Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-9575 |
|
Vulnerability in sqli (CVE-2026-9575)
vulnerability in sqli (CVE-2026-9575). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-68710 |
|
Vulnerability in c (CVE-2025-68710)
vulnerability in c (CVE-2025-68710). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-68709 |
|
Cross-Site Scripting (XSS) in privilege-escalation (CVE-2025-68709)
cross-site scripting in privilege-escalation (CVE-2025-68709). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8890 |
|
Vulnerability in CVE-2026-8890 (CVE-2026-8890)
vulnerability in CVE-2026-8890 (CVE-2026-8890). Confidential information can be exposed externally.
|
| CVE-2026-9566 |
|
Cross-Site Scripting (XSS) in CVE-2026-9566 (CVE-2026-9566)
cross-site scripting in CVE-2026-9566 (CVE-2026-9566). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9560 |
|
OS Command Injection in privilege-escalation (CVE-2026-9560)
OS command injection in privilege-escalation (CVE-2026-9560). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9170 |
|
Code Injection in dos (CVE-2026-9170)
code injection in dos (CVE-2026-9170). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8633 |
|
Code Injection in ibm (CVE-2026-8633)
code injection in ibm (CVE-2026-8633). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8855 |
|
Code Injection in dos (CVE-2026-8855)
code injection in dos (CVE-2026-8855). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8835 |
|
Vulnerability in dos (CVE-2026-8835)
vulnerability in dos (CVE-2026-8835). Confidential information can be exposed externally.
|
| CVE-2026-8856 |
|
Vulnerability in dos (CVE-2026-8856)
vulnerability in dos (CVE-2026-8856). Data can be tampered with by attackers.
|
| CVE-2026-8834 |
|
Vulnerability in dos (CVE-2026-8834)
vulnerability in dos (CVE-2026-8834). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8854 |
|
Vulnerability in dos (CVE-2026-8854)
vulnerability in dos (CVE-2026-8854). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-24196 |
|
Out-of-Bounds Read in dos (CVE-2026-24196)
vulnerability in dos (CVE-2026-24196). Confidential information can be exposed externally.
|
| CVE-2026-24191 |
|
Vulnerability in dos (CVE-2026-24191)
vulnerability in dos (CVE-2026-24191). Successful exploitation can lead to full system takeover.
|
| CVE-2026-24195 |
|
Vulnerability in dos (CVE-2026-24195)
vulnerability in dos (CVE-2026-24195). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-24198 |
|
Information Disclosure in dos (CVE-2026-24198)
vulnerability in dos (CVE-2026-24198). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-24199 |
|
Vulnerability in dos (CVE-2026-24199)
vulnerability in dos (CVE-2026-24199). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-24201 |
|
Out-of-Bounds Write in dos (CVE-2026-24201)
out-of-bounds write in dos (CVE-2026-24201). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-24200 |
|
Use-After-Free in dos (CVE-2026-24200)
vulnerability in dos (CVE-2026-24200). Successful exploitation can lead to full system takeover.
|
| CVE-2026-24197 |
|
Vulnerability in dos (CVE-2026-24197)
vulnerability in dos (CVE-2026-24197). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-33221 |
|
Vulnerability in dos (CVE-2025-33221)
vulnerability in dos (CVE-2025-33221). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-24190 |
|
Vulnerability in dos (CVE-2026-24190)
vulnerability in dos (CVE-2026-24190). Successful exploitation can lead to full system takeover.
|
| CVE-2026-24187 |
|
Use-After-Free in dos (CVE-2026-24187)
vulnerability in dos (CVE-2026-24187). Successful exploitation can lead to full system takeover.
|
| CVE-2026-24192 |
|
Vulnerability in dos (CVE-2026-24192)
vulnerability in dos (CVE-2026-24192). Successful exploitation can lead to full system takeover.
|
| CVE-2026-24182 |
|
Vulnerability in dos (CVE-2026-24182)
vulnerability in dos (CVE-2026-24182). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-24193 |
|
Out-of-Bounds Write in dos (CVE-2026-24193)
out-of-bounds write in dos (CVE-2026-24193). Successful exploitation can lead to full system takeover.
