Inadequate filters on module layout settings could lead to an LFI.
Joomla! CMS versions 3.0.0 - 3.9.25
Upgrade to version 3.9.26
The JSST at the Joomla! Security Centre.
Inadequate escaping allowed XSS attacks using the logo parameter of the default templates on error pages.
The JSST at the Joomla!...
Incorrect ACL checks could allow unauthorized change of the category for an article.
Joomla! CMS versions 3.0.0 - 3.9.24
Upgrade to version 3.9.25
com_media allowed paths that are not intended for image uploads.
Missing input validation within the template manager.
Joomla! CMS versions 3.2.0 - 3.9.24
