VIR Vulnerability Intelligence Relay

Search

Found 399 results in 99ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-48902 critical 9.8 9.8 joomla 8d ago The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set.
CVE-2026-48901 high 7.5 7.5 joomla 8d ago The InputFilter::getInstance() method omitted a security sensitive parameter from the instance cache key.
CVE-2026-35222 critical 9.8 9.8 joomla 8d ago Improperly validated order clauses lead to a SQL injection vulnerability in com_tags.
CVE-2026-30894 medium 6.1 6.1 joomla 8d ago Lack of output escaping leads to a XSS vector in the content history component.
CVE-2026-35221 critical 9.8 9.8 joomla 8d ago Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder.
CVE-2026-48903 medium 6.1 6.1 joomla 8d ago Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components.
CVE-2026-48896 high 7.5 7.5 joomla 8d ago Insufficient state checks lead to a vector that allows to bypass 2FA checks.
CVE-2026-35220 medium 4.3 4.3 joomla 8d ago Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of com_users.
CVE-2026-40383 critical 9.8 9.8 joomla 8d ago An improper validation of user-supplied input leads to a local file inclusion vulnerability.
CVE-2026-40384 high 7.5 7.5 joomla 8d ago An improper validation of the search parameter of the com_media files API endpoint leads to a path traversal vulnerability.
CVE-2026-48905 medium 6.1 6.1 joomla 8d ago Lack of input filtering leads to an XSS vector in the HTML filter code.
CVE-2026-48897 high 7.5 7.5 joomla 8d ago Insufficient state checks lead to a vector that allows to bypass 2FA checks.
CVE-2026-25901 medium 6.1 6.1 joomla 8d ago Lack of output escaping leads to a XSS vector in the multilingual associations component.
CVE-2026-48899 critical 9.8 9.8 joomla 8d ago An improper access check allows privilege escalation through the com_users batch task.
CVE-2026-48900 medium 4.3 4.3 joomla 8d ago An improper access check allowed low privileged users to edit the task types of existing scheduler tasks.
CVE-2026-35223 critical 9.8 9.8 joomla 8d ago An improper access check allows unauthorized access to com_config webservice endpoints.
CVE-2026-25900 medium 6.1 6.1 joomla 8d ago Lack of output escaping leads to a XSS vector in the feed modules.
CVE-2026-48904 critical 9.8 9.8 joomla 8d ago An improper access check allows privelege escalation through the com_users group editing webservice endpoint.
CVE-2026-30895 medium 6.1 6.1 joomla 8d ago Lack of output escaping leads to a XSS vector in the readmore links for com_content.
CVE-2026-48898 critical 9.8 9.8 joomla 8d ago An improper access check allows privilege escalation through the com_users batch task.
CVE-2017-16634 critical 9.8 9.8 joomla 9y ago In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method.
CVE-2017-16633 medium 4.3 4.3 joomla 9y ago In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users.
CVE-2017-14596 critical 9.8 9.8 joomla 9y ago In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.
CVE-2017-14595 low 3.7 3.7 joomla 9y ago In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state.
CVE-2015-5608 medium 6.1 6.1 joomla 9y ago Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1.
CVE-2017-11364 high 8.8 8.8 joomla 9y ago The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate…
CVE-2017-11612 medium 6.1 6.1 joomla 9y ago In Joomla! before 3.7.4, inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components.
CVE-2017-9934 medium 6.1 6.1 joomla 9y ago Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 through 3.7.2 lead to an XSS vulnerability.
CVE-2017-9933 high 7.5 7.5 joomla 9y ago Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents.
CVE-2017-8917 critical 9.8 10.0 EXP joomla 9y ago SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2017-8057 medium 5.3 5.3 joomla 9y ago In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused full path disclosures on systems with enabled error reporting.
CVE-2017-7989 medium 6.5 6.5 joomla 9y ago In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden.
CVE-2017-7988 medium 5.3 5.3 joomla 9y ago In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of form contents allows overwriting the author of an article.
CVE-2017-7987 medium 6.1 6.1 joomla 9y ago In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping of file and folder names leads to XSS vulnerabilities in the template manager component.
CVE-2017-7986 medium 6.1 6.1 joomla 9y ago In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components.
CVE-2017-7985 medium 6.1 6.1 joomla 9y ago In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components.
