Joomla! CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-54473	1 Joomla	2 Joomla, Joomla!	2025-08-16	N/A
An authenticated RCE vulnerability in Phoca Commander component 1.0.0-4.0.0 and 5.0.0-5.0.1 for Joomla was discovered. The issue allows code execution via the unzip feature.
CVE-2025-54299	2 Joomla, Nobossextensions	2 Joomla!, No Boss Testimonials Component	2025-08-05	N/A
A stored XSS vulnerability in No Boss Testimonials component 1.0.0-3.0.0 and 4.0.0-4.0.2 for Joomla was discovered.
CVE-2025-54298	1 Joomla	2 Joomla, Joomla!	2025-07-31	N/A
A stored XSS vulnerability in CommentBox component 1.0.0-1.1.0 for Joomla was discovered.

« first previous Page 2 of 2.