CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

344 matches found

BIT-JOOMLA-2026-40384 Joomla! Core - [20260510] - Path traversal in com_media webservice endpoint

An improper validation of the search parameter of the commedia files API endpoint leads to a path traversal vulnerability...

7.5CVSS5.8AI score0.00001EPSS

Exploits0References2

OSV•added 6 days ago•3 views

BIT-JOOMLA-2026-35223 Joomla! Core - [20260508] - Improper access check in com_config webservice endpoints

An improper access check allows unauthorized access to comconfig webservice endpoints...

9.8CVSS5.8AI score0.00002EPSS

Exploits0References2

OSV•added 2026/05/27 8:47 a.m.•1 views

BIT-JOOMLA-2026-48904 Joomla! Core - [20260514] - Privilege escalation through com_users webservice endpoints

An improper access check allows privelege escalation through the comusers group editing webservice endpoint...

9.8CVSS5.8AI score0.00002EPSS

Exploits0References2

NVD•added 2026/05/26 5:16 p.m.•8 views

CVE-2026-48904

An improper access check allows privelege escalation through the comusers group editing webservice endpoint...

9.8CVSS0.00002EPSS

Exploits0References1

NVD•added 2026/05/26 5:16 p.m.•10 views

CVE-2026-35223

An improper access check allows unauthorized access to comconfig webservice endpoints...

9.8CVSS0.00002EPSS

Exploits0References1

CVE•added 2026/05/26 4:45 p.m.•8 views

CVE-2026-40384

CVE-2026-40384 affects Joomla! Core — com_media webservice endpoint. The issue is improper validation of the search parameter in the com_media files API, enabling path traversal. Documented across NVD, CVE records, and security feeds; impact described as path traversal with high confidentiality i...

7.5CVSS5.8AI score0.00001EPSS

Exploits0References1Affected Software1

EUVD•added 2026/05/26 4:43 p.m.•5 views

EUVD-2026-31877

An improper access check allows unauthorized access to comconfig webservice endpoints...

8.6CVSS5.8AI score0.00002EPSS

Exploits0References1

Vulnrichment•added 2026/05/26 4:43 p.m.•5 views

CVE-2026-35223 Joomla! Core - [20260508] - Improper access check in com_config webservice endpoints

An improper access check allows unauthorized access to comconfig webservice endpoints...

8.6CVSS5.8AI score0.00002EPSS

Exploits0References1

CVE•added 2026/05/26 4:43 p.m.•10 views

CVE-2026-35223

CVE-2026-35223 affects Joomla! Core – com_config webservice endpoints. An improper access check enables unauthorized access, with critical/high impact per CVSS 3.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and high impact per CVSS 4.0 (AV:N/AC:L/PR:H/UI:N/VI:H/SC:N/SA:N/VA:H). Root cause: improper au...

9.8CVSS5.8AI score0.00002EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/05/26 4:43 p.m.•4 views

CVE-2026-35223

An improper access check allows unauthorized access to comconfig webservice endpoints...

8.6CVSS5.8AI score0.00002EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/05/26 4:43 p.m.•33 views

CVE-2026-35223 Joomla! Core - [20260508] - Improper access check in com_config webservice endpoints

An improper access check allows unauthorized access to comconfig webservice endpoints...

8.6CVSS0.00002EPSS

Exploits0References1

Vulnrichment•added 2026/05/26 4:43 p.m.•9 views

CVE-2026-48904 Joomla! Core - [20260514] - Privilege escalation through com_users webservice endpoints

An improper access check allows privelege escalation through the comusers group editing webservice endpoint...

8.2CVSS5.8AI score0.00002EPSS

Exploits0References1

ATTACKERKB•added 2026/05/26 4:43 p.m.•4 views

CVE-2026-48904

An improper access check allows privelege escalation through the comusers group editing webservice endpoint...

8.2CVSS5.8AI score0.00002EPSS

Exploits0References2Affected Software1

CVE•added 2026/05/26 4:43 p.m.•21 views

CVE-2026-48904

CVE-2026-48904 affects Joomla! Core via the com_users webservice endpoints. An improper access check enables privilege escalation from group editing operations, leading to potential HIGH/CRITICAL impact per cited CVSS vectors (C/H, I/H, A/H). The public material specifies the affected component (...

9.8CVSS5.8AI score0.00002EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/05/26 4:43 p.m.•33 views

CVE-2026-48904 Joomla! Core - [20260514] - Privilege escalation through com_users webservice endpoints

An improper access check allows privelege escalation through the comusers group editing webservice endpoint...

8.2CVSS0.00002EPSS

Exploits0References1

EUVD•added 2026/05/26 4:43 p.m.•6 views

EUVD-2026-31875

An improper access check allows privelege escalation through the comusers group editing webservice endpoint...

9.8CVSS5.8AI score0.00002EPSS

Exploits0References1

Positive Technologies•added 2026/05/26 12:0 a.m.•5 views

PT-2026-43322

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An improper access check allows privilege escalation through the 'com users group editing webservice' endpoint. Recommendations At the moment, there is no...

9.8CVSS5.8AI score0.00002EPSS

Exploits0References4

Nuclei•added 2026/04/23 7:16 a.m.•45 views

Joomla! Webservice - Password Disclosure

An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints. id: CVE-2023-23752 info: name: Joomla! Webservice - Password Disclosure author: badboycxcc,Sascha Brendel severity: medium description: | An issue was discovered in...

7.5CVSS6.7AI score0.9452EPSS

Exploits42References5