Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-48905 |
|
Joomla! Framework - [20260520] - Inadequate content filtering within the cleanAttributes filter code.
Joomla! Framework - [20260520] - Inadequate content filtering within the cleanAttributes filter code.
|
| CVE-2026-48904 |
|
Vulnerability in joomla (CVE-2026-48904)
vulnerability in joomla (CVE-2026-48904). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `5.4.6, 6.1.1` or later.
|
| CVE-2026-48903 |
|
Cross-Site Scripting (XSS) in joomla (CVE-2026-48903)
cross-site scripting in joomla (CVE-2026-48903). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.4.6, 6.1.1` or later.
|
| CVE-2026-48896 |
|
Joomla! Core - [20260511] - MFA Authentication Bypass
Joomla! Core - [20260511] - MFA Authentication Bypass
|
| CVE-2026-48897 |
|
Joomla! Core - [20260512] - MFA Authentication Bypass
Joomla! Core - [20260512] - MFA Authentication Bypass
|
| CVE-2026-48898 |
|
Joomla! Core - [20260513] - Privilege escalation through com_users batch task
Joomla! Core - [20260513] - Privilege escalation through com_users batch task
|
| CVE-2026-48899 |
|
Joomla! Core - [20260515] - Incorrect Access Control in sample data plugins
Joomla! Core - [20260515] - Incorrect Access Control in sample data plugins
|
| CVE-2026-48900 |
|
Vulnerability in joomla (CVE-2026-48900)
vulnerability in joomla (CVE-2026-48900). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.4.6, 6.1.1` or later.
|
| CVE-2026-48901 |
|
Vulnerability in joomla (CVE-2026-48901)
vulnerability in joomla (CVE-2026-48901). Confidential information can be exposed externally. Mitigation: upgrade to `5.4.6, 6.1.1` or later.
|
| CVE-2026-48902 |
|
Vulnerability in joomla (CVE-2026-48902)
vulnerability in joomla (CVE-2026-48902). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `5.4.6, 6.1.1` or later.
|
| CVE-2026-40384 |
|
Path Traversal in joomla (CVE-2026-40384)
path traversal in joomla (CVE-2026-40384). Confidential information can be exposed externally. Mitigation: upgrade to `5.4.6, 6.1.1` or later.
|
| CVE-2026-40383 |
|
Joomla! Core - [20260509] - LFI in HTMLView layout parameter
Joomla! Core - [20260509] - LFI in HTMLView layout parameter
|
| CVE-2026-35223 |
|
Joomla! Core - [20260508] - Improper access check in com_config webservice endpoints
Joomla! Core - [20260508] - Improper access check in com_config webservice endpoints
|
| CVE-2026-35222 |
|
Joomla! Core - [20260507] - Authenticated blind SQLi in com_tags
Joomla! Core - [20260507] - Authenticated blind SQLi in com_tags
|
| CVE-2026-35221 |
|
SQL Injection in joomla (CVE-2026-35221)
SQL injection in joomla (CVE-2026-35221). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `5.4.6, 6.1.1` or later.
|
| CVE-2026-35220 |
|
Cross-Site Request Forgery (CSRF) in joomla (CVE-2026-35220)
vulnerability in joomla (CVE-2026-35220). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.1.1` or later.
|
| CVE-2026-30895 |
|
Joomla! Core - [20260504] - XSS in readmore links
Joomla! Core - [20260504] - XSS in readmore links
|
| CVE-2026-25900 |
|
Joomla! Core - [20260501] - XSS in feed modules
Joomla! Core - [20260501] - XSS in feed modules
|
| CVE-2026-30894 |
|
Joomla! Core - [20260503] - XSS in com_contenthistory
Joomla! Core - [20260503] - XSS in com_contenthistory
|
| CVE-2026-25901 |
|
Joomla! Core - [20260502] - XSS in com_associations
Joomla! Core - [20260502] - XSS in com_associations
|
| CVE-2023-23752 KEV |
|
[KEV] Vulnerability in Joomla! joomla (CVE-2023-23752)
vulnerability in Joomla! joomla (CVE-2023-23752). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2017-16634 |
|
Authentication Bypass in joomla (CVE-2017-16634)
authentication bypass in joomla (CVE-2017-16634). Successful exploitation can lead to full system takeover.
|
| CVE-2017-16633 |
|
Information Disclosure in joomla (CVE-2017-16633)
vulnerability in joomla (CVE-2017-16633). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-14596 |
|
Vulnerability in joomla (CVE-2017-14596)
vulnerability in joomla (CVE-2017-14596). Successful exploitation can lead to full system takeover.
|
| CVE-2017-14595 |
|
Vulnerability in joomla (CVE-2017-14595)
vulnerability in joomla (CVE-2017-14595). Risk of unauthorized operations or information disclosure.
|
| CVE-2015-5608 |
|
Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1.
Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1.
|
| CVE-2017-11364 |
|
Vulnerability in joomla (CVE-2017-11364)
vulnerability in joomla (CVE-2017-11364). Successful exploitation can lead to full system takeover.
|
| CVE-2017-11612 |
|
Cross-Site Scripting (XSS) in joomla (CVE-2017-11612)
cross-site scripting in joomla (CVE-2017-11612). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-9934 |
|
Cross-Site Scripting (XSS) in csrf (CVE-2017-9934)
cross-site scripting in csrf (CVE-2017-9934). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-9933 |
|
Information Disclosure in joomla (CVE-2017-9933)
vulnerability in joomla (CVE-2017-9933). Confidential information can be exposed externally.
|
| CVE-2017-8917 |
|
SQL Injection in sqli (CVE-2017-8917)
SQL injection in sqli (CVE-2017-8917). Successful exploitation can lead to full system takeover.
|
| CVE-2017-8057 |
|
Information Disclosure in joomla (CVE-2017-8057)
vulnerability in joomla (CVE-2017-8057). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.7.0` or later.
|
| CVE-2017-7989 |
|
Unrestricted File Upload in joomla (CVE-2017-7989)
vulnerability in joomla (CVE-2017-7989). Data can be tampered with by attackers. Mitigation: upgrade to `3.7.0` or later.
|
| CVE-2017-7988 |
|
Vulnerability in joomla (CVE-2017-7988)
vulnerability in joomla (CVE-2017-7988). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.7.0` or later.
|
| CVE-2017-7987 |
|
Cross-Site Scripting (XSS) in joomla (CVE-2017-7987)
cross-site scripting in joomla (CVE-2017-7987). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.7.0` or later.
|
| CVE-2017-7986 |
|
Cross-Site Scripting (XSS) in joomla (CVE-2017-7986)
cross-site scripting in joomla (CVE-2017-7986). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.7.0` or later.
|
| CVE-2017-7985 |
|
Cross-Site Scripting (XSS) in joomla (CVE-2017-7985)
cross-site scripting in joomla (CVE-2017-7985). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.7.0` or later.
|
| CVE-2017-7984 |
|
Cross-Site Scripting (XSS) in joomla (CVE-2017-7984)
cross-site scripting in joomla (CVE-2017-7984). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.7.0` or later.
|
| CVE-2017-7983 |
|
Information Disclosure in joomla (CVE-2017-7983)
vulnerability in joomla (CVE-2017-7983). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.7.0` or later.
|
| CVE-2016-9081 |
|
Vulnerability in joomla (CVE-2016-9081)
vulnerability in joomla (CVE-2016-9081). Successful exploitation can lead to full system takeover.
|