← Back

Joomla

joomla

534 CVEs • 147 products

Products (147)

Click to collapse
Toggle
Joomla
joomla
383 CVEs
Bsq Sitestats
bsq_sitestats
6 CVEs
Rs Gallery2
rs_gallery2
4 CVEs
Com Beamospetition
com_beamospetition
3 CVEs
Com Weblinks
com_weblinks
3 CVEs
Jd Wiki
jd-wiki
2 CVEs
Com Sef
com_sef
2 CVEs
Com Downloads
com_downloads
2 CVEs
Com Rapidrecipe
com_rapidrecipe
2 CVEs
Com Pcchess
com_pcchess
2 CVEs
Com Astatspro
com_astatspro
2 CVEs
Com Pccookbook
com_pccookbook
2 CVEs
Com Facileforms
com_facileforms
2 CVEs
Com Mailto
com_mailto
2 CVEs
Pc Cookbook
pc_cookbook
1 CVE
Performs Component
performs_component
1 CVE
Colophon
colophon
1 CVE
Lmo
lmo
1 CVE
Webring Component
webring_component
1 CVE
Moslistmessenger Component
moslistmessenger_component
1 CVE
Jim Instant Messaging Component
jim_instant_messaging_component
1 CVE
X Shop Component
x-shop_component
1 CVE
Rssxt Component
rssxt_component
1 CVE
Com Comprofiler Component
com_comprofiler_component
1 CVE
Jim Component
jim_component
1 CVE
Jd Wordpress
jd-wordpress
1 CVE
Joomlalib
joomlalib
1 CVE
Com Events
com_events
1 CVE
Events Module
events_module
1 CVE
Sef4040x
sef4040x
1 CVE
Com Hotproperties
com_hotproperties
1 CVE
Hot Properties
hot_properties
1 CVE
Com Mosmedia
com_mosmedia
1 CVE
Mosmedia
mosmedia
1 CVE
Prince Clan Chess Component
prince_clan_chess_component
1 CVE
Classifieds Component
classifieds_component
1 CVE
Com Classifieds
com_classifieds
1 CVE
Be It Easypartner Component
be_it_easypartner_component
1 CVE
Nfn Address Book
nfn_address_book
1 CVE
Swmenu Component
swmenu_component
1 CVE
Rwcards Component
rwcards_component
1 CVE
Car Manager
car_manager
1 CVE
Taskhopper Component
taskhopper_component
1 CVE
Jambook
jambook
1 CVE
Letterman Subscriber
letterman_subscriber
1 CVE
Expose
expose
1 CVE
Pony Gallery
pony_gallery
1 CVE
Tour De France Pool
tour_de_france_pool
1 CVE
J Reactions
j_reactions
1 CVE
Bibtex
bibtex
1 CVE
Nice Talk
nice_talk
1 CVE
Rsfiles
rsfiles
1 CVE
Neorecruit
neorecruit
1 CVE
Eventlist
eventlist
1 CVE
Akobook
akobook
1 CVE
Joomla Radio
joomla_radio
1 CVE
Joom12pic Component
joom12pic_component
1 CVE
Flash Fun Component
flash_fun_component
1 CVE
Com Search Component
com_search_component
1 CVE
Com Newsletter
com_newsletter
1 CVE
Com Mamml
com_mamml
1 CVE
Com Fq
com_fq
1 CVE
Glossary
glossary
1 CVE
Musepoes Component
musepoes_component
1 CVE
Com Recipes
com_recipes
1 CVE
Com Jokes
com_jokes
1 CVE
Com Buslicense
com_buslicense
1 CVE
Com Awesom
com_awesom
1 CVE
Com Shambo2
com_shambo2
1 CVE
Com Sobi2
com_sobi2
1 CVE
Com Ynews
com_ynews
1 CVE
Com Noticias
com_noticias
1 CVE
Com Neoreferences
com_neoreferences
1 CVE
Com Marketplace
com_marketplace
1 CVE
Com Directory
com_directory
1 CVE
Com Gallery
com_gallery
1 CVE
Com Neogallery
com_neogallery
1 CVE
Com Iomezun
com_iomezun
1 CVE
Com Doc
com_doc
1 CVE
Com Comments
com_comments
1 CVE
Com Quiz
com_quiz
1 CVE
Com Mcquiz
com_mcquiz
1 CVE
Com Mediaslide
com_mediaslide
1 CVE
Com Scheduling Component
com_scheduling_component
1 CVE
Com Mezun
com_mezun
1 CVE
Com Filebase Component
com_filebase_component
1 CVE
Rapid Recipe
rapid_recipe
1 CVE
Kemas Antonius Com Quran
kemas_antonius_com_quran
1 CVE
Com Galeria
com_galeria
1 CVE
Com Ricette Component
com_ricette_component
1 CVE
Com Clasifier
com_clasifier
1 CVE
Com Profile
com_profile
1 CVE
Com Detail
com_detail
1 CVE
Com Salesrep
com_salesrep
1 CVE
Com Garyscookbook
com_garyscookbook
1 CVE
Com Ewriting
com_ewriting
1 CVE
Com Acajoom
com_acajoom
1 CVE
Datsogallery
datsogallery
1 CVE
Com Comprofiler
com_comprofiler
1 CVE
Com Flippingbook
com_flippingbook
1 CVE

