[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-48909":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-20T13:39:04.480Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":24,"aliases":25,"duplicate_of":9,"upstream":26,"downstream":27,"duplicates":28,"related":29,"reserved_at":9,"published_at":30,"modified_at":30,"state":31,"summary":32,"references_raw":39,"kevs":45,"epss":9,"epss_history":46,"metrics":47,"affected":51},"CVE-2026-48909","SP LMS (com_splms) \u003C 4.1.4 by JoomShaper deserializes user-controlled cookie data without validation, enabling an unauthenticated remote attacker to execute arbitrary code on the server.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-502","Deserialization of Untrusted Data","The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.","weakness","Draft","Base","Medium",[20],{"id":21,"name":22,"techniques":23},"CAPEC-586","Object Injection",[],[],[],[],[],[],[],"2026-06-20T11:56:46.771Z","PUBLISHED",{"cisa_kev":33,"cisa_ransomware":33,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":34,"severity_score":35,"severity_version":36,"severity_source":37,"severity_vector":38,"severity_status":31},false,"critical",9.5,"v4.0","cve.org","CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",[40],{"url":41,"sources":42,"tags":43},"https://www.joomshaper.com/",[37],[44],"Product",[],[],[48],{"source":37,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":49},{"baseScore":35,"baseSeverity":50,"vectorString":38,"impactScore":9,"exploitabilityScore":9},"CRITICAL",[52],{"ecosystem":9,"name":53,"vendor":54,"product":55,"cpe_part":56,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":57},"SP LMS extension for Joomla","joomshaper.net","sp lms extension for joomla","a",[58],{"version":59,"is_range":33,"range_type":37,"version_start":59,"version_start_type":60,"version_end":59,"version_end_type":60,"fixed_in":9},"1.0.0-4.1.3","including"]