Search Results (991 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-40384 1 Joomla 2 Joomla!, Joomla\! 2026-05-28 7.5 High
An improper validation of the search parameter of the com_media files API endpoint leads to a path traversal vulnerability.
CVE-2026-35223 1 Joomla 2 Joomla!, Joomla\! 2026-05-28 9.8 Critical
An improper access check allows unauthorized access to com_config webservice endpoints.
CVE-2026-25900 1 Joomla 2 Joomla!, Joomla\! 2026-05-27 6.1 Medium
Lack of output escaping leads to a XSS vector in the feed modules.
CVE-2026-25901 1 Joomla 2 Joomla!, Joomla\! 2026-05-27 6.1 Medium
Lack of output escaping leads to a XSS vector in the multilingual associations component.
CVE-2026-30895 1 Joomla 2 Joomla!, Joomla\! 2026-05-27 6.1 Medium
Lack of output escaping leads to a XSS vector in the readmore links for com_content.
CVE-2026-35221 1 Joomla 2 Joomla!, Joomla\! 2026-05-27 9.8 Critical
Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder.
CVE-2026-40383 1 Joomla 2 Joomla!, Joomla\! 2026-05-27 9.8 Critical
An improper validation of user-supplied input leads to a local file inclusion vulnerability.
CVE-2026-48898 1 Joomla 2 Joomla!, Joomla\! 2026-05-27 9.8 Critical
An improper access check allows privilege escalation through the com_users batch task.
CVE-2026-48904 1 Joomla 2 Joomla!, Joomla\! 2026-05-27 9.8 Critical
An improper access check allows privelege escalation through the com_users group editing webservice endpoint.
CVE-2026-48900 1 Joomla 2 Joomla!, Joomla\! 2026-05-27 4.3 Medium
An improper access check allowed low privileged users to edit the task types of existing scheduler tasks.
CVE-2026-48899 1 Joomla 2 Joomla!, Joomla\! 2026-05-27 9.8 Critical
An improper access check allows privilege escalation through the com_users batch task.
CVE-2026-48905 1 Joomla 2 Joomla! Framework Filter Package, Joomla\! 2026-05-27 6.1 Medium
Lack of input filtering leads to an XSS vector in the HTML filter code.
CVE-2007-5310 2 Joomla, Webmaster-tips.net 2 Joomla, Flash Image Gallery 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin.wmtportfolio.php in the webmaster-tips.net wmtportfolio 1.0 (com_wmtportfolio) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2009-1263 2 Alikonweb, Joomla 2 Com Bookjoomlas, Joomla 2026-04-23 N/A
SQL injection vulnerability in sub_commententry.php in the BookJoomlas (com_bookjoomlas) component 0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a comment action to index.php.
CVE-2006-5039 1 Joomla 2 Com Events, Events Module 2026-04-23 N/A
Unspecified vulnerability in Events 1.3 beta module (com_events) for Joomla! has unspecified impact and attack vectors.
CVE-2006-5041 1 Joomla 2 Com Hotproperties, Hot Properties 2026-04-23 N/A
Unspecified vulnerability in Hot Properties (possibly com_hotproperties) 0.97 and earlier for Joomla! has unspecified impact and attack vectors.
CVE-2006-5044 2 Joomla, Mambo 2 Prince Clan Chess Component, Prince Clan Chess Component 2026-04-23 N/A
Unspecified vulnerability in Prince Clan (Princeclan) Chess component (com_pcchess) 0.8 and earlier for Mambo and Joomla! has unspecified impact and attack vectors.
CVE-2006-5048 2 Joomla, Waltercedric 2 Joomla\!, Com Securityimages 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Security Images (com_securityimages) component 3.0.5 and earlier for Joomla! allow remote attackers to execute arbitrary code via a URL in the mosConfig_absolute_path parameter in (1) configinsert.php, (2) lang.php, (3) client.php, and (4) server.php.
CVE-2009-0373 2 Elearningforce, Joomla 2 Flash Magazine Deluxe, Joomla 2026-04-23 N/A
SQL injection vulnerability in the ElearningForce Flash Magazine Deluxe (com_flashmagazinedeluxe) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mag_id parameter in a magazine action to index.php.
CVE-2008-2564 1 Joomla 2 Com Jotloader, Joomla 2026-04-23 N/A
SQL injection vulnerability in the JotLoader (com_jotloader) component 1.2.1.a and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php.