Is4yev

1 exploit Active since Jun 2026
CVE-2026-48909 GITHUB CRITICAL python WORKING POC
Joomla Extension - joomshaper.com - PHP Object injection in SP LMS extension for Joomla < 4.1.4
SP LMS (com_splms) < 4.1.4 by JoomShaper deserializes user-controlled cookie data without validation, enabling an unauthenticated remote attacker to execute arbitrary code on the server.