VIR Vulnerability Intelligence Relay

Search

Found 216 results in 48ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-48902 critical 9.8 9.8 joomla 8d ago The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set.
CVE-2026-48901 high 7.5 7.5 joomla 8d ago The InputFilter::getInstance() method omitted a security sensitive parameter from the instance cache key.
CVE-2026-35222 critical 9.8 9.8 joomla 8d ago Improperly validated order clauses lead to a SQL injection vulnerability in com_tags.
CVE-2026-35221 critical 9.8 9.8 joomla 9d ago Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder.
CVE-2026-48896 high 7.5 7.5 joomla 9d ago Insufficient state checks lead to a vector that allows to bypass 2FA checks.
CVE-2026-40383 critical 9.8 9.8 joomla 9d ago An improper validation of user-supplied input leads to a local file inclusion vulnerability.
CVE-2026-40384 high 7.5 7.5 joomla 9d ago An improper validation of the search parameter of the com_media files API endpoint leads to a path traversal vulnerability.
CVE-2026-48897 high 7.5 7.5 joomla 9d ago Insufficient state checks lead to a vector that allows to bypass 2FA checks.
CVE-2026-48899 critical 9.8 9.8 joomla 9d ago An improper access check allows privilege escalation through the com_users batch task.
CVE-2026-35223 critical 9.8 9.8 joomla 9d ago An improper access check allows unauthorized access to com_config webservice endpoints.
CVE-2026-48904 critical 9.8 9.8 joomla 9d ago An improper access check allows privelege escalation through the com_users group editing webservice endpoint.
CVE-2026-48898 critical 9.8 9.8 joomla 9d ago An improper access check allows privilege escalation through the com_users batch task.
CVE-2017-16634 critical 9.8 9.8 joomla 9y ago In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method.
CVE-2017-14596 critical 9.8 9.8 joomla 9y ago In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.
CVE-2017-14595 low 3.7 3.7 joomla 9y ago In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state.
CVE-2017-11364 high 8.8 8.8 joomla 9y ago The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate…
CVE-2017-9933 high 7.5 7.5 joomla 9y ago Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents.
CVE-2017-8917 critical 9.8 10.0 EXP joomla 9y ago SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2016-9081 critical 9.8 9.8 joomla 10y ago Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, password, and user group assignments and possibly perform other user account modifications via unspecified vectors.
CVE-2016-10045 critical 9.8 10.0 EXPFIX arch archdebian debian phpmailer_projectwordpressjoomla 10y ago Remote code execution in PHPMailer
CVE-2016-9838 high 7.5 8.5 EXP joomla 10y ago An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a us…
CVE-2016-9837 high 7.5 7.5 joomla 10y ago An issue was discovered in templates/beez3/html/com_content/article/default.php in Joomla! before 3.6.5. Inadequate permissions checks in the Beez3 layout override of the com_content article view all…
CVE-2016-9836 critical 9.8 9.8 joomla 10y ago The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a u…
CVE-2016-8870 high 8.1 9.1 EXP joomla 10y ago The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create …
CVE-2016-8869 critical 9.8 10.0 EXP joomla 10y ago The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use o…
CVE-2015-8769 high 7.3 7.3 joomla 11y ago SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-8566 high 8.5 EXP joomla 11y ago Joomla! Framework Remote Code Injection Vulnerability
CVE-2015-8565 high 7.5 joomla 11y ago Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors.
CVE-2015-8564 high 7.5 joomla 11y ago Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal sequences in the XML install file in an extension package ar…
CVE-2015-8562 high 8.5 EXP joomla 11y ago Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in Dece…
CVE-2015-7858 high 8.5 EXP joomla 11y ago SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297.
CVE-2015-7857 high 8.5 EXP joomla 11y ago SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL…
CVE-2015-7297 high 8.5 EXP joomla 11y ago SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858.
CVE-2015-4654 high 7.5 joomla 11y ago SQL injection vulnerability in the EQ Event Calendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to eqfullevent.
CVE-2014-7228 high 8.5 EXP joomla 12y ago Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 through 4.0.2; Backup Professional for …
CVE-2014-7984 high 7.5 joomla 12y ago Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to authenticate and bypass intended restrictions via vectors involving GMail authentication.
CVE-2014-7981 high 8.5 EXP joomla 12y ago SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before 3.2.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-6632 high 7.5 joomla 12y ago Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 allows remote attackers to authenticate and bypass intended access restrictions via vectors involving LDAP authentication.
CVE-2013-1453 high 8.5 EXP joomla 14y ago plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary d…
CVE-2012-6503 critical 10.0 ninjaforgejoomla 14y ago Unspecified vulnerability in the NinjaXplorer component before 1.0.7 for Joomla! has unknown impact and attack vectors.
CVE-2012-1598 high 7.5 joomla 14y ago Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to "insufficient randomness" and a "password reset vulnerability."
