Search Results (876 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-40384 1 Joomla 2 Joomla!, Joomla\! 2026-05-28 7.5 High
An improper validation of the search parameter of the com_media files API endpoint leads to a path traversal vulnerability.
CVE-2026-35223 1 Joomla 2 Joomla!, Joomla\! 2026-05-28 9.8 Critical
An improper access check allows unauthorized access to com_config webservice endpoints.
CVE-2026-25900 1 Joomla 2 Joomla!, Joomla\! 2026-05-27 6.1 Medium
Lack of output escaping leads to a XSS vector in the feed modules.
CVE-2026-25901 1 Joomla 2 Joomla!, Joomla\! 2026-05-27 6.1 Medium
Lack of output escaping leads to a XSS vector in the multilingual associations component.
CVE-2026-30895 1 Joomla 2 Joomla!, Joomla\! 2026-05-27 6.1 Medium
Lack of output escaping leads to a XSS vector in the readmore links for com_content.
CVE-2026-35221 1 Joomla 2 Joomla!, Joomla\! 2026-05-27 9.8 Critical
Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder.
CVE-2026-40383 1 Joomla 2 Joomla!, Joomla\! 2026-05-27 9.8 Critical
An improper validation of user-supplied input leads to a local file inclusion vulnerability.
CVE-2026-48898 1 Joomla 2 Joomla!, Joomla\! 2026-05-27 9.8 Critical
An improper access check allows privilege escalation through the com_users batch task.
CVE-2026-48904 1 Joomla 2 Joomla!, Joomla\! 2026-05-27 9.8 Critical
An improper access check allows privelege escalation through the com_users group editing webservice endpoint.
CVE-2026-48900 1 Joomla 2 Joomla!, Joomla\! 2026-05-27 4.3 Medium
An improper access check allowed low privileged users to edit the task types of existing scheduler tasks.
CVE-2026-48899 1 Joomla 2 Joomla!, Joomla\! 2026-05-27 9.8 Critical
An improper access check allows privilege escalation through the com_users batch task.
CVE-2026-48905 1 Joomla 2 Joomla! Framework Filter Package, Joomla\! 2026-05-27 6.1 Medium
Lack of input filtering leads to an XSS vector in the HTML filter code.
CVE-2006-5048 2 Joomla, Waltercedric 2 Joomla\!, Com Securityimages 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Security Images (com_securityimages) component 3.0.5 and earlier for Joomla! allow remote attackers to execute arbitrary code via a URL in the mosConfig_absolute_path parameter in (1) configinsert.php, (2) lang.php, (3) client.php, and (4) server.php.
CVE-2006-5043 2 Joomla, Joomlaboard 2 Joomla\!, Joomlaboard 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in the Joomlaboard Forum Component (com_joomlaboard) before 1.1.2 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the sbp parameter to (1) file_upload.php or (2) image_upload.php, a variant of CVE-2006-3528.
CVE-2007-6272 1 Joomla 1 Joomla 2026-04-23 N/A
Multiple SQL injection vulnerabilities in index.php in Joomla! 1.5 RC3 allow remote attackers to execute arbitrary SQL commands via (1) the view parameter to the com_content component, (2) the task parameter to the com_search component, or (3) the option parameter in a search action to the com_search component.
CVE-2007-5457 2 Joomla, Michael Dempfle 2 Joomla, Joomla Flash Uploader 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Michael Dempfle Joomla Flash Uploader (com_jfu or com_joomla_flash_uploader) 2.5.1 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) install.joomla_flash_uploader.php and (2) uninstall.joomla_flash_uploader.php.
CVE-2007-5451 2 Com Colorlab, Joomla 2 Com Colorlab, Joomla 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin.color.php in the com_colorlab (aka com_color) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
CVE-2007-5577 1 Joomla 1 Joomla\! 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Section Name form fields in the Section Manager component, or (3) multiple unspecified fields in New Menu Item.
CVE-2007-6642 1 Joomla 1 Joomla 2026-04-23 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Joomla! before 1.5 RC4 allow remote attackers to (1) add a Super Admin, (2) upload an extension containing arbitrary PHP code, and (3) modify the configuration as administrators via unspecified vectors.
CVE-2007-5389 2 Joomla, Swmenupro 2 Joomla, Swmenufree 2026-04-23 N/A
PHP remote file inclusion vulnerability in preview.php in the swMenuFree (com_swmenufree) 4.6 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: a reliable third party disputes this issue because preview.php tests a certain constant to prevent direct requests