joomla

515 tracked vulnerabilities.

CVE-2026-23899 HIGH
Joomla! Core - [20260306] - Improper access check in webservice endpoints
Apr 01, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-23898 HIGH
Joomla! Core - [20260305] - Arbitrary file deletion in com_joomlaupdate
Apr 01, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-21632 MEDIUM
Joomla! Core - [20260304] - XSS vectors in various article title outputs
Apr 01, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-21631 MEDIUM
Joomla! Core - [20260303] - XSS vector in com_associations comparison view
Apr 01, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-21630 HIGH
Joomla! Core - [20260302] - SQL injection in com_content articles webservice endpoint
Apr 01, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-21629 HIGH
Joomla! Core - [20260301] - ACL hardening in com_ajax
Apr 01, 2026
CVSS 7.3
EPSS 0.00
CVE-2025-63083 MEDIUM
Joomla! 3.9.0-5.4.1 - Cross-Site Scripting in Pagebreak Plugin
Jan 06, 2026
CVSS 6.1
EPSS 0.00
CVE-2025-63082 MEDIUM
Joomla! 4.0.0 through 5.4.2 - Cross-Site Scripting via Data URLs in HTML Filter
Jan 06, 2026
CVSS 6.1
EPSS 0.00
CVE-2025-54476 MEDIUM
Joomla Filter 4.0.0-4.0.1 - Cross-Site Scripting in checkAttribute Method
Sep 30, 2025
EPSS 0.00
CVE-2025-25227 HIGH
Joomla! 4.0.0-4.4.12 and 5.0.0-5.2.5 - Multi-Factor Authentication Bypass
Apr 08, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-25226 CRITICAL
Database package <x - SQL Injection
Apr 08, 2025
CVSS 9.8
EPSS 0.00
CVE-2024-40749 HIGH
Product <Version> - Info Disclosure
Jan 07, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-40748 HIGH
Joomla! 3.9.0 through 3.10.20 and 4.0.0 through 4.4.10 - Cross-Site Scripting
Jan 07, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-40747 MEDIUM
Joomla! 4.0.0-4.4.9 - Cross-Site Scripting in Module Chromes
Jan 07, 2025
CVSS 6.1
EPSS 0.00
CVE-2024-40743 MEDIUM
Joomla! 3.0.0 through 3.10.17 and 4.0.0 through 4.4.6 - Cross-Site Scripting
Aug 20, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-27187 HIGH
Joomla! 4.0.0 through 4.4.7 - Improper Access Control
Aug 20, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-27186 MEDIUM
Joomla! 4.0.0-4.4.6 - Stored Cross-Site Scripting in HTML Mail Templates
Aug 20, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-27185 CRITICAL
Joomla Pagination - Cache Poisoning
Aug 20, 2024
CVSS 9.1
EPSS 0.00
CVE-2024-27184 MEDIUM
Joomla 3.4.6-3.10.17 and 4.0-4.4.7 - Open Redirect
Aug 20, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-26279 MEDIUM
Joomla! 3.0.0-3.10.15 - Cross-Site Scripting in Wrapper Extensions
Jul 09, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-26278 MEDIUM
Joomla! 3.7.0-3.10.15 - Stored Cross-Site Scripting in Custom Fields Default Value
Jul 09, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-21731 MEDIUM
Joomla! 3.0.0-3.10.14 - Cross-Site Scripting in StringHelper::truncate Method
Jul 09, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-21730 MEDIUM
Joomla! 4.0.0-4.4.5 - Self Cross-Site Scripting in Fancyselect List Field Layout
Jul 09, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-21729 MEDIUM
Joomla! 4.0.0-4.4.5 - Cross-Site Scripting in Accessible Media Selection Field
Jul 09, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-21726 MEDIUM
Joomla! 3.7.0-3.10.14 - Cross-Site Scripting via Inadequate Content Filtering
Feb 29, 2024
CVSS 6.5
EPSS 0.00
Products
joomla\! 282 joomla 81 joomla-cms 8 bsq_sitestats 6 rs_gallery2 4 com_beamospetition 3 com_weblinks 3 framework 3 archive 2 com_astatspro 2 com_downloads 2 com_facileforms 2 com_mailto 2 com_pcchess 2 com_pccookbook 2 com_rapidrecipe 2 com_sef 2 filter 2 jd-wiki 2 joomla-platform 2 akobook 1 application 1 be_it_easypartner_component 1 bibtex 1 car_manager 1 classifieds_component 1 colophon 1 com_acajoom 1 com_acctexp 1 com_artistavenue 1
Quick Filters
Critical CVEs With Exploits In CISA KEV