CVE-2017-7984 medium 6.1 6.1 joomla 9y ago In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering leads to XSS in the template manager component.
CVE-2017-7983 medium 5.3 5.3 joomla 9y ago In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers.
CVE-2016-9081 critical 9.8 9.8 joomla 10y ago Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, password, and user group assignments and possibly perform other user account modifications via unspecified vectors.
CVE-2016-10045 critical 9.8 10.0 EXPFIX arch archdebian debian phpmailer_projectwordpressjoomla 10y ago Remote code execution in PHPMailer
CVE-2016-9838 high 7.5 8.5 EXP joomla 10y ago An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a us…
CVE-2016-9837 high 7.5 7.5 joomla 10y ago An issue was discovered in templates/beez3/html/com_content/article/default.php in Joomla! before 3.6.5. Inadequate permissions checks in the Beez3 layout override of the com_content article view all…
CVE-2016-9836 critical 9.8 9.8 joomla 10y ago The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a u…
CVE-2016-8870 high 8.1 9.1 EXP joomla 10y ago The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create …
CVE-2016-8869 critical 9.8 10.0 EXP joomla 10y ago The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use o…
CVE-2015-8769 high 7.3 7.3 joomla 11y ago SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-8566 high 8.5 EXP joomla 11y ago Joomla! Framework Remote Code Injection Vulnerability
CVE-2015-8565 high 7.5 joomla 11y ago Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors.
CVE-2015-8564 high 7.5 joomla 11y ago Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal sequences in the XML install file in an extension package ar…
CVE-2015-8563 medium 6.8 joomla 11y ago Cross-site request forgery (CSRF) vulnerability in the com_templates component in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to hijack the authentication of unspecifie…
CVE-2015-8562 high 8.5 EXP joomla 11y ago Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in Dece…
CVE-2015-7899 medium 5.0 joomla 11y ago The com_content component in Joomla! 3.x before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2015-7859 medium 5.0 joomla 11y ago The com_contenthistory component in Joomla! 3.2 before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2015-7858 high 8.5 EXP joomla 11y ago SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297.
CVE-2015-7857 high 8.5 EXP joomla 11y ago SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL…
CVE-2015-7297 high 8.5 EXP joomla 11y ago SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858.
CVE-2015-6939 medium 4.3 joomla 11y ago Cross-site scripting (XSS) vulnerability in the login module in Joomla! 3.4.x before 3.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-5397 medium 6.8 joomla 11y ago Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upl…
CVE-2015-4654 high 7.5 joomla 11y ago SQL injection vulnerability in the EQ Event Calendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to eqfullevent.
CVE-2014-7228 high 8.5 EXP joomla 12y ago Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 through 4.0.2; Backup Professional for …
CVE-2012-2413 medium 4.3 joomla 12y ago Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier allows remote attackers to inject arbitrary web script or HTML via the Mod* cookie parameter to html/…
CVE-2014-7984 high 7.5 joomla 12y ago Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to authenticate and bypass intended restrictions via vectors involving GMail authentication.
CVE-2014-7983 medium 4.3 joomla 12y ago Cross-site scripting (XSS) vulnerability in com_contact in Joomla! CMS 3.1.2 through 3.2.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-7982 medium 4.3 joomla 12y ago Cross-site scripting (XSS) vulnerability in Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-7981 high 8.5 EXP joomla 12y ago SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before 3.2.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-7229 medium 5.0 joomla 12y ago Unspecified vulnerability in Joomla! before 2.5.4 before 2.5.26, 3.x before 3.2.6, and 3.3.x before 3.3.5 allows attackers to cause a denial of service via unspecified vectors.
CVE-2014-6632 high 7.5 joomla 12y ago Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 allows remote attackers to authenticate and bypass intended access restrictions via vectors involving LDAP authentication.
