ReportizFlow
Filtered by vendor Joomla
Subscriptions
Filtered by product Joomla\!
Subscriptions
Total
611 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-1736 | 1 Joomla | 2 Com Gsticketsystem, Joomla\! | 2026-04-23 | N/A |
| SQL injection vulnerability in the GridSupport (GS) Ticket System (com_gsticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewCategory action to index.php. | ||||
| CVE-2009-4475 | 2 Joomla, Joomlub | 2 Joomla\!, Com Joomlub | 2026-04-23 | N/A |
| SQL injection vulnerability in the Joomlub (com_joomlub) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an auction edit action to index.php. | ||||
| CVE-2007-4189 | 1 Joomla | 1 Joomla\! | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the (1) com_search, (2) com_content, and (3) mod_login components. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-4122 | 1 Joomla | 1 Joomla\! | 2026-04-23 | 7.5 High |
| Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | ||||
| CVE-2009-4232 | 2 Jonijnm, Joomla | 2 Com Kide, Joomla\! | 2026-04-23 | N/A |
| The Kide Shoutbox (com_kide) component 0.4.6 for Joomla! does not properly perform authentication, which allows remote attackers to post messages with an arbitrary account name via an insertar action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-3491 | 2 Joomla, Kinfusion | 2 Joomla\!, Com Sportfusion | 2026-04-23 | N/A |
| SQL injection vulnerability in the Kinfusion SportFusion (com_sportfusion) component 0.2.2 through 0.2.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid[0] parameter in a teamdetail action to index.php. | ||||
| CVE-2016-10033 | 3 Joomla, Phpmailer Project, Wordpress | 3 Joomla\!, Phpmailer, Wordpress | 2026-04-21 | 9.8 Critical |
| The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property. | ||||
| CVE-2006-1957 | 2 Joomla, Mambo-foundation | 2 Joomla\!, Mambo | 2026-04-16 | N/A |
| The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to cause a denial of service (disk consumption and possibly web-server outage) via multiple requests with different values of the feed parameter. | ||||
| CVE-2006-4470 | 1 Joomla | 1 Joomla\! | 2026-04-16 | N/A |
| Joomla! before 1.0.11 omits some checks for whether _VALID_MOS is defined, which allows attackers to have an unknown impact, possibly resulting in PHP remote file inclusion. | ||||
| CVE-2006-4468 | 1 Joomla | 1 Joomla\! | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to unvalidated input, allow attackers to have an unknown impact via unspecified vectors involving the (1) mosMail, (2) JosIsValidEmail, and (3) josSpoofValue functions; (4) the lack of inclusion of globals.php in administrator/index.php; (5) the Admin User Manager; and (6) the poll module. | ||||
| CVE-2005-4650 | 1 Joomla | 1 Joomla\! | 2026-04-16 | 5.3 Medium |
| Joomla! 1.03 does not restrict the number of "Search" Mambots, which allows remote attackers to cause a denial of service (resource consumption) via a large number of Search Mambots. | ||||
| CVE-2006-4472 | 1 Joomla | 1 Joomla\! | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in Joomla! before 1.0.11 allow attackers to bypass user authentication via unknown vectors involving the (1) do_pdf command and the (2) emailform com_content task. | ||||
| CVE-2006-4469 | 1 Joomla | 1 Joomla\! | 2026-04-16 | N/A |
| Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11 allows remote attackers to perform "remote execution," related to "Injection Flaws." | ||||
| CVE-2006-4471 | 1 Joomla | 1 Joomla\! | 2026-04-16 | N/A |
| The Admin Upload Image functionality in Joomla! before 1.0.11 allows remote authenticated users to upload files outside of the /images/stories/ directory via unspecified vectors. | ||||
| CVE-2026-21632 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-04-10 | 5.4 Medium |
| Lack of output escaping for article titles leads to XSS vectors in various locations. | ||||
| CVE-2026-21631 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-04-10 | 5.4 Medium |
| Lack of output escaping leads to a XSS vector in the multilingual associations component. | ||||
| CVE-2026-23899 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-04-10 | 8.8 High |
| An improper access check allows unauthorized access to webservice endpoints. | ||||
| CVE-2026-21629 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-04-10 | 7.3 High |
| The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers. | ||||
| CVE-2026-23898 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-04-10 | 7.2 High |
| Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism. | ||||
| CVE-2026-21630 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-04-10 | 8.8 High |
| Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint. | ||||