VIR Vulnerability Intelligence Relay

Search

Found 205 results in 85ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-48902 critical 9.8 9.8 joomla 9d ago The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set.
CVE-2026-35222 critical 9.8 9.8 joomla 9d ago Improperly validated order clauses lead to a SQL injection vulnerability in com_tags.
CVE-2026-30894 medium 6.1 6.1 joomla 9d ago Lack of output escaping leads to a XSS vector in the content history component.
CVE-2026-35221 critical 9.8 9.8 joomla 9d ago Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder.
CVE-2026-48903 medium 6.1 6.1 joomla 9d ago Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components.
CVE-2026-35220 medium 4.3 4.3 joomla 9d ago Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of com_users.
CVE-2026-40383 critical 9.8 9.8 joomla 9d ago An improper validation of user-supplied input leads to a local file inclusion vulnerability.
CVE-2026-48905 medium 6.1 6.1 joomla 9d ago Lack of input filtering leads to an XSS vector in the HTML filter code.
CVE-2026-25901 medium 6.1 6.1 joomla 9d ago Lack of output escaping leads to a XSS vector in the multilingual associations component.
CVE-2026-48899 critical 9.8 9.8 joomla 9d ago An improper access check allows privilege escalation through the com_users batch task.
CVE-2026-48900 medium 4.3 4.3 joomla 9d ago An improper access check allowed low privileged users to edit the task types of existing scheduler tasks.
CVE-2026-35223 critical 9.8 9.8 joomla 9d ago An improper access check allows unauthorized access to com_config webservice endpoints.
CVE-2026-25900 medium 6.1 6.1 joomla 9d ago Lack of output escaping leads to a XSS vector in the feed modules.
CVE-2026-48904 critical 9.8 9.8 joomla 9d ago An improper access check allows privelege escalation through the com_users group editing webservice endpoint.
CVE-2026-30895 medium 6.1 6.1 joomla 9d ago Lack of output escaping leads to a XSS vector in the readmore links for com_content.
CVE-2026-48898 critical 9.8 9.8 joomla 9d ago An improper access check allows privilege escalation through the com_users batch task.
CVE-2017-16634 critical 9.8 9.8 joomla 9y ago In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method.
CVE-2017-16633 medium 4.3 4.3 joomla 9y ago In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users.
CVE-2017-14596 critical 9.8 9.8 joomla 9y ago In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.
CVE-2017-14595 low 3.7 3.7 joomla 9y ago In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state.
CVE-2015-5608 medium 6.1 6.1 joomla 9y ago Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1.
CVE-2017-11612 medium 6.1 6.1 joomla 9y ago In Joomla! before 3.7.4, inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components.
CVE-2017-9934 medium 6.1 6.1 joomla 9y ago Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 through 3.7.2 lead to an XSS vulnerability.
CVE-2017-8917 critical 9.8 10.0 EXP joomla 9y ago SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2017-8057 medium 5.3 5.3 joomla 9y ago In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused full path disclosures on systems with enabled error reporting.
CVE-2017-7989 medium 6.5 6.5 joomla 9y ago In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden.
CVE-2017-7988 medium 5.3 5.3 joomla 9y ago In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of form contents allows overwriting the author of an article.
CVE-2017-7987 medium 6.1 6.1 joomla 9y ago In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping of file and folder names leads to XSS vulnerabilities in the template manager component.
CVE-2017-7986 medium 6.1 6.1 joomla 9y ago In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components.
CVE-2017-7985 medium 6.1 6.1 joomla 9y ago In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components.
CVE-2017-7984 medium 6.1 6.1 joomla 9y ago In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering leads to XSS in the template manager component.
CVE-2017-7983 medium 5.3 5.3 joomla 9y ago In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers.
CVE-2016-9081 critical 9.8 9.8 joomla 10y ago Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, password, and user group assignments and possibly perform other user account modifications via unspecified vectors.
CVE-2016-10045 critical 9.8 10.0 EXPFIX arch archdebian debian phpmailer_projectwordpressjoomla 10y ago Remote code execution in PHPMailer
CVE-2016-9836 critical 9.8 9.8 joomla 10y ago The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a u…
CVE-2016-8869 critical 9.8 10.0 EXP joomla 10y ago The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use o…
CVE-2015-8563 medium 6.8 joomla 11y ago Cross-site request forgery (CSRF) vulnerability in the com_templates component in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to hijack the authentication of unspecifie…
CVE-2015-7899 medium 5.0 joomla 11y ago The com_content component in Joomla! 3.x before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2015-7859 medium 5.0 joomla 11y ago The com_contenthistory component in Joomla! 3.2 before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2015-6939 medium 4.3 joomla 11y ago Cross-site scripting (XSS) vulnerability in the login module in Joomla! 3.4.x before 3.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-5397 medium 6.8 joomla 11y ago Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upl…
CVE-2012-2413 medium 4.3 joomla 12y ago Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier allows remote attackers to inject arbitrary web script or HTML via the Mod* cookie parameter to html/…
CVE-2014-7983 medium 4.3 joomla 12y ago Cross-site scripting (XSS) vulnerability in com_contact in Joomla! CMS 3.1.2 through 3.2.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-7982 medium 4.3 joomla 12y ago Cross-site scripting (XSS) vulnerability in Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-7229 medium 5.0 joomla 12y ago Unspecified vulnerability in Joomla! before 2.5.4 before 2.5.26, 3.x before 3.2.6, and 3.3.x before 3.3.5 allows attackers to cause a denial of service via unspecified vectors.