CVE-2010-5286 critical 10.0 EXP joobijoomla 14y ago Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the con…
CVE-2010-5280 high 8.5 EXP joomla-cbejoomla 14y ago Directory traversal vulnerability in the Community Builder Enhanced (CBE) (com_cbe) component 1.4.8, 1.4.9, and 1.4.10 for Joomla! allows remote attackers to include and execute arbitrary local files…
CVE-2012-5230 high 7.5 harmistechnologyjoomla 14y ago Unspecified vulnerability in the JE Story Submit (com_jesubmit) component before 1.9 for Joomla! has unknown impact and attack vectors.
CVE-2012-1116 high 8.5 EXP joomla 14y ago SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-5101 high 7.5 jextensionsjoomla 14y ago SQL injection vulnerability in the JExtensions JE Poll component before 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2006-7247 high 8.5 EXP joomlamambo-foundation 14y ago SQL injection vulnerability in the Weblinks (com_weblinks) component for Joomla! and Mambo 1.0.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.
CVE-2012-4868 high 7.5 kunenajoomla 14y ago SQL injection vulnerability in news.php in the Kunena component 1.7.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2011-5113 high 8.5 EXP techdelugejoomla 14y ago SQL injection vulnerability in frontend/models/techfoliodetail.php in Techfolio (com_techfolio) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid param…
CVE-2011-5112 high 8.5 EXP blueflyingfishjoomla 14y ago SQL injection vulnerability in Alameda (com_alameda) component before 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the storeid parameter to index.php.
CVE-2011-5099 high 8.5 EXP chillcreationsjoomla 14y ago SQL injection vulnerability in helper/popup.php in the ccNewsletter (mod_ccnewsletter) component 1.0.7 through 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id p…
CVE-2012-3554 high 7.5 rsgallery2joomla 14y ago SQL injection vulnerability in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to execute arbitrary SQL commands …
CVE-2012-2747 high 7.5 joomla 14y ago Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to gain privileges via unknown attack vectors related to "Inadequate checking."
CVE-2011-4830 low 4.5 EXP barter-sitesjoomla 15y ago Multiple cross-site scripting (XSS) vulnerabilities in the com_listing component in Barter Sites component 1.3 for Joomla! allow remote authenticated users to inject arbitrary web script or HTML via …
CVE-2011-4829 high 8.5 EXP barter-sitesjoomla 15y ago SQL injection vulnerability in the com_listing component in Barter Sites component 1.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter to index.php.
CVE-2011-4823 high 8.5 EXP extensionsforjoomlajoomla 15y ago Multiple SQL injection vulnerabilities in Vik Real Estate (com_vikrealestate) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) contract parameter in a re…
CVE-2011-4808 high 8.5 EXP joomlaextensionsjoomla 15y ago SQL injection vulnerability in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a fnd_home action…
CVE-2011-4571 high 8.5 EXP eaimprovedjoomla 15y ago SQL injection vulnerability in the Estate Agent (com_estateagent) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showEO action to index.php.
CVE-2011-4570 high 8.5 EXP takeawebjoomla 15y ago SQL injection vulnerability in the Time Returns (com_timereturns) component 2.0 and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id paramete…
CVE-2010-5056 high 8.5 EXP gbu_graficijoomla 15y ago SQL injection vulnerability in the GBU Facebook (com_gbufacebook) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the face_id parameter in a show_face action…
CVE-2010-5053 high 8.5 EXP php-shop-systemjoomla 15y ago SQL injection vulnerability in the XOBBIX (com_xobbix) component 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the prodid parameter in a prod_desc action to index.ph…
CVE-2010-5032 high 8.5 EXP tamlyncreativejoomla 15y ago SQL injection vulnerability in the BF Quiz (com_bfquiztrial) component before 1.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a bfquiztrial acti…
CVE-2010-5028 high 8.5 EXP harmistechnologyjoomla 15y ago SQL injection vulnerability in the JExtensions JE Job (com_jejob) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to inde…
CVE-2010-5022 high 8.5 EXP harmistechnologyjoomla 15y ago SQL injection vulnerability in the JExtensions JE Story Submit (com_jesubmit) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php.
CVE-2010-5003 high 8.5 EXP autarticajoomla 15y ago SQL injection vulnerability in the AutarTimonial (com_autartimonial) component 1.0.8 for Joomla! allows remote attackers to execute arbitrary SQL commands via the limit parameter in an autartimonial …
CVE-2010-4995 high 8.5 EXP neojoomlajoomla 15y ago SQL injection vulnerability in the NeoRecruit (com_neorecruit) component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in an offer_view action t…
CVE-2010-4994 high 7.5 instantphpjoomla 15y ago SQL injection vulnerability in the Jobs Pro component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the detailed_results parameter to search_jobs.html.
CVE-2010-4993 high 8.5 EXP kay_messerschmidtjoomla 15y ago SQL injection vulnerability in the eventcal (com_eventcal) component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
CVE-2010-4992 high 8.5 EXP paymentsplusjoomla 15y ago SQL injection vulnerability in the Payments Plus component 2.1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the type parameter to add.html.
