joomla

547 tracked vulnerabilities.

CVE-2026-35222 CRITICAL
Joomla! Core - [20260507] - Authenticated blind SQLi in com_tags
May 26, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-35221 CRITICAL
Joomla! Core - [20260506] - Authenticated blind SQLi in com_finder
May 26, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-35220 MEDIUM
Joomla! Core - [20260505] - CSRF in user activation endpoint
May 26, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-30895 MEDIUM
Joomla! Core - [20260504] - XSS in readmore links
May 26, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-30894 MEDIUM
Joomla! Core - [20260503] - XSS in com_contenthistory
May 26, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-25901 MEDIUM
Joomla! Core - [20260502] - XSS in com_associations
May 26, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-25900 MEDIUM
Joomla! Core - [20260501] - XSS in feed modules
May 26, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-23899 HIGH
Joomla! Core - [20260306] - Improper access check in webservice endpoints
Apr 01, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-23898 HIGH
Joomla! Core - [20260305] - Arbitrary file deletion in com_joomlaupdate
Apr 01, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-21632 MEDIUM
Joomla! Core - [20260304] - XSS vectors in various article title outputs
Apr 01, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-21631 MEDIUM
Joomla! Core - [20260303] - XSS vector in com_associations comparison view
Apr 01, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-21630 HIGH
Joomla! Core - [20260302] - SQL injection in com_content articles webservice endpoint
Apr 01, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-21629 HIGH
Joomla! Core - [20260301] - ACL hardening in com_ajax
Apr 01, 2026
CVSS 7.3
EPSS 0.00
CVE-2025-63083 MEDIUM
Joomla! 3.9.0-5.4.1 - Cross-Site Scripting in Pagebreak Plugin
Jan 06, 2026
CVSS 6.1
EPSS 0.00
CVE-2025-63082 MEDIUM
Joomla! 4.0.0 through 5.4.2 - Cross-Site Scripting via Data URLs in HTML Filter
Jan 06, 2026
CVSS 6.1
EPSS 0.00
CVE-2025-54476 MEDIUM
Joomla Filter 4.0.0-4.0.1 - Cross-Site Scripting in checkAttribute Method
Sep 30, 2025
EPSS 0.00
CVE-2025-25227 HIGH
Joomla! 4.0.0-4.4.12 and 5.0.0-5.2.5 - Multi-Factor Authentication Bypass
Apr 08, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-25226 CRITICAL
Database package <x - SQL Injection
Apr 08, 2025
CVSS 9.8
EPSS 0.00
CVE-2024-40749 HIGH
Product <Version> - Info Disclosure
Jan 07, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-40748 HIGH
Joomla! 3.9.0 through 3.10.20 and 4.0.0 through 4.4.10 - Cross-Site Scripting
Jan 07, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-40747 MEDIUM
Joomla! 4.0.0-4.4.9 - Cross-Site Scripting in Module Chromes
Jan 07, 2025
CVSS 6.1
EPSS 0.00
CVE-2024-40743 MEDIUM
Joomla! 3.0.0 through 3.10.17 and 4.0.0 through 4.4.6 - Cross-Site Scripting
Aug 20, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-27187 HIGH
Joomla! 4.0.0 through 4.4.7 - Improper Access Control
Aug 20, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-27186 MEDIUM
Joomla! 4.0.0-4.4.6 - Stored Cross-Site Scripting in HTML Mail Templates
Aug 20, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-27185 CRITICAL
Joomla Pagination - Cache Poisoning
Aug 20, 2024
CVSS 9.1
EPSS 0.00