CVE-2026-35221 Joomla! Core - [20260506] - Authenticated blind SQLi in com_finder

Improperly built filter clauses lead to a SQL injection vulnerability in the search query for comfinder...

CVE-2026-35221

Improperly built filter clauses lead to a SQL injection vulnerability in the search query for comfinder...

EUVD-2026-31892

Improperly built filter clauses lead to a SQL injection vulnerability in the search query for comfinder...

CVE-2026-35220 Joomla! Core - [20260505] - CSRF in user activation endpoint

Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of comusers...

CVE-2026-35220

Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of comusers...

EUVD-2026-31889

Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of comusers...

CVE-2026-35222

Improperly validated order clauses lead to a SQL injection vulnerability in comtags...

CVE-2026-35222 Joomla! Core - [20260507] - Authenticated blind SQLi in com_tags

Improperly validated order clauses lead to a SQL injection vulnerability in comtags...

EUVD-2026-31887

Improperly validated order clauses lead to a SQL injection vulnerability in comtags...

CVE-2026-40384 Joomla! Core - [20260510] - Path traversal in com_media webservice endpoint

An improper validation of the search parameter of the commedia files API endpoint leads to a path traversal vulnerability...

CVE-2026-40384 Joomla! Core - [20260510] - Path traversal in com_media webservice endpoint

An improper validation of the search parameter of the commedia files API endpoint leads to a path traversal vulnerability...

EUVD-2026-31885

An improper validation of the search parameter of the commedia files API endpoint leads to a path traversal vulnerability...

CVE-2026-25901

CVE-2026-25901 affects Joomla! Core — specifically the multilingual associations component. The root cause is a lack of output escaping in com_associations, which creates a reflected/XSS vector when user-supplied content is rendered. Documented impact indicates potential for script execution that...

EUVD-2026-31877

An improper access check allows unauthorized access to comconfig webservice endpoints...

CVE-2026-30895

CVE-2026-30895 affects Joomla! Core (component: com_content). The root cause is lack of output escaping in readmore links, enabling a XSS vector. CVSS 4.0 base score 6.9 (MEDIUM) with attack vector NETWORK, high privileges required, passive user interaction. Public references point to Joomla secu...

CVE-2026-30895 Joomla! Core - [20260504] - XSS in readmore links

Lack of output escaping leads to a XSS vector in the readmore links for comcontent...

CVE-2026-30895 Joomla! Core - [20260504] - XSS in readmore links

Lack of output escaping leads to a XSS vector in the readmore links for comcontent...

EUVD-2026-31874

Lack of output escaping leads to a XSS vector in the readmore links for comcontent...

Joomla! CMS 路径遍历漏洞

Joomla! CMS is a content management system developed under the open source Joomla! framework. The Joomla! CMS has a path traversal vulnerability, which stems from improper validation of search parameters in the commedia file API endpoints, potentially leading to path traversal attacks...

PT-2026-43292

Name of the Vulnerable Software and Affected Versions com finder affected versions not specified Description Improperly built filter clauses lead to a SQL injection in the search query. SQL injection is a type of vulnerability that allows an attacker to interfere with the queries that an...