VIR Vulnerability Intelligence Relay

Search

Found 17 results in 29ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-48902 critical 9.8 9.8 joomla 8d ago The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set.
CVE-2026-35222 critical 9.8 9.8 joomla 8d ago Improperly validated order clauses lead to a SQL injection vulnerability in com_tags.
CVE-2026-35221 critical 9.8 9.8 joomla 9d ago Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder.
CVE-2026-40383 critical 9.8 9.8 joomla 9d ago An improper validation of user-supplied input leads to a local file inclusion vulnerability.
CVE-2026-48899 critical 9.8 9.8 joomla 9d ago An improper access check allows privilege escalation through the com_users batch task.
CVE-2026-35223 critical 9.8 9.8 joomla 9d ago An improper access check allows unauthorized access to com_config webservice endpoints.
CVE-2026-48904 critical 9.8 9.8 joomla 9d ago An improper access check allows privelege escalation through the com_users group editing webservice endpoint.
CVE-2026-48898 critical 9.8 9.8 joomla 9d ago An improper access check allows privilege escalation through the com_users batch task.
CVE-2017-16634 critical 9.8 9.8 joomla 9y ago In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method.
CVE-2017-14596 critical 9.8 9.8 joomla 9y ago In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.
CVE-2017-8917 critical 9.8 10.0 EXP joomla 9y ago SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2016-9081 critical 9.8 9.8 joomla 10y ago Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, password, and user group assignments and possibly perform other user account modifications via unspecified vectors.
CVE-2016-10045 critical 9.8 10.0 EXPFIX arch archdebian debian phpmailer_projectwordpressjoomla 10y ago Remote code execution in PHPMailer
CVE-2016-9836 critical 9.8 9.8 joomla 10y ago The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a u…
CVE-2016-8869 critical 9.8 10.0 EXP joomla 10y ago The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use o…
CVE-2012-6503 critical 10.0 ninjaforgejoomla 14y ago Unspecified vulnerability in the NinjaXplorer component before 1.0.7 for Joomla! has unknown impact and attack vectors.
CVE-2010-5286 critical 10.0 EXP joobijoomla 14y ago Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the con…