CVE-2014-6631 medium 4.3 joomla 12y ago Cross-site scripting (XSS) vulnerability in com_media in Joomla! 3.2.x before 3.2.5 and 3.3.x before 3.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-5955 medium 4.3 purplebeaniejoomla 12y ago Cross-site scripting (XSS) vulnerability in manage.php in the PBBooking (com_pbbooking) component 2.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the an arbitrary p…
CVE-2013-5953 medium 4.3 codepeoplejoomla 12y ago Multiple cross-site scripting (XSS) vulnerabilities in tmpl/layout_editevent.php in the Multi Calendar (com_multicalendar) component 4.0.2, and possibly 4.8.5 and earlier, for Joomla! allow remote at…
CVE-2013-5952 medium 4.3 codologicjoomla 12y ago Multiple cross-site scripting (XSS) vulnerabilities in the Freichat (com_freichat) component, possibly 9.4 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via t…
CVE-2014-0793 medium 5.3 EXP stackideasjoomla 13y ago Multiple cross-site scripting (XSS) vulnerabilities in the StackIdeas Komento (com_komento) component before 1.7.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1…
CVE-2014-0794 medium 5.3 EXP joomla 13y ago SQL injection vulnerability in the JV Comment (com_jvcomment) component before 3.0.3 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a comment.…
CVE-2013-5583 medium 4.3 joomla 13y ago Joomla! Cross-site Scripting vulnerability
CVE-2013-5576 medium 7.8 EXP joomla 13y ago administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended …
CVE-2013-3719 medium 4.3 algisinfojoomla 13y ago Cross-site scripting (XSS) vulnerability in the aiContactSafe component before 2.0.21 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-3534 medium 4.3 algisinfojoomla 13y ago Cross-site scripting (XSS) vulnerability in the aiContactSafe component before 2.0.21 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-3267 medium 4.3 joomla 13y ago Cross-site scripting (XSS) vulnerability in the highlighter plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified…
CVE-2013-3242 medium 6.5 EXP joomla 13y ago plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated use…
CVE-2013-3059 medium 4.3 joomla 13y ago Cross-site scripting (XSS) vulnerability in the Voting plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vect…
CVE-2013-3058 medium 4.3 joomla 13y ago Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-3057 medium 4.0 joomla 13y ago Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and list the privileges of arbitrary users via unspecified vectors.
CVE-2013-3056 medium 4.0 joomla 13y ago Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and delete the private messages of arbitrary users via unspecified vecto…
CVE-2013-1455 medium 5.0 joomla 14y ago Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to an "Undefined variable."
CVE-2013-1454 medium 5.0 joomla 14y ago Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to "Coding errors."
CVE-2012-6514 medium 4.3 netshinesoftwarejoomla 14y ago Cross-site scripting (XSS) vulnerability in the nBill (com_nbill) component 2.3.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the message parameter in an income act…
CVE-2012-6503 critical 10.0 ninjaforgejoomla 14y ago Unspecified vulnerability in the NinjaXplorer component before 1.0.7 for Joomla! has unknown impact and attack vectors.
CVE-2012-1599 medium 5.0 joomla 14y ago Joomla! 1.5.x before 1.5.26 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end information" via unknown vectors. NOTE: this might be a duplicate…
CVE-2010-5286 critical 10.0 EXP joobijoomla 14y ago Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the con…
CVE-2012-5827 medium 4.3 joomla 14y ago Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors involving "Inadequate protection."
CVE-2012-4532 medium 4.3 joomla 14y ago Cross-site scripting (XSS) vulnerability in modules/mod_languages/tmpl/default.php in the Language Switcher module for Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web scrip…
CVE-2012-4531 medium 4.3 joomla 14y ago Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-5455 medium 4.3 joomla 14y ago Cross-site scripting (XSS) vulnerability in the language search component in Joomla! before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a …
CVE-2011-4911 medium 5.0 joomla 14y ago Joomla! before 1.5.12 does not perform a JEXEC check in unspecified files, which allows remote attackers to obtain the installation path via unspecified vectors.