CVE-2010-4991 high 8.5 EXP ninjaforgejoomla 15y ago SQL injection vulnerability in the NinjaMonials (com_ninjamonials) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a display action to inde…
CVE-2010-4990 high 8.5 EXP b-elektrojoomla 15y ago SQL injection vulnerability in the Front-edit Address Book (com_addressbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a contact acti…
CVE-2010-4977 high 8.5 EXP miniworkjoomla 15y ago SQL injection vulnerability in menu.php in the Canteen (com_canteen) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the mealid parameter to index.php.
CVE-2010-4975 high 8.5 EXP techjoomlajoomla 15y ago SQL injection vulnerability in the Techjoomla SocialAds For JomSocial (com_socialads) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the ads description field in …
CVE-2010-4968 high 8.5 EXP webmaster-tipsjoomla 15y ago SQL injection vulnerability in the webmaster-tips.net Flash Gallery (com_wmtpic) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.…
CVE-2010-4945 high 8.5 EXP joomla 15y ago SQL injection vulnerability in the CamelcityDB (com_camelcitydb2) component 2.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
CVE-2010-4944 high 8.5 EXP joomlamambo-foundation 15y ago SQL injection vulnerability in the Elite Experts (com_elite_experts) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showExpertProf…
CVE-2010-4941 high 8.5 EXP joomlamojoomla 15y ago SQL injection vulnerability in the Teams (com_teams) component 1_1028_100809_1711 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PlayerID parameter in a player save act…
CVE-2010-4938 high 8.5 EXP joomla 15y ago SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a categories action to index.php.…
CVE-2010-4937 high 8.5 EXP robitbtjoomla 15y ago Multiple SQL injection vulnerabilities in the Amblog (com_amblog) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) articleid or (2) catid parameter to in…
CVE-2010-4936 high 7.5 webmaster-tipsjoomla 15y ago SQL injection vulnerability in the Slide Show (com_slideshow) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
CVE-2010-4929 high 8.5 EXP joostina-cmsjoomla 15y ago SQL injection vulnerability in the Joostina (com_ezautos) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the firstCode parameter in a helpers action to index.php.
CVE-2010-4927 high 8.5 EXP photoindochinajoomla 15y ago SQL injection vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a country actio…
CVE-2010-4926 high 8.5 EXP timetrackjoomla 15y ago SQL injection vulnerability in the TimeTrack (com_timetrack) component 1.2.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ct_id parameter in a timetrack action to ind…
CVE-2010-4918 high 8.5 EXP ijoomlajoomla 15y ago PHP remote file inclusion vulnerability in iJoomla Magazine (com_magazine) component 3.0.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the config parameter to magaz…
CVE-2010-4904 high 8.5 EXP simon_philipsjoomla 15y ago SQL injection vulnerability in the Aardvertiser (com_aardvertiser) component 2.1 and 2.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_name parameter in a view a…
CVE-2010-4902 high 8.5 EXP joomla-clantoolsjoomla 15y ago Multiple SQL injection vulnerabilities in the Clantools (com_clantools) component 1.2.3 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) squad or (2) showgame paramete…
CVE-2010-4898 high 8.5 EXP gantry-frameworkjoomla 15y ago SQL injection vulnerability in the Gantry (com_gantry) component 3.0.10 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter to index.php.
CVE-2010-4865 high 8.5 EXP harmistechnologyjoomla 15y ago SQL injection vulnerability in the JE Guestbook (com_jeguestbook) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the d_itemid parameter in an item_detail acti…
CVE-2010-4864 high 8.5 EXP danieljamesscottjoomla 15y ago SQL injection vulnerability in the Club Manager (com_clubmanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cm_id parameter in an equip presenta action t…
CVE-2010-4862 high 8.5 EXP harmistechnologyjoomla 15y ago SQL injection vulnerability in the JExtensions JE Directory (com_jedirectory) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item ac…
CVE-2010-4853 high 8.5 EXP chillcreationsjoomla 15y ago SQL injection vulnerability in the ccInvoices (com_ccinvoices) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewInv action to index.php.
CVE-2008-7302 high 7.5 netshinesoftwarejoomla 15y ago SQL injection vulnerability in netinvoice.php in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving…
CVE-2010-4795 high 8.5 EXP joomlasellerjoomla 15y ago SQL injection vulnerability in the JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ev_id parameter in a details ac…
CVE-2010-4769 high 8.5 EXP janguojoomla 15y ago Directory traversal vulnerability in the Jimtawl (com_jimtawl) component 1.0.2 Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in…
CVE-2010-4739 high 7.5 aretimesjoomla 16y ago SQL injection vulnerability in the Maian Media Silver (com_maianmedia) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a music action to index…
CVE-2010-4720 high 7.5 harmistechnologyjoomla 16y ago SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component before 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the v…
CVE-2010-4719 high 8.5 EXP fxwebdesignjoomla 16y ago Directory traversal vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller paramet…
CVE-2011-0511 high 8.5 EXP joomtradersjoomla 16y ago SQL injection vulnerability in the allCineVid component (com_allcinevid) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
CVE-2010-4702 high 7.5 fxwebdesignjoomla 16y ago SQL injection vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-4696 high 7.5 joomla 16y ago Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via the (1) filter_order or (2) filter_order_Dir parameter in a com_cont…