Lucene search
K

7 matches found

The Hacker News
The Hacker News
added 3 days ago13 views

CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added four security flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerabilities are listed below - CVE-2026-48282 CVSS score: 10.0 - A path traversal vulnerability i...

10CVSS8.2AI score0.28583EPSS
Exploits15
NVD
NVD
added 2026/06/20 1:16 p.m.15 views

CVE-2026-48909

SP LMS comsplms 4.1.4 by JoomShaper deserializes user-controlled cookie data without validation, enabling an unauthenticated remote attacker to execute arbitrary code on the server...

9.5CVSS0.02726EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2026/06/20 11:56 a.m.8 views

CVE-2026-48909 Joomla Extension - joomshaper.com - PHP Object injection in SP LMS extension for Joomla < 4.1.4

SP LMS comsplms 4.1.4 by JoomShaper deserializes user-controlled cookie data without validation, enabling an unauthenticated remote attacker to execute arbitrary code on the server...

9.5CVSS6.3AI score0.02726EPSS
Exploits3References1
CVE
CVE
added 2026/06/20 11:56 a.m.106 views

CVE-2026-48909

The CVE concerns SP LMS (com_splms) for Joomla, specifically versions earlier than 4.1.4. The root cause is deserializing user-controlled cookie data without validation, which allows an unauthenticated remote attacker to execute arbitrary code on the server. No exploitation details or fixes are e...

9.5CVSS6.3AI score0.02726EPSS
Exploits3References1
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.21 views

PT-2026-51136

Name of the Vulnerable Software and Affected Versions SP LMS versions prior to 4.1.4 Description SP LMS com splms by JoomShaper contains a PHP Object injection flaw where user-controlled cookie data is deserialized without validation. Specifically, the application passes the lmsOrders cookie to a...

9.5CVSS6.3AI score0.02726EPSS
Exploits3References14
CNVD
CNVD
added 2021/06/21 12:0 a.m.134 views

JoomShaper SP Page Builder Lite suffers from a SQL Injection Vulnerability

SP Page Builder is a free page builder component that users can use to design and edit website page content on joomla sites. JoomShaper SP Page Builder Lite suffers from a SQL injection vulnerability that can be exploited by an attacker to obtain sensitive database information...

7.7AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2017/08/21 12:0 a.m.34 views

SP Movie Database 1.3, SQL Injection

SP Movie Database version 1.3 by joomshaper.com, SQL Injection resolution: update to version 1.4 update notice: https://www.joomshaper.com/forums/sp-movie-database-component-updated-with-security-and-other-fixes...

2.1AI score
Exploits0References3Affected Software1
Rows per page
Query Builder