Joomla 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには パス処理の欠陥、vendor risk input validation、vendor risk csrf, and vendor risk open redirect があり、vendor surface production workloads and vendor surface software deployment の利用場面で vendor impact session compromise、ファイル上書き, and vendor impact unexpected behavior などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-48905 | Lack of input filtering leads to an XSS vector in the HTML filter code. | [email protected] | 6.9 | 0.01% | 2026-05-26 | 2026-05-26 |
| CVE-2026-48904 | An improper access check allows privelege escalation through the com_users group editing webservice endpoint. | [email protected] | 8.2 | 0.00% | 2026-05-26 | 2026-05-26 |
| CVE-2026-48903 | Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components. | [email protected] | 6.9 | 0.01% | 2026-05-26 | 2026-05-26 |
| CVE-2026-48902 | The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set. | [email protected] | 9.8 | 0.02% | 2026-05-26 | 2026-06-02 |
| CVE-2026-48901 | The InputFilter::getInstance() method omitted a security sensitive parameter from the instance cache key. | [email protected] | 7.5 | 0.02% | 2026-05-26 | 2026-05-28 |
| CVE-2026-48900 | An improper access check allowed low privileged users to edit the task types of existing scheduler tasks. | [email protected] | 6.4 | 0.00% | 2026-05-26 | 2026-05-26 |
| CVE-2026-48899 | An improper access check allows privilege escalation through the com_users batch task. | [email protected] | 5.3 | 0.00% | 2026-05-26 | 2026-05-26 |
| CVE-2026-48898 | An improper access check allows privilege escalation through the com_users batch task. | [email protected] | 8.2 | 0.00% | 2026-05-26 | 2026-05-26 |
| CVE-2026-48897 | Insufficient state checks lead to a vector that allows to bypass 2FA checks. | [email protected] | 8.2 | 0.04% | 2026-05-26 | 2026-05-28 |
| CVE-2026-48896 | Insufficient state checks lead to a vector that allows to bypass 2FA checks. | [email protected] | 8.2 | 0.01% | 2026-05-26 | 2026-05-28 |
| CVE-2026-40384 | An improper validation of the search parameter of the com_media files API endpoint leads to a path traversal vulnerability. | [email protected] | 5.9 | 0.02% | 2026-05-26 | 2026-05-28 |
| CVE-2026-40383 | An improper validation of user-supplied input leads to a local file inclusion vulnerability. | [email protected] | 7.5 | 0.00% | 2026-05-26 | 2026-05-27 |
| CVE-2026-35223 | An improper access check allows unauthorized access to com_config webservice endpoints. | [email protected] | 8.6 | 0.04% | 2026-05-26 | 2026-05-28 |
| CVE-2026-35222 | Improperly validated order clauses lead to a SQL injection vulnerability in com_tags. | [email protected] | 6.9 | 0.00% | 2026-05-26 | 2026-05-27 |
| CVE-2026-35221 | Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder. | [email protected] | 6.9 | 0.03% | 2026-05-26 | 2026-05-27 |
| CVE-2026-35220 | Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of com_users. | [email protected] | 4.6 | 0.02% | 2026-05-26 | 2026-05-27 |
| CVE-2026-30895 | Lack of output escaping leads to a XSS vector in the readmore links for com_content. | [email protected] | 6.9 | 0.04% | 2026-05-26 | 2026-05-27 |
| CVE-2026-30894 | Lack of output escaping leads to a XSS vector in the content history component. | [email protected] | 6.9 | 0.04% | 2026-05-26 | 2026-05-27 |
| CVE-2026-25901 | Lack of output escaping leads to a XSS vector in the multilingual associations component. | [email protected] | 6.9 | 0.04% | 2026-05-26 | 2026-05-27 |
| CVE-2026-25900 | Lack of output escaping leads to a XSS vector in the feed modules. | [email protected] | 6.9 | 0.04% | 2026-05-26 | 2026-05-27 |