154 matches found
BIT-JOOMLA-2026-48902 Joomla! Core - [20260518] - Transport encryption downgrade for password and username reset links
The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set...
BIT-JOOMLA-2026-48901 Joomla! Core - [20260517] - Incorrect Cache Key Construction for InputFilter objects
The InputFilter::getInstance method omitted a security sensitive parameter from the instance cache key...
BIT-JOOMLA-2026-48897 Joomla! Core - [20260512] - MFA Authentication Bypass
Insufficient state checks lead to a vector that allows to bypass 2FA checks...
BIT-JOOMLA-2026-48896 Joomla! Core - [20260511] - MFA Authentication Bypass
Insufficient state checks lead to a vector that allows to bypass 2FA checks...
BIT-JOOMLA-2026-40384 Joomla! Core - [20260510] - Path traversal in com_media webservice endpoint
An improper validation of the search parameter of the commedia files API endpoint leads to a path traversal vulnerability...
BIT-JOOMLA-2026-40383 Joomla! Core - [20260509] - LFI in HTMLView layout parameter
An improper validation of user-supplied input leads to a local file inclusion vulnerability...
BIT-JOOMLA-2026-35222 Joomla! Core - [20260507] - Authenticated blind SQLi in com_tags
Improperly validated order clauses lead to a SQL injection vulnerability in comtags...
BIT-JOOMLA-2026-35221 Joomla! Core - [20260506] - Authenticated blind SQLi in com_finder
Improperly built filter clauses lead to a SQL injection vulnerability in the search query for comfinder...
BIT-JOOMLA-2026-35220 Joomla! Core - [20260505] - CSRF in user activation endpoint
Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of comusers...
BIT-JOOMLA-2026-30895 Joomla! Core - [20260504] - XSS in readmore links
Lack of output escaping leads to a XSS vector in the readmore links for comcontent...
BIT-JOOMLA-2026-30894 Joomla! Core - [20260503] - XSS in com_contenthistory
Lack of output escaping leads to a XSS vector in the content history component...
BIT-JOOMLA-2026-25901 Joomla! Core - [20260502] - XSS in com_associations
Lack of output escaping leads to a XSS vector in the multilingual associations component...
BIT-JOOMLA-2026-25900 Joomla! Core - [20260501] - XSS in feed modules
Lack of output escaping leads to a XSS vector in the feed modules...
BIT-JOOMLA-2026-48904 Joomla! Core - [20260514] - Privilege escalation through com_users webservice endpoints
An improper access check allows privelege escalation through the comusers group editing webservice endpoint...
BIT-JOOMLA-2026-48900 Joomla! Core - [20260516] - Incorrect Access Control in com_scheduler
An improper access check allowed low privileged users to edit the task types of existing scheduler tasks...
BIT-JOOMLA-2026-48899 Joomla! Core - [20260515] - Incorrect Access Control in sample data plugins
An improper access check allows privilege escalation through the comusers batch task...
BIT-JOOMLA-2026-48898 Joomla! Core - [20260513] - Privilege escalation through com_users batch task
An improper access check allows privilege escalation through the comusers batch task...
CVE-2026-35221 Joomla! Core - [20260506] - Authenticated blind SQLi in com_finder
Improperly built filter clauses lead to a SQL injection vulnerability in the search query for comfinder...
CVE-2026-35221
CVE-2026-35221 affects Joomla! Core via com_finder search due to improperly built filter clauses, enabling authenticated blind SQL injection. Evidence across sources (NVD/NIST, CVE List, Vuln enrichment, Attackerkb, EUVD) consistently describe an authenticated SQLi in com_finder. No explicit prod...
CVE-2026-48896
CVE-2026-48896 affects Joomla! Core MFA authentication, caused by insufficient state checks that allow bypassing 2FA. The CVE entry cites a 2FA bypass vector with high impact ( Confidentiality/Integrity/Availability as noted in the CVSS data: integrity impact HIGH, others NONE/NEGLIGIBLE). Connec...