CVE-2014-6631 medium 4.3 joomla 12y ago Cross-site scripting (XSS) vulnerability in com_media in Joomla! 3.2.x before 3.2.5 and 3.3.x before 3.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-5955 medium 4.3 purplebeaniejoomla 12y ago Cross-site scripting (XSS) vulnerability in manage.php in the PBBooking (com_pbbooking) component 2.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the an arbitrary p…
CVE-2013-5953 medium 4.3 codepeoplejoomla 12y ago Multiple cross-site scripting (XSS) vulnerabilities in tmpl/layout_editevent.php in the Multi Calendar (com_multicalendar) component 4.0.2, and possibly 4.8.5 and earlier, for Joomla! allow remote at…
CVE-2013-5952 medium 4.3 codologicjoomla 12y ago Multiple cross-site scripting (XSS) vulnerabilities in the Freichat (com_freichat) component, possibly 9.4 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via t…
CVE-2014-0793 medium 5.3 EXP stackideasjoomla 13y ago Multiple cross-site scripting (XSS) vulnerabilities in the StackIdeas Komento (com_komento) component before 1.7.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1…
CVE-2014-0794 medium 5.3 EXP joomla 13y ago SQL injection vulnerability in the JV Comment (com_jvcomment) component before 3.0.3 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a comment.…
CVE-2013-5583 medium 4.3 joomla 13y ago Joomla! Cross-site Scripting vulnerability
CVE-2013-5576 medium 7.8 EXP joomla 13y ago administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended …
CVE-2013-3719 medium 4.3 algisinfojoomla 13y ago Cross-site scripting (XSS) vulnerability in the aiContactSafe component before 2.0.21 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-3534 medium 4.3 algisinfojoomla 13y ago Cross-site scripting (XSS) vulnerability in the aiContactSafe component before 2.0.21 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-3267 medium 4.3 joomla 13y ago Cross-site scripting (XSS) vulnerability in the highlighter plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified…
CVE-2013-3242 medium 6.5 EXP joomla 13y ago plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated use…
CVE-2013-3059 medium 4.3 joomla 13y ago Cross-site scripting (XSS) vulnerability in the Voting plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vect…
CVE-2013-3058 medium 4.3 joomla 13y ago Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-3057 medium 4.0 joomla 13y ago Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and list the privileges of arbitrary users via unspecified vectors.
CVE-2013-3056 medium 4.0 joomla 13y ago Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and delete the private messages of arbitrary users via unspecified vecto…
CVE-2013-1455 medium 5.0 joomla 14y ago Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to an "Undefined variable."
CVE-2013-1454 medium 5.0 joomla 14y ago Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to "Coding errors."
CVE-2013-1453 high 8.5 EXP joomla 14y ago plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary d…
CVE-2012-6514 medium 4.3 netshinesoftwarejoomla 14y ago Cross-site scripting (XSS) vulnerability in the nBill (com_nbill) component 2.3.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the message parameter in an income act…
CVE-2012-6503 critical 10.0 ninjaforgejoomla 14y ago Unspecified vulnerability in the NinjaXplorer component before 1.0.7 for Joomla! has unknown impact and attack vectors.
CVE-2012-1599 medium 5.0 joomla 14y ago Joomla! 1.5.x before 1.5.26 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end information" via unknown vectors. NOTE: this might be a duplicate…
CVE-2012-1598 high 7.5 joomla 14y ago Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to "insufficient randomness" and a "password reset vulnerability."
CVE-2010-5286 critical 10.0 EXP joobijoomla 14y ago Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the con…
CVE-2010-5280 high 8.5 EXP joomla-cbejoomla 14y ago Directory traversal vulnerability in the Community Builder Enhanced (CBE) (com_cbe) component 1.4.8, 1.4.9, and 1.4.10 for Joomla! allows remote attackers to include and execute arbitrary local files…
CVE-2012-5827 medium 4.3 joomla 14y ago Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors involving "Inadequate protection."
CVE-2012-4532 medium 4.3 joomla 14y ago Cross-site scripting (XSS) vulnerability in modules/mod_languages/tmpl/default.php in the Language Switcher module for Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web scrip…
CVE-2012-4531 medium 4.3 joomla 14y ago Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-5455 medium 4.3 joomla 14y ago Cross-site scripting (XSS) vulnerability in the language search component in Joomla! before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a …
CVE-2011-4911 medium 5.0 joomla 14y ago Joomla! before 1.5.12 does not perform a JEXEC check in unspecified files, which allows remote attackers to obtain the installation path via unspecified vectors.
CVE-2011-4910 medium 4.3 joomla 14y ago Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2011-4909 medium 5.3 EXP joomla 14y ago Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.5.12 allow remote attackers to inject arbitrary web script or HTML via the HTTP_REFERER header to (1) components/com_content/vi…
CVE-2012-5232 medium 4.3 mediafirejoomla 14y ago Cross-site scripting (XSS) vulnerability in the Quickl Form component for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.