CVE-2026-48906 Extension - tassos.gr - Arbitrary File Deletion in Novarain/Tassos Framework < 6.1.0 for Joomla

The vulnerability in the Tassos Framework Plugin allows users to delete arbitrary files on the affected sites...

Joomla! 跨站脚本漏洞

Joomla! is an open-source, free-content management system developed by Joomla! Foundation. The Joomla! Framework has a cross-site scripting vulnerability, which stems from the lack of input filtering. This leads to the presence of cross-site scripting vectors in the HTML filtering code...

EUVD-2025-25020

Malicious code in bioql PyPI...

CVE-2025-54474

A SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands...

CVE-2025-54475 Extension - joomsky.com - SQL injection in JS jobs component version 1.3.2 - 1.4.4 for Joomla

A SQL injection vulnerability in the JS Jobs plugin versions 1.3.2-1.4.4 for Joomla allows low-privilege users to execute arbitrary SQL commands...

CVE-2025-25225

A privilege escalation vulnerability in the Hikashop component versions 1.0.0-5.1.3 for Joomla allows authenticated attackers administrator to escalate their privileges to Super Admin Permissions...

CVE-2020-19451

SQL injection exists in the jdownloads 3.2.63 component for Joomla! via comjdownloads/helpers/jdownloadshelper.php, updateLog function via the X-forwarded-for Header parameter...

CVE-2020-13996

The J2Store plugin before 3.3.13 for Joomla! allows a SQL injection attack by a trusted store manager...

PT-2019-13999 · Joomla · Kunena

Name of the Vulnerable Software and Affected Versions: Kunena extension versions prior to 5.1.14 for Joomla! Description: The issue allows for XSS via BBCode, which can be exploited to execute malicious scripts. Recommendations: For versions prior to 5.1.14, update to version 5.1.14 or later to...

CVE-2018-9107

CSV Injection aka Excel Macro Injection or Formula Injection exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export...

CVE-2018-6584

SQL Injection exists in the DT Register 3.2.7 component for Joomla! via a task=edit&id= request...

Joomla com_civicrm component 'id' parameter SQL injection vulnerability

Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the 'id' parameter of the Joomla comcivicrm component. An attacker can exploit the vulnerability to access or modify database data...

CVE-2010-5003

SQL injection vulnerability in the AutarTimonial comautartimonial component 1.0.8 for Joomla! allows remote attackers to execute arbitrary SQL commands via the limit parameter in an autartimonial action to index.php. NOTE: some of these details are obtained from third party information...

CVE-2010-1952

Directory traversal vulnerability in the BeeHeard combeeheard and BeeHeard Lite combeeheardlite component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php...