Joomla! Access Control Vulnerability (20260301)

Joomla! is prone to an access control vulnerability. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Joomla 4.0.x < 5.4.4 / 6.0.x < 6.0.4 Joomla 6.0.4 & 5.4.4 Security & Bugfix Release (5944-joomla-6-0-4-5-4-4-security-bugfix-release)

According to its self-reported version, the instance of Joomla! running on the remote web server is 4.0.x prior to 5.4.4 or 6.0.x prior to 6.0.4. It is, therefore, affected by a vulnerability. - An improper access check allows unauthorized access to webservice endpoints. CVE-2026-23899 Note that...

[20260303] - Core - XSS vector in com_associations comparison view

Lack of output escaping leads to a XSS vector in the multilingual associations component...

[20260302] - Core - SQL injection in com_content articles webservice endpoint

Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint...

CVE-2009-4650

SQL injection vulnerability in the Webee Comments comwebeecomment component 1.1.1, 1.2, and 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a default action to index2.php. NOTE: some of these details are obtained from third party informatio...

Joomla! 3.9.x < 5.4.2 Multiple Vulnerabilities

According to its self-reported version, the instance of Joomla! running on the remote web server is 3.9.x prior to 5.4.2, or 6.x prior to 6.0.2. It is, therefore, affected by multiple vulnerabilities. - Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in...

[20260101] - Core - Inadequate content filtering for data URLs

Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags...

EUVD-2025-36444

Multiple CSRF attack vectors in JDownloads component 1.0.0-4.0.47 for Joomla were discovered...

CVE-2025-55758 Extension - jdownloads.com - CSRF vectors in jDownloads component 1.0.0 - 4.0.47 for Joomla

Multiple CSRF attack vectors in JDownloads component 1.0.0-4.0.47 for Joomla were discovered...

EUVD-2010-4243

Malware in sbrugna...

EUVD-2012-5705

Malware in sbrugna...

EUVD-2017-16957

Malware in sbrugna...

EUVD-2021-12854

Malware in sbrugna...

EUVD-2008-5642

Malware in sbrugna...

EUVD-2017-16959

Malware in sbrugna...

EUVD-2023-32369

Malicious code in bioql PyPI...

EUVD-2025-22931

Malicious code in bioql PyPI...

Joomla 4.0.x < 4.4.14 / 5.0.x < 5.3.4 Joomla 5.3.4 Security & Bugfix Release (5936-joomla-5-3-4-security-bugfix-release)

According to its self-reported version, the instance of Joomla! running on the remote web server is 4.0.x prior to 4.4.14 or 5.0.x prior to 5.3.4. It is, therefore, affected by a vulnerability. - Improper handling of authentication requests lead to a user enumeration vector in the passkey...

[20260102] - Core - XSS vectors in the pagebreak and pagenavigation plugins

Lack of output escaping leads to a XSS vector in the pagebreak and pagenavigation plugins...

[20250902] - Core - User-Enumeration in passkey authentication method

Improper handling of authentication requests lead to a user enumeration vector in the passkey authentication method...