Filtered by vendor Joomla
Subscribe
Total
963 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-48902 | 1 Joomla | 1 Joomla\! | 2026-06-02 | N/A | 9.8 CRITICAL |
| The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set. | |||||
| CVE-2026-48896 | 1 Joomla | 1 Joomla\! | 2026-05-28 | N/A | 7.5 HIGH |
| Insufficient state checks lead to a vector that allows to bypass 2FA checks. | |||||
| CVE-2026-48897 | 1 Joomla | 1 Joomla\! | 2026-05-28 | N/A | 7.5 HIGH |
| Insufficient state checks lead to a vector that allows to bypass 2FA checks. | |||||
| CVE-2026-48901 | 1 Joomla | 1 Joomla\! | 2026-05-28 | N/A | 7.5 HIGH |
| The InputFilter::getInstance() method omitted a security sensitive parameter from the instance cache key. | |||||
| CVE-2026-40384 | 1 Joomla | 1 Joomla\! | 2026-05-28 | N/A | 7.5 HIGH |
| An improper validation of the search parameter of the com_media files API endpoint leads to a path traversal vulnerability. | |||||
| CVE-2026-35223 | 1 Joomla | 1 Joomla\! | 2026-05-28 | N/A | 9.8 CRITICAL |
| An improper access check allows unauthorized access to com_config webservice endpoints. | |||||
| CVE-2026-25900 | 1 Joomla | 1 Joomla\! | 2026-05-27 | N/A | 6.1 MEDIUM |
| Lack of output escaping leads to a XSS vector in the feed modules. | |||||
| CVE-2026-25901 | 1 Joomla | 1 Joomla\! | 2026-05-27 | N/A | 6.1 MEDIUM |
| Lack of output escaping leads to a XSS vector in the multilingual associations component. | |||||
| CVE-2026-30894 | 1 Joomla | 1 Joomla\! | 2026-05-27 | N/A | 6.1 MEDIUM |
| Lack of output escaping leads to a XSS vector in the content history component. | |||||
| CVE-2026-30895 | 1 Joomla | 1 Joomla\! | 2026-05-27 | N/A | 6.1 MEDIUM |
| Lack of output escaping leads to a XSS vector in the readmore links for com_content. | |||||
| CVE-2026-35220 | 1 Joomla | 1 Joomla\! | 2026-05-27 | N/A | 4.3 MEDIUM |
| Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of com_users. | |||||
| CVE-2026-35221 | 1 Joomla | 1 Joomla\! | 2026-05-27 | N/A | 9.8 CRITICAL |
| Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder. | |||||
| CVE-2026-35222 | 1 Joomla | 1 Joomla\! | 2026-05-27 | N/A | 9.8 CRITICAL |
| Improperly validated order clauses lead to a SQL injection vulnerability in com_tags. | |||||
| CVE-2026-40383 | 1 Joomla | 1 Joomla\! | 2026-05-27 | N/A | 9.8 CRITICAL |
| An improper validation of user-supplied input leads to a local file inclusion vulnerability. | |||||
| CVE-2026-48898 | 1 Joomla | 1 Joomla\! | 2026-05-26 | N/A | 9.8 CRITICAL |
| An improper access check allows privilege escalation through the com_users batch task. | |||||
| CVE-2026-48899 | 1 Joomla | 1 Joomla\! | 2026-05-26 | N/A | 9.8 CRITICAL |
| An improper access check allows privilege escalation through the com_users batch task. | |||||
| CVE-2026-48900 | 1 Joomla | 1 Joomla\! | 2026-05-26 | N/A | 4.3 MEDIUM |
| An improper access check allowed low privileged users to edit the task types of existing scheduler tasks. | |||||
| CVE-2026-48903 | 1 Joomla | 1 Joomla\! | 2026-05-26 | N/A | 6.1 MEDIUM |
| Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components. | |||||
| CVE-2026-48904 | 1 Joomla | 1 Joomla\! | 2026-05-26 | N/A | 9.8 CRITICAL |
| An improper access check allows privelege escalation through the com_users group editing webservice endpoint. | |||||
| CVE-2026-48905 | 1 Joomla | 1 Joomla\! | 2026-05-26 | N/A | 6.1 MEDIUM |
| Lack of input filtering leads to an XSS vector in the HTML filter code. | |||||