Joomla 漏洞與 CVE 列表(534)

產品(CPE): — CVE 數: 534

Joomla 漏洞概覽

彙總 Joomla 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。

常見弱點模式包括 路徑處理缺陷、輸入驗證問題、CSRF與開放重定向,在 生產負載與軟體部署 使用場景中可能帶來 工作階段劫持、檔案覆寫與異常行為 等風險。

相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。

漏洞分布趨勢(近 24 個月)

顯示 120534 CVE 數
«« 第一頁 « 上一頁 第 1 / 27 頁 下一頁 »
CVE 摘要 來源 最高 CVSS EPSS % 公開時間 更新時間
CVE-2026-48905 Lack of input filtering leads to an XSS vector in the HTML filter code. [email protected] 6.9 0.14% 2026-05-26 2026-06-17
CVE-2026-48904 An improper access check allows privelege escalation through the com_users group editing webservice endpoint. [email protected] 8.2 0.29% 2026-05-26 2026-06-17
CVE-2026-48903 Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components. [email protected] 6.9 0.14% 2026-05-26 2026-06-17
CVE-2026-48902 The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set. [email protected] 9.8 0.19% 2026-05-26 2026-06-17
CVE-2026-48901 The InputFilter::getInstance() method omitted a security sensitive parameter from the instance cache key. [email protected] 7.5 0.24% 2026-05-26 2026-06-17
CVE-2026-48900 An improper access check allowed low privileged users to edit the task types of existing scheduler tasks. [email protected] 6.4 0.15% 2026-05-26 2026-06-17
CVE-2026-48899 An improper access check allows privilege escalation through the com_users batch task. [email protected] 5.3 0.23% 2026-05-26 2026-06-17
CVE-2026-48898 An improper access check allows privilege escalation through the com_users batch task. [email protected] 8.2 0.27% 2026-05-26 2026-06-17
CVE-2026-48897 Insufficient state checks lead to a vector that allows to bypass 2FA checks. [email protected] 8.2 0.21% 2026-05-26 2026-06-17
CVE-2026-48896 Insufficient state checks lead to a vector that allows to bypass 2FA checks. [email protected] 8.2 0.30% 2026-05-26 2026-06-17
CVE-2026-40384 An improper validation of the search parameter of the com_media files API endpoint leads to a path traversal vulnerability. [email protected] 5.9 0.45% 2026-05-26 2026-06-17
CVE-2026-40383 An improper validation of user-supplied input leads to a local file inclusion vulnerability. [email protected] 7.5 0.48% 2026-05-26 2026-06-17
CVE-2026-35223 An improper access check allows unauthorized access to com_config webservice endpoints. [email protected] 8.6 0.35% 2026-05-26 2026-06-17
CVE-2026-35222 Improperly validated order clauses lead to a SQL injection vulnerability in com_tags. [email protected] 6.9 0.31% 2026-05-26 2026-06-17
CVE-2026-35221 Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder. [email protected] 6.9 0.31% 2026-05-26 2026-06-17
CVE-2026-35220 Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of com_users. [email protected] 4.6 0.10% 2026-05-26 2026-06-17
CVE-2026-30895 Lack of output escaping leads to a XSS vector in the readmore links for com_content. [email protected] 6.9 0.18% 2026-05-26 2026-06-17
CVE-2026-30894 Lack of output escaping leads to a XSS vector in the content history component. [email protected] 6.9 0.18% 2026-05-26 2026-06-17
CVE-2026-25901 Lack of output escaping leads to a XSS vector in the multilingual associations component. [email protected] 6.9 0.18% 2026-05-26 2026-06-17
CVE-2026-25900 Lack of output escaping leads to a XSS vector in the feed modules. [email protected] 6.9 0.18% 2026-05-26 2026-06-17
«« 第一頁 « 上一頁 第 1 / 27 頁 下一頁 »
cvelogic Threat Intelligence