Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Joomla! Project — Vulnerabilities & Security Advisories 82

Browse all 82 CVE security advisories affecting Joomla! Project. AI-powered Chinese analysis, POCs, and references for each vulnerability.

The Joomla! Project develops an open-source content management system widely used for building websites and online applications. Historically, its codebase has been associated with numerous security flaws, including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. These issues often stem from insufficient input validation and improper access controls within extensions or core components. With eighty-two recorded CVEs, the project demonstrates a pattern of recurring weaknesses that require diligent patching. While the core framework itself has seen improvements, the extensive ecosystem of third-party extensions frequently introduces additional attack surfaces. Major incidents have highlighted the critical importance of timely updates and secure configuration practices. Administrators must prioritize vulnerability management to mitigate risks, as the platform’s popularity makes it a frequent target for automated exploitation attempts seeking to compromise underlying server infrastructure.

Top products by Joomla! Project: Joomla! CMS Joomla! Framework
CVE IDTitleCVSSSeverityPublished
CVE-2026-21630 Joomla! Core - [20260302] - SQL injection in com_content articles webservice endpoint — Joomla! CMSCWE-89 9.8AICriticalAI2026-04-01
CVE-2026-23898 Joomla! Core - [20260305] - Arbitrary file deletion in com_joomlaupdate — Joomla! CMSCWE-73 9.1AICriticalAI2026-04-01
CVE-2026-21629 Joomla! Core - [20260301] - ACL hardening in com_ajax — Joomla! CMSCWE-284 9.8AICriticalAI2026-04-01
CVE-2026-23899 Joomla! Core - [20260306] - Improper access check in webservice endpoints — Joomla! CMSCWE-284 8.1AIHighAI2026-04-01
CVE-2026-21631 Joomla! Core - [20260303] - XSS vector in com_associations comparison view — Joomla! CMSCWE-79 6.1AIMediumAI2026-04-01
CVE-2026-21632 Joomla! Core - [20260304] - XSS vectors in various article title outputs — Joomla! CMSCWE-79 5.4AIMediumAI2026-04-01
CVE-2025-63082 Joomla! Core - [20260101] - Inadequate content filtering for data URLs — Joomla! CMSCWE-79 6.1 -2026-01-06
CVE-2025-63083 Joomla! Core - [20260102] - XSS vector in the pagebreak plugin — Joomla! CMSCWE-79 6.1 -2026-01-06
CVE-2025-54477 Joomla! Core - [20250902] User-Enumeration in passkey authentication method — Joomla! CMSCWE-203 5.3AIMediumAI2025-09-30
CVE-2025-54476 Joomla! Core - [20250901] Inadequate content filtering within the checkAttribute filter code — Joomla! CMSCWE-79 6.1AIMediumAI2025-09-30
CVE-2025-25226 [20250401] - Joomla Framework - SQL injection vulnerability in quoteNameStr method of Database package — Joomla! FrameworkCWE-89 9.8AICriticalAI2025-04-08
CVE-2025-25227 [20250402] - Joomla Core - MFA Authentication Bypass — Joomla! CMSCWE-287 8.1 -2025-04-08
CVE-2025-22213 [20250301] - Core - Malicious file uploads via Media Manager — Joomla! CMSCWE-434 8.8 -2025-03-11
CVE-2025-22207 [20250201] - Core - SQL injection vulnerability in Scheduled Tasks component — Joomla! CMSCWE-89 8.8 -2025-02-18
CVE-2024-40749 [20250103] - Core - Read ACL violation in multiple core views — Joomla! CMSCWE-284 6.5 -2025-01-07
CVE-2024-40747 [20250101] - Core - XSS vectors in module chromes — Joomla! CMSCWE-79 6.1 -2025-01-07
CVE-2024-40748 [20250102] - Core - XSS vector in the id attribute of menu lists — Joomla! CMSCWE-79 8.2 -2025-01-07
CVE-2024-27185 [20240802] - Core - Cache Poisoning in Pagination — Joomla! CMS 7.5AIHighAI2024-08-20
CVE-2024-27186 [20240803] - Core - XSS in HTML Mail Templates — Joomla! CMSCWE-79 6.1AIMediumAI2024-08-20
CVE-2024-27184 [20240801] - Core - Inadequate validation of internal URLs — Joomla! CMSCWE-601 5.4AIMediumAI2024-08-20
CVE-2024-40743 [20240805] - Core - XSS vectors in Outputfilter::strip* methods — Joomla! CMSCWE-79 6.1AIMediumAI2024-08-20
CVE-2024-27187 [20240804] - Core - Improper ACL for backend profile view — Joomla! CMSCWE-284 6.5AIMediumAI2024-08-20
CVE-2024-21729 [20240701] - Core - XSS in accessible media selection field — Joomla! CMSCWE-79 6.1AIMediumAI2024-07-09
CVE-2024-21730 [20240702] - Core - Self-XSS in fancyselect list field layout — Joomla! CMSCWE-79 6.1AIMediumAI2024-07-09
CVE-2024-26279 [20240704] - Core - XSS in Wrapper extensions — Joomla! CMSCWE-79 6.1AIMediumAI2024-07-09
CVE-2024-26278 [20240705] - Core - XSS in com_fields default field value — Joomla! CMSCWE-79 6.1AIMediumAI2024-07-09
CVE-2024-21731 [20240703] - Core - XSS in StringHelper::truncate method — Joomla! CMSCWE-79 6.1AIMediumAI2024-07-09
CVE-2024-21723 [20240202] - Core - Open redirect in installation application — Joomla! CMSCWE-601 6.1 -2024-02-20
CVE-2024-21725 [20240204] - Core - XSS in mail address outputs — Joomla! CMSCWE-79 6.1 -2024-02-20
CVE-2024-21724 [20240203] - Core - XSS in media selection fields — Joomla! CMSCWE-79 6.1 -2024-02-20

This page lists every published CVE security advisory associated with Joomla! Project. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.