 2025-06-04 | N/A | 7.5 HIGH |
| Lack of output escaping in the id attribute of menu lists. | |||||