joomla
547 tracked vulnerabilities.
CVE-2026-48958
HIGH
Joomla! Core - [20260712] - Incorrect Access Control in com_fields webservice endpoints
Jul 07, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-48957
HIGH
Joomla! Core - [20260711] - Incorrect Access Control in com_privacy webservice endpoints
Jul 07, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-48956
MEDIUM
Joomla! Core - [20260710] - Incorrect Access Control in com_modules
Jul 07, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-48955
MEDIUM
Joomla! Core - [20260709] - Incorrect Access Control in com_workflow
Jul 07, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-48954
MEDIUM
Joomla! Core - [20260708] - XSS through language overrides
Jul 07, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-48953
MEDIUM
Joomla! Core - [20260707] - XSS in the generic image output layout
Jul 07, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-48952
MEDIUM
Joomla! Core - [20260706] - XSS in com_installer
Jul 07, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-48951
MEDIUM
Joomla! Core - [20260705] - XSS in various modalreturn layouts
Jul 07, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-48950
MEDIUM
Joomla! Core - [20260704] - XSS in com_templates
Jul 07, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-48949
MEDIUM
Joomla! Core - [20260703] - XSS in MFA method management
Jul 07, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-48948
HIGH
Joomla! Core - [20260702] - Incorrect Access Control in com_contact vcf download
Jul 07, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-48947
MEDIUM
Joomla! Core - [20260701] - Incorrect Access Control in com_media webservice endpoints
Jul 07, 2026
CVSS 4.9
EPSS 0.00
CVE-2026-48905
MEDIUM
Joomla! Framework - [20260520] - Inadequate content filtering within the cleanAttributes filter code.
May 26, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-48904
CRITICAL
Joomla! Core - [20260514] - Privilege escalation through com_users webservice endpoints
May 26, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-48903
MEDIUM
Joomla! Framework - [20260519] - Inadequate content filtering within the checkAttribute filter code.
May 26, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-48902
CRITICAL
Joomla! Core - [20260518] - Transport encryption downgrade for password and username reset links
May 26, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-48901
HIGH
Joomla! Core - [20260517] - Incorrect Cache Key Construction for InputFilter objects
May 26, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-48900
MEDIUM
Joomla! Core - [20260516] - Incorrect Access Control in com_scheduler
May 26, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-48899
CRITICAL
Joomla! Core - [20260515] - Incorrect Access Control in sample data plugins
May 26, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-48898
CRITICAL
Joomla! Core - [20260513] - Privilege escalation through com_users batch task
May 26, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-48897
HIGH
Joomla! Core - [20260512] - MFA Authentication Bypass
May 26, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-48896
HIGH
Joomla! Core - [20260511] - MFA Authentication Bypass
May 26, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-40384
HIGH
Joomla! Core - [20260510] - Path traversal in com_media webservice endpoint
May 26, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-40383
CRITICAL
Joomla! Core - [20260509] - LFI in HTMLView layout parameter
May 26, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-35223
CRITICAL
Joomla! Core - [20260508] - Improper access check in com_config webservice endpoints
May 26, 2026
CVSS 9.8
EPSS 0.00
Products
joomla\! 314
joomla 81
joomla-cms 8
bsq_sitestats 6
rs_gallery2 4
com_beamospetition 3
com_weblinks 3
framework 3
archive 2
com_astatspro 2
com_downloads 2
com_facileforms 2
com_mailto 2
com_pcchess 2
com_pccookbook 2
com_rapidrecipe 2
com_sef 2
filter 2
jd-wiki 2
joomla-platform 2
akobook 1
application 1
be_it_easypartner_component 1
bibtex 1
car_manager 1
classifieds_component 1
colophon 1
com_acajoom 1
com_acctexp 1
com_artistavenue 1
Quick Filters