EUVD-2026-15653

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RSJoomla! RSFirewall! rsfirewall allows Stored XSS.This issue affects RSFirewall!: from n/a through = 1.1.45...

CVE-2026-21627

The CVE concerns the Tassos Framework plugin (Joomla) versions 4.10.14 through 6.0.37, where specific AJAX handling via Joomla com_ajax can invoke internal framework functionality without proper restrictions. This leads to a SQL injection and an unauthenticated file read, driven by how the plugin...

CVE-2026-21627 Extension - tassos.gr - SQL injection and Unauthenticated File Read in Novarain/Tassos Framework v4.10.14 – v6.0.37 for Joomla

The vulnerability was rooted in how the Tassos Framework plugin handled specific AJAX requests through Joomla’s comajax entry point. Under certain conditions, internal framework functionality could be invoked without proper restriction...

CVE-2010-0635

SQL injection vulnerability in the plgSearchEventsearch::onSearch method in eventsearch.php in the JEvents Search plugin 1.5 through 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of these details are obtained from third party...

EUVD-2010-0785

Malware in sbrugna...

EUVD-2023-32371

Malicious code in bioql PyPI...

EUVD-2023-32369

Malicious code in bioql PyPI...

EUVD-2023-32370

Malicious code in bioql PyPI...

EUVD-2025-21872

Malicious code in bioql PyPI...

CVE-2025-54475

A SQL injection vulnerability in the JS Jobs plugin versions 1.3.2-1.4.4 for Joomla allows low-privilege users to execute arbitrary SQL commands...

CVE-2025-49485

A SQL injection vulnerability in the Balbooa Forms plugin 1.0.0-2.3.1.1 for Joomla allows privileged users to execute arbitrary SQL commands via the 'id' parameter...

CVE-2025-49486

A stored XSS vulnerability in the Balbooa Gallery plugin 1.0.0-2.4.0 for Joomla allows privileged users to store malicious scripts in gallery items...

CVE-2025-49484 Extension - joomsky.com - SQL injection in JS jobs component version 1.1.5 - 1.4.1 for Joomla

A SQL injection vulnerability in the JS Jobs plugin versions 1.0.0-1.4.1 for Joomla allows low-privilege users to execute arbitrary SQL commands via the 'cvid' parameter in the employee application feature...

CVE-2025-49485 Extension - balbooa.com - SQL injection in Balbooa Forms component version 1.0.0 - 2.3.1.1 for Joomla

A SQL injection vulnerability in the Balbooa Forms plugin 1.0.0-2.3.1.1 for Joomla allows privileged users to execute arbitrary SQL commands via the 'id' parameter...

CVE-2025-49485

CVE-2025-49485: A SQL injection in Balbooa Forms for Joomla affects versions 1.0.0 through 2.3.1.1. The vulnerability is triggered via the id parameter, enabling privileged users to execute arbitrary SQL commands (per CVSS 4.0 metrics: NETWORK, HIGH impact on confidentiality/integrity/availabilit...

Joomsky JS Jobs SQL注入漏洞

Joomsky JS Jobs is a Joomla Content Management System CMS based recruitment management plugin from Joomsky. A SQL injection vulnerability exists in Joomsky JS Jobs versions 1.0.0 through 1.4.1, which stems from an incorrect manipulation of the parameter cvid resulting in a SQL injection attack...

No Boss Calendar SQL注入漏洞

No Boss Calendar is a Joomla calendar plugin from Brazilian company No Boss. A SQL injection vulnerability exists in No Boss Calendar versions prior to 5.0.7, which stems from an SQL injection in the idmodule parameter...

CVE-2025-27754

A stored XSS vulnerability in RSBlog! component 1.11.6 - 1.14.4 for Joomla was discovered. The vulnerability allows authenticated users to inject malicious JavaScript into the plugin's resource. The injected payload is stored by the application and later executed when other users view the affecte...

CVE-2020-25751

The paGO Commerce plugin 2.5.9.0 for Joomla! allows SQL Injection via the administrator/index.php?option=compago=comments filterpublished parameter...

CVE-2010-0760

Multiple directory traversal vulnerabilities in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the 1 file parameter to libraries/jquery/js/ui/jsloader.php and the 2 files parameter to...