CVE-2026-48909 is a critical vulnerability in SP LMS (com_splms) versions before 4.1.4. The issue allows unauthenticated remote attackers to execute arbitrary code on the server due to deserialization of user-controlled cookie data without validation. With a CVSS score of 9.5, this vulnerability is considered critical. Organizations using affected versions of SP LMS should prioritize immediate remediation.
CVE-2026-48908 is a critical vulnerability in the SP Page Builder for Joomla, allowing unauthenticated users to upload arbitrary files, including PHP code, which can be executed. This issue has a CVSS score of 10, indicating the highest severity. The vulnerability affects Joomla users with the SP Page Builder extension installed. Defenders should immediately assess their exposure and prioritize patching o [truncated]
