Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2024-27185

    The pagination class includes arbitrary parameters in links, leading to cache poisoning attack vectors.... Read more

    Affected Products : joomla\!
    • Published: Aug. 20, 2024
    • Modified: Jun. 04, 2025

  • 6.1

    MEDIUM
    CVE-2024-27186

    The mail template feature lacks an escaping mechanism, causing XSS vectors in multiple extensions.... Read more

    Affected Products : joomla\!
    • Published: Aug. 20, 2024
    • Modified: Jun. 04, 2025

  • 7.5

    HIGH
    CVE-2024-27187

    Improper Access Controls allows backend users to overwrite their username when disallowed.... Read more

    Affected Products : joomla\!
    • Published: Aug. 20, 2024
    • Modified: Jun. 04, 2025

  • 6.1

    MEDIUM
    CVE-2024-40743

    The stripImages and stripIframes methods didn't properly process inputs, leading to XSS vectors.... Read more

    Affected Products : joomla\!
    • Published: Aug. 20, 2024
    • Modified: Jun. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-40744

    Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.8.... Read more

    Affected Products : convert_forms
    • Published: Dec. 04, 2024
    • Modified: Jun. 04, 2025

  • 5.4

    MEDIUM
    CVE-2024-40745

    Reflected Cross site scripting vulnerability in Convert Forms component for Joomla in versions before 4.4.8.... Read more

    Affected Products : convert_forms
    • Published: Dec. 04, 2024
    • Modified: Jun. 04, 2025

  • 6.1

    MEDIUM
    CVE-2024-40747

    Various module chromes didn't properly process inputs, leading to XSS vectors.... Read more

    Affected Products : joomla\!
    • Published: Jan. 07, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-40748

    Lack of output escaping in the id attribute of menu lists.... Read more

    Affected Products : joomla\!
    • Published: Jan. 07, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-40749

    Improper Access Controls allows access to protected views.... Read more

    Affected Products : joomla\!
    • Published: Jan. 07, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-22204

    Improper control of generation of code in the sourcerer extension for Joomla in versions before 11.0.0 lead to a remote code execution vulnerability.... Read more

    Affected Products : sourcerer
    • Published: Feb. 04, 2025
    • Modified: Jun. 04, 2025

  • 7.5

    HIGH
    CVE-2025-22205

    Improper handling of input variables lead to multiple path traversal vulnerabilities in the Admiror Gallery extension for Joomla in version branch 4.x.... Read more

    Affected Products : admiror_gallery
    • Published: Feb. 04, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Path Traversal

  • 4.7

    MEDIUM
    CVE-2025-22206

    A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.2 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'fieldfor' parameter in the GDPR Field feature.... Read more

    Affected Products : js_jobs
    • Published: Feb. 04, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Injection

  • 4.7

    MEDIUM
    CVE-2025-22208

    A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'filter_email' parameter in the GDPR Erase Data Request search feature.... Read more

    Affected Products : js_jobs
    • Published: Feb. 15, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Injection

  • 4.7

    MEDIUM
    CVE-2025-22209

    A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'searchpaymentstatus' parameter in the Employer Payment History search feature.... Read more

    Affected Products : js_jobs
    • Published: Feb. 15, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-22210

    A SQL injection vulnerability in the Hikashop component versions 3.3.0-5.1.4 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the category management area in backend.... Read more

    Affected Products : hikashop
    • Published: Feb. 25, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-25226

    Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Please note: the affected method is a protected method. It has no usages in the original packages in neither the 2.x nor 3.x branch ... Read more

    Affected Products : joomla\! joomla
    • Published: Apr. 08, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-25227

    Insufficient state checks lead to a vector that allows to bypass 2FA checks.... Read more

    Affected Products : joomla\! joomla
    • Published: Apr. 08, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2024-10144

    The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when th... Read more

    Affected Products : robo_gallery
    • Published: May. 15, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-10054

    The Happyforms WordPress plugin before 1.26.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (f... Read more

    Affected Products : happyforms
    • Published: May. 15, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-10107

    The Giveaways and Contests by RafflePress WordPress plugin before 1.12.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html... Read more

    Affected Products : rafflepress
    • Published: May. 15, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293284 Results