Lucene search
K
JoomlaRecent

747 matches found

Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/06/12 12:0 a.m.9 views

[20260711] - Core - Incorrect Access Control in com_privacy webservice endpoints

An improper access check allows unauthorized users to access comprivacy datasets...

8.8CVSS6AI score0.0024EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/05/22 12:0 a.m.5 views

[20260710] - Core - Incorrect Access Control in com_modules

An improper access check allows users to display a list of modules in the frontend...

6.4CVSS6AI score0.00168EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/05/21 12:0 a.m.6 views

[20260706] - Core - XSS in com_installer

Lack of escaping leads to an XSS vulnerability in the update list view of cominstaller...

8.4CVSS5.9AI score0.00147EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/05/15 12:0 a.m.6 views

[20260708] - Core - XSS through language overrides

Improper validation leads to a generic XSS vector in the language override feature...

8.4CVSS5.9AI score0.00147EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/05/15 12:0 a.m.7 views

[20260707] - Core - XSS in the generic image output layout

Lack of escaping leads to an XSS vulnerability in the generic image output layout...

8.4CVSS5.9AI score0.00147EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/05/07 12:0 a.m.8 views

[20260705] - Core - XSS in various modalreturn layouts

Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components...

8.4CVSS5.9AI score0.00147EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/05/07 12:0 a.m.6 views

[20260704] - Core - XSS in com_templates

Lack of escaping leads to an XSS vulnerability in the file management view of comtemplates...

8.4CVSS5.9AI score0.00147EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/05/07 12:0 a.m.6 views

[20260703] - Core - XSS in MFA method management

Lack of validation leads to an XSS vulnerability in the MFA management views...

8.4CVSS5.9AI score0.00147EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/05/07 12:0 a.m.5 views

[20260702] - Core - Incorrect Access Control in com_contact vcf download

An improper access check allows user to download vcard exports of comcontact contacts that are inaccessible...

8.8CVSS6AI score0.0024EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/05/05 12:0 a.m.5 views

[20260712] - Core - Incorrect Access Control in com_fields webservice endpoints

An improper access check allows unauthorized users to create custom fields via webservices endpoints...

8.8CVSS6AI score0.00262EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/05/05 12:0 a.m.5 views

[20260701] - Core - Incorrect Access Control in com_media webservice endpoints

An improper access check allows privileged users to overwrite media files without editing permissions...

6.4CVSS6AI score0.00197EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/05/04 12:0 a.m.15 views

[20260520] - Framework - Inadequate content filtering within the cleanAttributes filter code

Lack of input filtering leads to an XSS vector in the HTML filter code...

6.9CVSS5.8AI score0.00144EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/04/29 12:0 a.m.15 views

[20260516] - Core - Incorrect Access Control in com_scheduler

An improper access check allowed low privileged users to edit the task types of existing scheduler tasks...

6.4CVSS5.8AI score0.00154EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/04/23 12:0 a.m.20 views

[20260515] - Core - Incorrect Access Control in sample data plugins

An improper access check allow unauthorized users to perform actions related to the installation of sampledata...

9.8CVSS5.8AI score0.00234EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/04/22 12:0 a.m.5 views

[20260709] - Core - Incorrect Access Control in com_workflow

An improper access check allows unauthorized users to access workflow stage and transition information...

6.5CVSS6AI score0.00208EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/04/21 12:0 a.m.14 views

[20260519] - Framework - Inadequate content filtering within the checkAttribute filter code

Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components...

6.9CVSS5.8AI score0.00144EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/04/20 12:0 a.m.19 views

[20260518] - Core - Transport encryption downgrade for password and username reset links

The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set...

9.8CVSS5.8AI score0.0019EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/04/15 12:0 a.m.19 views

[20260514] - Core - Privilege escalation through com_users webservice endpoints

An improper access check allows privelege escalation through the comusers group editing webservice endpoint...

9.8CVSS5.8AI score0.00292EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/04/15 12:0 a.m.5 views

[20260510] - Core - Path traversal in com_media webservice endpoint

An improper validation of the search parameter of the commedia files API endpoint leads to a path traversal vulnerability...

7.5CVSS5.9AI score0.00445EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/04/15 12:0 a.m.5 views

[20260509] - Core - LFI in HTMLView layout parameter

An improper validation of user-supplied input leads to a local file inclusion vulnerability...

9.8CVSS5.9AI score0.00482EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/04/15 12:0 a.m.6 views

[20260508] - Core - Improper access check in com_config webservice endpoints

An improper access check allows unauthorized access to comconfig webservice endpoints...

9.8CVSS6AI score0.00348EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/04/15 12:0 a.m.15 views

[20260513] - Core - Privilege escalation through com_users batch task

An improper access check allows privlege escalation through the comusers batch task...

9.8CVSS5.8AI score0.00268EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/04/14 12:0 a.m.4 views

[20260504] - Core - XSS in readmore links

Lack of output escaping leads to a XSS vector in the content history component...

6.9CVSS5.9AI score0.00175EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/04/01 12:0 a.m.5 views

[20260502] - Core - XSS in com_associations

Lack of output escaping leads to a XSS vector in the multilingual associations component...

6.9CVSS5.9AI score0.00175EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/04/01 12:0 a.m.15 views

[20260512] - Core - MFA Authentication Bypass

Incorrectly resetted session states to a vector that allows to bypass 2FA checks...

8.2CVSS5.8AI score0.00211EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/04/01 12:0 a.m.15 views

[20260511] - Core - MFA Authentication Bypass

Insufficient state checks lead to a vector that allows to bypass 2FA checks...

8.2CVSS5.8AI score0.00297EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/04/01 12:0 a.m.5 views

[20260503] - Core - XSS in com_contenthistory

Lack of output escaping leads to a XSS vector in the content history component...

