Known Vulnerabilities for products from Joomla
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Joomla".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-34424 json | Not Provided | 2026-04-09 | 2026-04-09 | |
| CVE-2026-23899 json | An improper access check allows unauthorized access to webservice endpoints. | Not Provided | 2026-04-01 | 2026-04-09 |
| CVE-2026-23898 json | Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism. | Not Provided | 2026-04-01 | 2026-04-09 |
| CVE-2026-21632 json | Lack of output escaping for article titles leads to XSS vectors in various locations. | Not Provided | 2026-04-01 | 2026-04-09 |
| CVE-2026-21631 json | Lack of output escaping leads to a XSS vector in the multilingual associations component. | Not Provided | 2026-04-01 | 2026-04-09 |
| CVE-2026-21630 json | Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint. | Not Provided | 2026-04-01 | 2026-04-09 |
| CVE-2026-21629 json | The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potential... | Not Provided | 2026-04-01 | 2026-04-09 |
| CVE-2023-54364 json | Not Provided | 2026-04-09 | 2026-04-10 | |
| CVE-2023-54363 json | Not Provided | 2026-04-09 | 2026-04-10 | |
| CVE-2023-54362 json | Not Provided | 2026-04-09 | 2026-04-09 | |
| CVE-2023-54361 json | Not Provided | 2026-04-09 | 2026-04-10 | |
| CVE-2023-54360 json | Not Provided | 2026-04-09 | 2026-04-09 | |
| CVE-2023-40626 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2023-11-29 | 2023-12-05 |
| CVE-2023-23755 json | An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of rate limiting allowed brute force attacks against MFA met... | 7.5 - HIGH | 2023-05-30 | 2023-06-06 |
| CVE-2023-23754 json | An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within... | 6.1 - MEDIUM | 2023-05-30 | 2023-06-06 |
| CVE-2023-23752 json | An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice end... | 5.3 - MEDIUM | 2023-02-16 | 2024-01-09 |
| CVE-2023-23751 json | An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_action... | 4.3 - MEDIUM | 2023-02-01 | 2023-02-09 |
| CVE-2023-23750 json | An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of ... | 6.3 - MEDIUM | 2023-02-01 | 2023-02-08 |
| CVE-2022-27914 json | An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to ref... | 6.1 - MEDIUM | 2022-11-08 | 2023-12-02 |
| CVE-2022-27913 json | An issue was discovered in Joomla! 4.2.0 through 4.2.3. Inadequate filtering of potentially malicious user input leads to ref... | 6.1 - MEDIUM | 2022-10-25 | 2023-12-02 |