Lucene search
K

10 matches found

CVE
CVE
added yesterday12 views

CVE-2026-57829

The CVE concerns the Joomla extension Helix Ultimate (vulnerable component: the Helix Ultimate plugin) with an unauthenticated stored XSS in versions prior to 2.2.7. According to the shared metrics, the vulnerability has a CVSS 4.0 base score of 8.7 (HIGH) with network access, low attack complexi...

8.7CVSS6.1AI score0.00258EPSS
Exploits1References1
Cvelist
Cvelist
added yesterday20 views

CVE-2026-57829 Joomla Extension - joomshaper.com - Unauthenticated stored XSS in Helix Ultimate < 2.2.7

The Joomla extension Helix Ultimate is vulnerable to an unauthenticated stored XSS...

8.7CVSS0.00258EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 4 days ago3 views

The vulnerability of the SP Page Builder component of the JoomShaper application software allows a hacker to execute arbitrary code.

The vulnerability of the SP Page Builder component of the JoomShape application software involves unlimited loading of dangerous files. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

10CVSS6.4AI score0.01569EPSS
Exploits6References9Affected Software1
The Hacker News
The Hacker News
added 6 days ago13 views

CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added four security flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerabilities are listed below - CVE-2026-48282 CVSS score: 10.0 - A path traversal vulnerability i...

10CVSS8.2AI score0.28583EPSS
Exploits16
NVD
NVD
added 2026/06/20 1:16 p.m.15 views

CVE-2026-48909

SP LMS comsplms 4.1.4 by JoomShaper deserializes user-controlled cookie data without validation, enabling an unauthenticated remote attacker to execute arbitrary code on the server...

9.5CVSS0.02726EPSS
Exploits4References1
Vulnrichment
Vulnrichment
added 2026/06/20 11:56 a.m.8 views

CVE-2026-48909 Joomla Extension - joomshaper.com - PHP Object injection in SP LMS extension for Joomla < 4.1.4

SP LMS comsplms 4.1.4 by JoomShaper deserializes user-controlled cookie data without validation, enabling an unauthenticated remote attacker to execute arbitrary code on the server...

9.5CVSS6.3AI score0.02726EPSS
Exploits4References1
CVE
CVE
added 2026/06/20 11:56 a.m.115 views

CVE-2026-48909

The CVE concerns SP LMS (com_splms) for Joomla, specifically versions earlier than 4.1.4. The root cause is deserializing user-controlled cookie data without validation, which allows an unauthenticated remote attacker to execute arbitrary code on the server. No exploitation details or fixes are e...

9.5CVSS6.3AI score0.02726EPSS
Exploits4References1
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.21 views

PT-2026-51136

Name of the Vulnerable Software and Affected Versions SP LMS versions prior to 4.1.4 Description SP LMS com splms by JoomShaper contains a PHP Object injection flaw where user-controlled cookie data is deserialized without validation. Specifically, the application passes the lmsOrders cookie to a...

9.5CVSS6.3AI score0.02726EPSS
Exploits4References14
CNVD
CNVD
added 2021/06/21 12:0 a.m.136 views

JoomShaper SP Page Builder Lite suffers from a SQL Injection Vulnerability

SP Page Builder is a free page builder component that users can use to design and edit website page content on joomla sites. JoomShaper SP Page Builder Lite suffers from a SQL injection vulnerability that can be exploited by an attacker to obtain sensitive database information...

7.7AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2017/08/21 12:0 a.m.36 views

SP Movie Database 1.3, SQL Injection

SP Movie Database version 1.3 by joomshaper.com, SQL Injection resolution: update to version 1.4 update notice: https://www.joomshaper.com/forums/sp-movie-database-component-updated-with-security-and-other-fixes...

2.1AI score
Exploits0References3Affected Software1
Rows per page
Query Builder