|
| CVE-2026-24194 |
|
Vulnerability in dos (CVE-2026-24194)
vulnerability in dos (CVE-2026-24194). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46624 |
|
OS Command Injection in sqli (CVE-2026-46624)
OS command injection in sqli (CVE-2026-46624). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44667 |
|
Cross-Site Scripting (XSS) in CVE-2026-44667 (CVE-2026-44667)
cross-site scripting in CVE-2026-44667 (CVE-2026-44667). Confidential information can be exposed externally. Mitigation: upgrade to `1.8.3` or later.
|
| CVE-2026-44669 |
|
Cross-Site Scripting (XSS) in CVE-2026-44669 (CVE-2026-44669)
cross-site scripting in CVE-2026-44669 (CVE-2026-44669). Confidential information can be exposed externally. Mitigation: upgrade to `1.8.3` or later.
|
| CVE-2026-44706 |
|
SQL Injection in sqli (CVE-2026-44706)
SQL injection in sqli (CVE-2026-44706). Confidential information can be exposed externally. Mitigation: upgrade to `4.11.2` or later.
|
| CVE-2026-42448 |
|
Path Traversal in magic-wormhole (CVE-2026-42448)
path traversal in magic-wormhole (CVE-2026-42448). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.24.0` or later.
|
| CVE-2026-9564 |
|
Cross-Site Scripting (XSS) in CVE-2026-9564 (CVE-2026-9564)
cross-site scripting in CVE-2026-9564 (CVE-2026-9564). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48903 |
|
Cross-Site Scripting (XSS) in joomla (CVE-2026-48903)
cross-site scripting in joomla (CVE-2026-48903). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.4.6, 6.1.1` or later.
|
| CVE-2026-48905 |
|
Joomla! Framework - [20260520] - Inadequate content filtering within the cleanAttributes filter code.
Joomla! Framework - [20260520] - Inadequate content filtering within the cleanAttributes filter code.
|
| CVE-2026-8850 |
|
Vulnerability in dos (CVE-2026-8850)
vulnerability in dos (CVE-2026-8850). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8852 |
|
Vulnerability in dos (CVE-2026-8852)
vulnerability in dos (CVE-2026-8852). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48864 |
|
Out-of-Bounds Write in dos (CVE-2026-48864)
out-of-bounds write in dos (CVE-2026-48864). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48899 |
|
Joomla! Core - [20260515] - Incorrect Access Control in sample data plugins
Joomla! Core - [20260515] - Incorrect Access Control in sample data plugins
|
| CVE-2026-48898 |
|
Joomla! Core - [20260513] - Privilege escalation through com_users batch task
Joomla! Core - [20260513] - Privilege escalation through com_users batch task
|
| CVE-2026-40384 |
|
Path Traversal in joomla (CVE-2026-40384)
path traversal in joomla (CVE-2026-40384). Confidential information can be exposed externally. Mitigation: upgrade to `5.4.6, 6.1.1` or later.
|
| CVE-2026-35220 |
|
Cross-Site Request Forgery (CSRF) in joomla (CVE-2026-35220)
vulnerability in joomla (CVE-2026-35220). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.1.1` or later.
|
| CVE-2026-35221 |
|
SQL Injection in joomla (CVE-2026-35221)
SQL injection in joomla (CVE-2026-35221). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `5.4.6, 6.1.1` or later.
|
| CVE-2026-35222 |
|
Joomla! Core - [20260507] - Authenticated blind SQLi in com_tags
Joomla! Core - [20260507] - Authenticated blind SQLi in com_tags
|
| CVE-2026-30895 |
|
Joomla! Core - [20260504] - XSS in readmore links
Joomla! Core - [20260504] - XSS in readmore links
|
| CVE-2026-25900 |
|
Joomla! Core - [20260501] - XSS in feed modules
Joomla! Core - [20260501] - XSS in feed modules
|
| CVE-2026-25901 |
|
Joomla! Core - [20260502] - XSS in com_associations
Joomla! Core - [20260502] - XSS in com_associations
|
| CVE-2026-30894 |
|
Joomla! Core - [20260503] - XSS in com_contenthistory
Joomla! Core - [20260503] - XSS in com_contenthistory
|
| CVE-2026-2264 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-2264)
SSRF in ssrf (CVE-2026-2264). Risk of unauthorized operations or information disclosure.
|