6.9CVSS5.9AI score0.00175EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/03/31 12:0 a.m.5 views

[20260506] - Core - Authenticated blind SQLi in com_finder

Improperly built filter clauses lead to a SQL injection vulnerability in the search query for comfinder...

9.8CVSS6AI score0.0031EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/03/31 12:0 a.m.7 views

[20260507] - Core - Authenticated blind SQLi in com_tags

Improperly validated order clauses lead to a SQL injection vulnerability in comtags...

6AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/03/28 12:0 a.m.7 views

[20260505] - Core - CSRF in user activation endpoint

Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of comusers...

4.6CVSS5.9AI score0.00104EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/03/28 12:0 a.m.4 views

[20260501] - Core - XSS in feed modules

Lack of output escaping leads to a XSS vector in the feed modules...

6.9CVSS5.9AI score0.00175EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/03/16 12:0 a.m.25 views

[20260305] - Core - Arbitrary file deletion in com_joomlaupdate

Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism...

8.6CVSS5.9AI score0.00454EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/03/11 12:0 a.m.14 views

[20260303] - Core - XSS vector in com_associations comparison view

Lack of output escaping leads to a XSS vector in the multilingual associations component...

8.4CVSS5.8AI score0.00216EPSS
Exploits1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/03/11 12:0 a.m.7 views

[20260301] - Core - ACL hardening in com_ajax

The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers...

7.3CVSS5.8AI score0.00249EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/03/10 12:0 a.m.8 views

[20260304] - Core - XSS vectors in various article title outputs

Lack of output escaping for article titles leads to XSS vectors in various locations...

8.4CVSS5.8AI score0.0019EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/03/09 12:0 a.m.16 views

[20260306] - Core - Improper access check in webservice endpoints

An improper access check allows unauthorized access to webservice endpoints...

8.8CVSS5.8AI score0.00401EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/03/05 12:0 a.m.8 views

[20260302] - Core - SQL injection in com_content articles webservice endpoint

Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint...

8.8CVSS5.8AI score0.00341EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/02/24 12:0 a.m.16 views

Novarain/Tassos Framework, , SQL Injection

allow SQL injection and unauthenticated file reads. Attackers can chain these issues for administrator takeover and remote code execution on unpatched systems. Affected extensions include Convert Forms, EngageBox, Google Structured Data, Advanced Custom Fields, and Smile Pack, all relying on the...

6.7AI score
Exploits0References1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/02/24 12:0 a.m.13 views

EasyDiscuss by Stackideas,, , SQL Injection

EasyDiscuss by Stackideas,, , SQL Injection...

5.9AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2025/11/14 12:0 a.m.18 views

[20260101] - Core - Inadequate content filtering for data URLs

Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags...

8.4CVSS5.8AI score0.00175EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2025/11/14 12:0 a.m.11 views

[20260517] - Core - Incorrect Cache Key Construction for InputFilter objects

The InputFilter::getInstance method omitted a security sensitive parameter from the instance cache key...

7.5CVSS5.8AI score0.00245EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2025/10/19 4:42 p.m.13 views

Phoca commander

Name: Phoca Company: - Email: [email protected] Extension: Phoca Commander Version: Old 4.0.0, 5.0.1 / New 4.0.2, 5.0.3 Update details: No access for unzip feature as default Update URL: https://github.com/PhocaCz/PhocaCommander/releases/tag/5.0.2 Changelog URL: Download URL:...

7AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2025/09/29 12:0 a.m.13 views

[20260102] - Core - XSS vectors in the pagebreak and pagenavigation plugins

Lack of output escaping leads to a XSS vector in the pagebreak and pagenavigation plugins...

8.4CVSS5.8AI score0.00175EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2025/09/04 12:0 a.m.22 views

[20250902] - Core - User-Enumeration in passkey authentication method

Improper handling of authentication requests lead to a user enumeration vector in the passkey authentication method...

5.3CVSS5.8AI score0.00258EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2025/08/16 10:38 p.m.14 views

JS Jobs extension (v1.4.2)

JS Jobs extension v1.4.2 sqli...

7.2AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2025/08/16 10:35 p.m.10 views

phoc commander, varios,

Update to latest secure version https://www.phoca.cz/news/1384-phoca-commander-version-5-0-2-and-4-0-1-released...

7.2AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2025/08/03 12:0 a.m.15 views

[20250901] - Core - Inadequate content filtering within the checkAttribute filter code

Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components...

4.8CVSS5.8AI score0.00293EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2025/07/23 9:41 p.m.15 views

rsfiles!

Extension: RSFiles! Version: Old 1.17.7 / New 1.17.8 Update details: Versions affected 1.16.3 through 1.17.7. Allows unauthenticated remote attackers to deny access to service via search component. Fixed in 1.17.8 Update URL:...

7.3AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2025/07/23 9:39 p.m.9 views

rsmail

Extension: RSMail! Version: Old 1.22.26, 1.22.27, 1.22.28 / New 1.22.29 Update details: Versions affected 1.19.20 through 1.22.28. Self XSS allows remote authenticated attackers to inject arbitrary web script or HTML via a crafted parameter. Fixed in 1.22.29 Update URL:...

5.6AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2025/07/23 9:37 p.m.10 views

rsblog

Extension: RSBlog! Version: Old 1.14.4, 1.14.5 / New 1.14.6 Update details: Versions affected 1.11.6 to 1.14.5 Stored XSS allows remote authenticated attackers to inject arbitrary web script or HTML via the tag parameter. Fixed in 1.14.6 Update URL:...

5.6AI score
Exploits0
Total number of security vulnerabilities747