VIR Vulnerability Intelligence Relay

Search

Found 22 results in 32ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-48902 critical 9.8 9.8 joomla 8d ago The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set.
CVE-2026-35222 critical 9.8 9.8 joomla 8d ago Improperly validated order clauses lead to a SQL injection vulnerability in com_tags.
CVE-2026-35221 critical 9.8 9.8 joomla 8d ago Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder.
CVE-2026-40383 critical 9.8 9.8 joomla 8d ago An improper validation of user-supplied input leads to a local file inclusion vulnerability.
CVE-2026-48899 critical 9.8 9.8 joomla 8d ago An improper access check allows privilege escalation through the com_users batch task.
CVE-2026-35223 critical 9.8 9.8 joomla 8d ago An improper access check allows unauthorized access to com_config webservice endpoints.
CVE-2026-48904 critical 9.8 9.8 joomla 8d ago An improper access check allows privelege escalation through the com_users group editing webservice endpoint.
CVE-2026-48898 critical 9.8 9.8 joomla 8d ago An improper access check allows privilege escalation through the com_users batch task.
CVE-2017-16634 critical 9.8 9.8 joomla 9y ago In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method.
CVE-2017-14596 critical 9.8 9.8 joomla 9y ago In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.
CVE-2017-14595 low 3.7 3.7 joomla 9y ago In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state.
CVE-2017-8917 critical 9.8 10.0 EXP joomla 9y ago SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2016-9081 critical 9.8 9.8 joomla 10y ago Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, password, and user group assignments and possibly perform other user account modifications via unspecified vectors.
CVE-2016-10045 critical 9.8 10.0 EXPFIX arch archdebian debian phpmailer_projectwordpressjoomla 10y ago Remote code execution in PHPMailer
CVE-2016-9836 critical 9.8 9.8 joomla 10y ago The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a u…
CVE-2016-8869 critical 9.8 10.0 EXP joomla 10y ago The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use o…
CVE-2012-6503 critical 10.0 ninjaforgejoomla 14y ago Unspecified vulnerability in the NinjaXplorer component before 1.0.7 for Joomla! has unknown impact and attack vectors.
CVE-2010-5286 critical 10.0 EXP joobijoomla 14y ago Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the con…
CVE-2011-4830 low 4.5 EXP barter-sitesjoomla 15y ago Multiple cross-site scripting (XSS) vulnerabilities in the com_listing component in Barter Sites component 1.3 for Joomla! allow remote authenticated users to inject arbitrary web script or HTML via …
CVE-2010-2535 low 3.5 joomla 16y ago Multiple cross-site scripting (XSS) vulnerabilities in the Back End in Joomla! 1.5.x before 1.5.20 allow remote authenticated users to inject arbitrary web script or HTML via administrator screens.
CVE-2010-3028 low 3.6 simon_philipsjoomla 16y ago The Aardvertiser component before 2.2.1 for Joomla! uses insecure permissions (777) in unspecified folders, which allows local users to modify, create, or delete certain files.
CVE-2010-0801 low 4.5 EXP autarticajoomla 17y ago Directory traversal vulnerability in the AutartiTarot (com_autartitarot) component 1.0.3 for Joomla! allows remote authenticated users, with "Public Back-end" group permissions, to read arbitrary fil…