CVEs (534)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2026-48905
1Joomla
1Joomla
May 26, 2026
May 26, 2026
6.9 MEDIUM· v4
6.1 MEDIUM· v3
N/A· v2
Lack of input filtering leads to an XSS vector in the HTML filter code.
CVE-2026-48904
1Joomla
1Joomla
May 26, 2026
May 26, 2026
8.2 HIGH· v4
9.8 CRITICAL· v3
N/A· v2
An improper access check allows privelege escalation through the com_users group editing webservice endpoint.
CVE-2026-48903
1Joomla
1Joomla
May 26, 2026
May 26, 2026
6.9 MEDIUM· v4
6.1 MEDIUM· v3
N/A· v2
Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components.
CVE-2026-48902
1Joomla
1Joomla
Jun 2, 2026
May 26, 2026
N/A· v4
9.8 CRITICAL· v3
N/A· v2
The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set.
CVE-2026-48901
1Joomla
1Joomla
May 28, 2026
May 26, 2026
N/A· v4
7.5 HIGH· v3
N/A· v2
The InputFilter::getInstance() method omitted a security sensitive parameter from the instance cache key.
CVE-2026-48900
1Joomla
1Joomla
May 26, 2026
May 26, 2026
6.4 MEDIUM· v4
4.3 MEDIUM· v3
N/A· v2
An improper access check allowed low privileged users to edit the task types of existing scheduler tasks.
CVE-2026-48899
1Joomla
1Joomla
May 26, 2026
May 26, 2026
5.3 MEDIUM· v4
9.8 CRITICAL· v3
N/A· v2
An improper access check allows privilege escalation through the com_users batch task.
CVE-2026-48898
1Joomla
1Joomla
May 26, 2026
May 26, 2026
8.2 HIGH· v4
9.8 CRITICAL· v3
N/A· v2
An improper access check allows privilege escalation through the com_users batch task.
CVE-2026-48897
1Joomla
1Joomla
May 28, 2026
May 26, 2026
8.2 HIGH· v4
7.5 HIGH· v3
N/A· v2
Insufficient state checks lead to a vector that allows to bypass 2FA checks.
CVE-2026-48896
1Joomla
1Joomla
May 28, 2026
May 26, 2026
8.2 HIGH· v4
7.5 HIGH· v3
N/A· v2
Insufficient state checks lead to a vector that allows to bypass 2FA checks.
CVE-2026-40384
1Joomla
1Joomla
May 28, 2026
May 26, 2026
5.9 MEDIUM· v4
7.5 HIGH· v3
N/A· v2
An improper validation of the search parameter of the com_media files API endpoint leads to a path traversal vulnerability.
CVE-2026-40383
1Joomla
1Joomla
May 27, 2026
May 26, 2026
7.5 HIGH· v4
9.8 CRITICAL· v3
N/A· v2
An improper validation of user-supplied input leads to a local file inclusion vulnerability.
CVE-2026-35223
1Joomla
1Joomla
May 28, 2026
May 26, 2026
8.6 HIGH· v4
9.8 CRITICAL· v3
N/A· v2
An improper access check allows unauthorized access to com_config webservice endpoints.
CVE-2026-35222
1Joomla
1Joomla
May 27, 2026
May 26, 2026
6.9 MEDIUM· v4
9.8 CRITICAL· v3
N/A· v2
Improperly validated order clauses lead to a SQL injection vulnerability in com_tags.
CVE-2026-35221
1Joomla
1Joomla
May 27, 2026
May 26, 2026
6.9 MEDIUM· v4
9.8 CRITICAL· v3
N/A· v2
Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder.
CVE-2026-35220
1Joomla
1Joomla
May 27, 2026
May 26, 2026
4.6 MEDIUM· v4
4.3 MEDIUM· v3
N/A· v2
Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of com_users.
CVE-2026-30895
1Joomla
1Joomla
May 27, 2026
May 26, 2026
6.9 MEDIUM· v4
6.1 MEDIUM· v3
N/A· v2
Lack of output escaping leads to a XSS vector in the readmore links for com_content.
CVE-2026-30894
1Joomla
1Joomla
May 27, 2026
May 26, 2026
6.9 MEDIUM· v4
6.1 MEDIUM· v3
N/A· v2
Lack of output escaping leads to a XSS vector in the content history component.
CVE-2026-25901
1Joomla
1Joomla
May 27, 2026
May 26, 2026
6.9 MEDIUM· v4
6.1 MEDIUM· v3
N/A· v2
Lack of output escaping leads to a XSS vector in the multilingual associations component.
CVE-2026-25900
1Joomla
1Joomla
May 27, 2026
May 26, 2026
6.9 MEDIUM· v4
6.1 MEDIUM· v3
N/A· v2
Lack of output escaping leads to a XSS vector in the feed modules.