Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Joomla! CMS — Vulnerabilities & Security Advisories 81

All 81 CVE vulnerabilities found in Joomla! CMS, with AI-generated Chinese analysis, references, and POCs.

Vendor: Joomla! Project

CVE IDTitleCVSSSeverityPublished
CVE-2026-21630 Joomla! Core - [20260302] - SQL injection in com_content articles webservice endpoint CWE-89 9.8AICriticalAI2026-04-01
CVE-2026-23898 Joomla! Core - [20260305] - Arbitrary file deletion in com_joomlaupdate CWE-73 9.1AICriticalAI2026-04-01
CVE-2026-21629 Joomla! Core - [20260301] - ACL hardening in com_ajax CWE-284 9.8AICriticalAI2026-04-01
CVE-2026-23899 Joomla! Core - [20260306] - Improper access check in webservice endpoints CWE-284 8.1AIHighAI2026-04-01
CVE-2026-21631 Joomla! Core - [20260303] - XSS vector in com_associations comparison view CWE-79 6.1AIMediumAI2026-04-01
CVE-2026-21632 Joomla! Core - [20260304] - XSS vectors in various article title outputs CWE-79 5.4AIMediumAI2026-04-01
CVE-2025-63082 Joomla! Core - [20260101] - Inadequate content filtering for data URLs CWE-79 6.1 -2026-01-06
CVE-2025-63083 Joomla! Core - [20260102] - XSS vector in the pagebreak plugin CWE-79 6.1 -2026-01-06
CVE-2025-54477 Joomla! Core - [20250902] User-Enumeration in passkey authentication method CWE-203 5.3AIMediumAI2025-09-30
CVE-2025-54476 Joomla! Core - [20250901] Inadequate content filtering within the checkAttribute filter code CWE-79 6.1AIMediumAI2025-09-30
CVE-2025-25227 [20250402] - Joomla Core - MFA Authentication Bypass CWE-287 8.1 -2025-04-08
CVE-2025-22213 [20250301] - Core - Malicious file uploads via Media Manager CWE-434 8.8 -2025-03-11
CVE-2025-22207 [20250201] - Core - SQL injection vulnerability in Scheduled Tasks component CWE-89 8.8 -2025-02-18
CVE-2024-40749 [20250103] - Core - Read ACL violation in multiple core views CWE-284 6.5 -2025-01-07
CVE-2024-40747 [20250101] - Core - XSS vectors in module chromes CWE-79 6.1 -2025-01-07
CVE-2024-40748 [20250102] - Core - XSS vector in the id attribute of menu lists CWE-79 8.2 -2025-01-07
CVE-2024-27185 [20240802] - Core - Cache Poisoning in Pagination 7.5AIHighAI2024-08-20
CVE-2024-27186 [20240803] - Core - XSS in HTML Mail Templates CWE-79 6.1AIMediumAI2024-08-20
CVE-2024-27184 [20240801] - Core - Inadequate validation of internal URLs CWE-601 5.4AIMediumAI2024-08-20
CVE-2024-40743 [20240805] - Core - XSS vectors in Outputfilter::strip* methods CWE-79 6.1AIMediumAI2024-08-20
CVE-2024-27187 [20240804] - Core - Improper ACL for backend profile view CWE-284 6.5AIMediumAI2024-08-20
CVE-2024-21729 [20240701] - Core - XSS in accessible media selection field CWE-79 6.1AIMediumAI2024-07-09
CVE-2024-21730 [20240702] - Core - Self-XSS in fancyselect list field layout CWE-79 6.1AIMediumAI2024-07-09
CVE-2024-26279 [20240704] - Core - XSS in Wrapper extensions CWE-79 6.1AIMediumAI2024-07-09
CVE-2024-26278 [20240705] - Core - XSS in com_fields default field value CWE-79 6.1AIMediumAI2024-07-09
CVE-2024-21731 [20240703] - Core - XSS in StringHelper::truncate method CWE-79 6.1AIMediumAI2024-07-09
CVE-2024-21723 [20240202] - Core - Open redirect in installation application CWE-601 6.1 -2024-02-20
CVE-2024-21725 [20240204] - Core - XSS in mail address outputs CWE-79 6.1 -2024-02-20
CVE-2024-21724 [20240203] - Core - XSS in media selection fields CWE-79 6.1 -2024-02-20
CVE-2024-21722 [20240201] - Core - Insufficient session expiration in MFA management views CWE-613 4.3 -2024-02-20

All 81 known CVE vulnerabilities affecting Joomla! CMS with full Chinese analysis, references, and POCs where available.