joomla! project

Top products

The 15 most recently published vulnerabilities affecting joomla! project.

• CVE-2026-35221Joomla! Core - [20260506] - Authenticated blind SQLi in com_finder9.8May 26, 2026
• CVE-2026-48903Joomla! Framework - [20260519] - Inadequate content filtering within the checkAttribute filter code.6.1May 26, 2026
• CVE-2026-48896Joomla! Core - [20260511] - MFA Authentication Bypass7.5May 26, 2026
• CVE-2026-35220Joomla! Core - [20260505] - CSRF in user activation endpoint4.3May 26, 2026
• CVE-2026-40383Joomla! Core - [20260509] - LFI in HTMLView layout parameter9.8May 26, 2026
• CVE-2026-35222Joomla! Core - [20260507] - Authenticated blind SQLi in com_tags9.8May 26, 2026
• CVE-2026-40384Joomla! Core - [20260510] - Path traversal in com_media webservice endpoint7.5May 26, 2026
• CVE-2026-48905Joomla! Framework - [20260520] - Inadequate content filtering within the cleanAttributes filter code.6.1May 26, 2026
• CVE-2026-48897Joomla! Core - [20260512] - MFA Authentication Bypass7.5May 26, 2026
• CVE-2026-25901Joomla! Core - [20260502] - XSS in com_associations6.1May 26, 2026
• CVE-2026-48899Joomla! Core - [20260515] - Incorrect Access Control in sample data plugins9.8May 26, 2026
• CVE-2026-48900Joomla! Core - [20260516] - Incorrect Access Control in com_scheduler4.3May 26, 2026
• CVE-2026-48902Joomla! Core - [20260518] - Transport encryption downgrade for password and username reset links9.8May 26, 2026
• CVE-2026-35223Joomla! Core - [20260508] - Improper access check in com_config webservice endpoints9.8May 26, 2026
• CVE-2026-25900Joomla! Core - [20260501] - XSS in feed modules6.1May 26, 2026