joomla

547 tracked vulnerabilities.

CVE-2026-48958 HIGH
Joomla! Core - [20260712] - Incorrect Access Control in com_fields webservice endpoints
Jul 07, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-48957 HIGH
Joomla! Core - [20260711] - Incorrect Access Control in com_privacy webservice endpoints
Jul 07, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-48956 MEDIUM
Joomla! Core - [20260710] - Incorrect Access Control in com_modules
Jul 07, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-48955 MEDIUM
Joomla! Core - [20260709] - Incorrect Access Control in com_workflow
Jul 07, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-48954 MEDIUM
Joomla! Core - [20260708] - XSS through language overrides
Jul 07, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-48953 MEDIUM
Joomla! Core - [20260707] - XSS in the generic image output layout
Jul 07, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-48952 MEDIUM
Joomla! Core - [20260706] - XSS in com_installer
Jul 07, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-48951 MEDIUM
Joomla! Core - [20260705] - XSS in various modalreturn layouts
Jul 07, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-48950 MEDIUM
Joomla! Core - [20260704] - XSS in com_templates
Jul 07, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-48949 MEDIUM
Joomla! Core - [20260703] - XSS in MFA method management
Jul 07, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-48948 HIGH
Joomla! Core - [20260702] - Incorrect Access Control in com_contact vcf download
Jul 07, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-48947 MEDIUM
Joomla! Core - [20260701] - Incorrect Access Control in com_media webservice endpoints
Jul 07, 2026
CVSS 4.9
EPSS 0.00
CVE-2026-48905 MEDIUM
Joomla! Framework - [20260520] - Inadequate content filtering within the cleanAttributes filter code.
May 26, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-48904 CRITICAL
Joomla! Core - [20260514] - Privilege escalation through com_users webservice endpoints
May 26, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-48903 MEDIUM
Joomla! Framework - [20260519] - Inadequate content filtering within the checkAttribute filter code.
May 26, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-48902 CRITICAL
Joomla! Core - [20260518] - Transport encryption downgrade for password and username reset links
May 26, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-48901 HIGH
Joomla! Core - [20260517] - Incorrect Cache Key Construction for InputFilter objects
May 26, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-48900 MEDIUM
Joomla! Core - [20260516] - Incorrect Access Control in com_scheduler
May 26, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-48899 CRITICAL
Joomla! Core - [20260515] - Incorrect Access Control in sample data plugins
May 26, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-48898 CRITICAL
Joomla! Core - [20260513] - Privilege escalation through com_users batch task
May 26, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-48897 HIGH
Joomla! Core - [20260512] - MFA Authentication Bypass
May 26, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-48896 HIGH
Joomla! Core - [20260511] - MFA Authentication Bypass
May 26, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-40384 HIGH
Joomla! Core - [20260510] - Path traversal in com_media webservice endpoint
May 26, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-40383 CRITICAL
Joomla! Core - [20260509] - LFI in HTMLView layout parameter
May 26, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-35223 CRITICAL
Joomla! Core - [20260508] - Improper access check in com_config webservice endpoints
May 26, 2026
CVSS 9.8
EPSS 0.00