CVE-2011-4910 medium 4.3 joomla 14y ago Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2011-4909 medium 5.3 EXP joomla 14y ago Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.5.12 allow remote attackers to inject arbitrary web script or HTML via the HTTP_REFERER header to (1) components/com_content/vi…
CVE-2012-5232 medium 4.3 mediafirejoomla 14y ago Cross-site scripting (XSS) vulnerability in the Quickl Form component for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1117 medium 4.3 joomla 14y ago Cross-site scripting (XSS) vulnerability in Joomla! 2.5.0 and 2.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1612 medium 4.3 joomla 14y ago Cross-site scripting (XSS) vulnerability in the update manager in Joomla! 2.5.x before 2.5.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1611 medium 5.0 joomla 14y ago Joomla! 2.5.x before 2.5.4 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end" information via unknown attack vectors. NOTE: this might be a dup…
CVE-2012-0837 medium 5.0 joomla 14y ago Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain the installation path via unspecified vectors related to "administrator."
CVE-2012-0836 medium 5.0 joomla 14y ago Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 allows attackers to read the error log via unknown vectors.
CVE-2012-0835 medium 5.0 joomla 14y ago Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain sensitive information via unknown vectors related to "administrator."
CVE-2012-0822 medium 4.3 joomla 14y ago Cross-site scripting (XSS) vulnerability in Joomla! 1.6 and 1.7.x before 1.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than C…
CVE-2012-0821 medium 5.0 joomla 14y ago Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0819.
CVE-2012-0820 medium 4.3 joomla 14y ago Cross-site scripting (XSS) vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than…
CVE-2012-0819 medium 5.0 joomla 14y ago Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0821.
CVE-2011-5148 medium 7.8 EXP wasenjoomla 14y ago Multiple incomplete blacklist vulnerabilities in the Simple File Upload (mod_simplefileuploadv1.3) module before 1.3.5 for Joomla! allow remote attackers to execute arbitrary code by uploading a file…
CVE-2011-5134 medium 6.0 widgetfactorylimitedjoomla 14y ago Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the JCE component before 2.0.18 for Joomla! allows remote authenticated users with the author privileges to execute arb…
CVE-2012-4256 medium 5.0 joobijoomla 14y ago The jNews (com_jnews) component 7.5.1 for Joomla! allows remote attackers to obtain sensitive information via the emailsearch parameter, which reveals the installation path in an error message.
CVE-2012-4235 medium 5.0 rsgallery2joomla 14y ago The RSGallery2 (com_rsgallery2) component before 3.2.0 for Joomla! 2.5.x does not place index.html files in image directories, which allows remote attackers to list image filenames via a request for …
CVE-2012-4071 medium 4.3 joomlarsgallery2 14y ago Cross-site scripting (XSS) vulnerability in the comments module in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attacker…
CVE-2012-3829 medium 5.0 joomla 14y ago Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header.
CVE-2012-3828 medium 4.3 joomla 14y ago Cross-site scripting (XSS) vulnerability in Joomla! 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the Host HTTP Header.
CVE-2012-2748 medium 5.0 joomla 14y ago Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to obtain sensitive information via vectors related to "Inadequate filtering" and a "SQL error."
CVE-2012-2902 medium 6.0 ryan_demmerjoomla 14y ago Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the Joomla Content Editor (JCE) component before 2.1 for Joomla!, when chunking is set to greater than zero, allows rem…
CVE-2012-2901 medium 4.3 ryan_demmerjoomla 14y ago Cross-site scripting (XSS) vulnerability in the Profile List in the Joomla Content Editor (JCE) component before 2.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the…
CVE-2012-1018 medium 5.3 EXP dmackmediajoomla 15y ago Cross-site scripting (XSS) vulnerability in includes/convert.php in D-Mack Media Currency Converter (mod_currencyconverter) module 1.0.0 for Joomla! allows remote attackers to inject arbitrary web sc…
CVE-2011-5004 medium 6.0 fabrikarjoomla 15y ago Unrestricted file upload vulnerability in models/importcsv.php in the Fabrik (com_fabrik) component before 2.1.1 for Joomla! allows remote authenticated users with Manager privileges to execute arbit…
CVE-2011-4830 low 4.5 EXP barter-sitesjoomla 15y ago Multiple cross-site scripting (XSS) vulnerabilities in the com_listing component in Barter Sites component 1.3 for Joomla! allow remote authenticated users to inject arbitrary web script or HTML via …
CVE-2011-4809 medium 5.3 EXP joomlaextensionsjoomla 15y ago Multiple cross-site scripting (XSS) vulnerabilities in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) l…
CVE-2011-4804 medium 6.0 EXP fooblajoomla 15y ago Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to i…