Joomla! cms
This hub aggregates every CVE we track for Joomla! cms. Use it to gauge the current risk picture and drill into individual advisories.
other
97
CVEs tracked
16
Critical
23
High
1
In CISA KEV
Severity distribution
MEDIUM58HIGH23CRITICAL16
Monthly trend
5
5
0
0
0
0
3
1
1
1
0
0
0
0
1
0
0
0
2
0
0
5
18
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Joomla! cms.
- CVE-2026-35221Joomla! Core - [20260506] - Authenticated blind SQLi in com_finder9.8
- CVE-2026-48896Joomla! Core - [20260511] - MFA Authentication Bypass7.5
- CVE-2026-35220Joomla! Core - [20260505] - CSRF in user activation endpoint4.3
- CVE-2026-40383Joomla! Core - [20260509] - LFI in HTMLView layout parameter9.8
- CVE-2026-35222Joomla! Core - [20260507] - Authenticated blind SQLi in com_tags9.8
- CVE-2026-40384Joomla! Core - [20260510] - Path traversal in com_media webservice endpoint7.5
- CVE-2026-48897Joomla! Core - [20260512] - MFA Authentication Bypass7.5
- CVE-2026-25901Joomla! Core - [20260502] - XSS in com_associations6.1
- CVE-2026-48899Joomla! Core - [20260515] - Incorrect Access Control in sample data plugins9.8
- CVE-2026-48900Joomla! Core - [20260516] - Incorrect Access Control in com_scheduler4.3
- CVE-2026-48902Joomla! Core - [20260518] - Transport encryption downgrade for password and username reset links9.8
- CVE-2026-35223Joomla! Core - [20260508] - Improper access check in com_config webservice endpoints9.8
- CVE-2026-25900Joomla! Core - [20260501] - XSS in feed modules6.1
- CVE-2026-48904Joomla! Core - [20260514] - Privilege escalation through com_users webservice endpoints9.8
- CVE-2026-30895Joomla! Core - [20260504] - XSS in readmore links6.1
Product normalization is registry-driven with AI assist and human review. How it works