Search Results (991 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-1957 2 Joomla, Mambo-foundation 2 Joomla\!, Mambo 2026-04-16 N/A
The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to cause a denial of service (disk consumption and possibly web-server outage) via multiple requests with different values of the feed parameter.
CVE-2006-4556 2 Joomla, Mambo 2 Jim Component, Jim Component 2026-04-16 N/A
PHP remote file inclusion vulnerability in index.php in the JIM component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has stated that the product distribution does not include an index.php file. Also, this might be related to CVE-2006-4242
CVE-2006-1030 1 Joomla 1 Joomla 2026-04-16 N/A
Unspecified vulnerability in mod_templatechooser in Joomla! 1.0.7 allows remote attackers to obtain sensitive information via an unspecified attack vector that reveals the path.
CVE-2006-1048 1 Joomla 1 Joomla 2026-04-16 N/A
Joomla! 1.0.7 and earlier allows attackers to bypass intended access restrictions and gain certain privileges via certain attack vectors related to the (1) Weblink, (2) Polls, (3) Newsfeeds, (4) Weblinks, (5) Content, (6) Content Section, (7) Content Category, (8) Contact items, or (9) Contact Search, (10) Content Search, (11) Newsfeed Search, or (12) Weblink Search.
CVE-2006-4992 1 Joomla 1 Jd-wordpress 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in JD-WordPress for Joomla! (com_jd-wp) 2.0-1.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) wp-comments-post.php, (2) wp-feed.php, or (3) wp-trackback.php.
CVE-2006-4074 1 Joomla 1 Jd-wiki 2026-04-16 N/A
PHP remote file inclusion vulnerability in lib/tpl/default/main.php in the JD-Wiki Component (com_jd-wiki) 1.0.2 and earlier for Joomla!, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2006-4242 1 Joomla 1 Jim Instant Messaging Component 2026-04-16 N/A
PHP remote file inclusion vulnerability in install.jim.php in the JIM 1.0.1 component for Joomla or Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2006-4473 1 Joomla 1 Joomla 2026-04-16 N/A
Unspecified vulnerability in com_content in Joomla! before 1.0.11, when $mosConfig_hideEmail is set, allows attackers to perform the emailform and emailsend tasks.
CVE-2006-3969 1 Joomla 1 Colophon 2026-04-16 N/A
PHP remote file inclusion vulnerability in administrator/components/com_colophon/admin.colophon.php in Colophon 1.2 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2005-3772 1 Joomla 1 Joomla 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Joomla! before 1.0.4 allow remote attackers to execute arbitrary SQL commands via the (1) Itemid variable in the Polls modules and (2) multiple unspecified methods in the mosDBTable class.
CVE-2006-1027 1 Joomla 1 Joomla 2026-04-16 N/A
feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 allows remote attackers to obtain sensitive information via a "/" (slash) in the feed parameter to index.php, which reveals the path in an error message.
CVE-2005-4650 1 Joomla 1 Joomla\! 2026-04-16 5.3 Medium
Joomla! 1.03 does not restrict the number of "Search" Mambots, which allows remote attackers to cause a denial of service (resource consumption) via a large number of Search Mambots.
CVE-2025-54477 1 Joomla 2 Joomla, Joomla! 2026-04-15 5.3 Medium
Improper handling of authentication requests lead to a user enumeration vector in the passkey authentication method.
CVE-2025-54301 1 Joomla 2 Joomla, Joomla! 2026-04-15 N/A
A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. File names are not properly escaped.
CVE-2025-54474 1 Joomla 2 Joomla, Joomla! 2026-04-15 N/A
A SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands.
CVE-2025-54300 1 Joomla 2 Joomla, Joomla! 2026-04-15 N/A
A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. The SVG upload feature does not sanitize uploads.
CVE-2025-54475 2 Joomla, Joomsky 3 Joomla, Joomla!, Js Jobs 2026-04-15 N/A
A SQL injection vulnerability in the JS Jobs plugin versions 1.3.2-1.4.4 for Joomla allows low-privilege users to execute arbitrary SQL commands.
CVE-2025-54297 1 Joomla 1 Joomla 2026-04-15 N/A
A stored XSS vulnerability in CComment component 5.0.0-6.1.14 for Joomla was discovered.
CVE-2025-55757 2 Joomla, Virtuemart 3 Joomla, Joomla!, Virtuemart 2026-04-15 6.1 Medium
A unauthenticated reflected XSS vulnerability in VirtueMart 1.0.0-4.4.10 for Joomla was discovered.
CVE-2025-54298 1 Joomla 2 Joomla, Joomla! 2026-04-15 N/A
A stored XSS vulnerability in CommentBox component 1.0.0-1.1.0 for Joomla was discovered.