Recently, details about three serious CVE vulnerabilities in the Joomla CMS platform were released to the public (CVE-2015-7297, CVE-2015-7857, CVE-2015-7858). These CVE’s were discovered by Trustwa...
Worth also noting that, whilst not yet 100% verified, it seems that the default crypto is incredibly insecure. If you're not already performing SSL termination on BIG-IP you should be.
http://www.openwall.com/lists/oss-security/2015/11/08/1