Filtered by vendor Joomla
Subscriptions
Filtered by product Joomla
Subscriptions
Total
232 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54474 | 1 Joomla | 2 Joomla, Joomla! | 2026-04-15 | N/A |
| A SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands. | ||||
| CVE-2025-54301 | 1 Joomla | 2 Joomla, Joomla! | 2026-04-15 | N/A |
| A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. File names are not properly escaped. | ||||
| CVE-2025-63083 | 1 Joomla | 3 Joomla, Joomla!, Joomla\! | 2026-01-30 | 6.1 Medium |
| Lack of output escaping leads to a XSS vector in the pagebreak plugin. | ||||
| CVE-2025-63082 | 1 Joomla | 3 Joomla, Joomla!, Joomla\! | 2026-01-30 | 6.1 Medium |
| Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags. | ||||
| CVE-2010-0696 | 2 Joomla, Joomlaworks | 2 Joomla, Jw Allvideos | 2025-04-11 | N/A |
| Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter. | ||||
| CVE-2010-3028 | 2 Joomla, Simon Philips | 2 Joomla, Aardvertiser | 2025-04-11 | N/A |
| The Aardvertiser component before 2.2.1 for Joomla! uses insecure permissions (777) in unspecified folders, which allows local users to modify, create, or delete certain files. | ||||
| CVE-2010-1470 | 2 Dev.pucit.edu.pk, Joomla | 2 Com Webtv, Joomla | 2025-04-11 | N/A |
| Directory traversal vulnerability in the Web TV (com_webtv) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | ||||
| CVE-2010-1217 | 2 Je Form Creator, Joomla | 2 Je Form Creator, Joomla | 2025-04-11 | N/A |
| Directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE: the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected. | ||||
| CVE-2010-0694 | 2 Joomla, Percha | 2 Joomla, Com Perchagallery | 2025-04-11 | N/A |
| SQL injection vulnerability in the PerchaGallery (com_perchagallery) component before 1.5b for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an editunidad action to index.php. | ||||
| CVE-2010-1219 | 2 Com Janews, Joomla | 2 Com Janews, Joomla | 2025-04-11 | N/A |
| Directory traversal vulnerability in the JA News (com_janews) component 1.0 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-4789 | 2 Joomla, Mojoblog | 2 Joomla, Mojoblog | 2025-04-11 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the MojoBlog component RC 0.15 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) wp-comments-post.php and (2) wp-trackback.php. | ||||
| CVE-2010-0461 | 1 Joomla | 2 Com Casino, Joomla | 2025-04-11 | N/A |
| SQL injection vulnerability in the casino (com_casino) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) category or (2) player action to index.php. | ||||