Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1941+ Articles
150+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
All tags
10 articles

#CMS

All CosmicBytez Labs articles tagged #CMS, across news, security advisories, how-to guides, and projects.

  • NewsJul 13, 2026

    iCagenda and Balbooa Forms Joomla Flaws Exploited as Zero-Days

    CISA has added two maximum-severity flaws in iCagenda and Balbooa Forms Joomla extensions to its KEV catalog following confirmed zero-day exploitation in the wild. Administrators should patch or mitigate immediately.

  • NewsJul 11, 2026

    Australia Warns of Global Campaign Targeting Vulnerable CMS Platforms

    The Australian Cyber Security Centre has issued an alert about a coordinated global campaign actively exploiting unpatched vulnerabilities in WordPress,...

  • NewsJun 17, 2026

    CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution

    CISA has added a maximum-severity vulnerability in the Joomla Content Editor (JCE) plugin to its Known Exploited Vulnerabilities catalog, warning that the...

  • SecurityJun 17, 2026

    CVE-2026-48907: Joomla Content Editor Unauthenticated PHP Upload Flaw

    A maximum-severity improper access control flaw in Widget Factory's Joomla Content Editor allows unauthenticated attackers to upload and execute arbitrary...

  • SecurityJun 4, 2026

    CVE-2026-36748: High-Severity Stored XSS in RockRMS via Social Media Profile Links

    RockRMS versions up to v16.13 are vulnerable to a CVSS 9.0 stored cross-site scripting flaw that allows attackers to inject malicious scripts through social…

  • NewsMay 21, 2026

    Drupal Patches Highly Critical Vulnerability Exposing

    Drupal has released an urgent security update for CVE-2026-9082, a highly critical flaw that can be exploited without authentication to achieve...

  • SecurityApr 26, 2026

    Typecho 1.3.0 Pingback SSRF via X-Pingback Manipulation

    A CVSS 7.3 server-side request forgery vulnerability in Typecho up to 1.3.0 allows attackers to manipulate the X-Pingback/link argument in Service.php to...

  • SecurityApr 21, 2026

    CVE-2025-2749: Kentico Xperience Path Traversal

    Kentico Xperience contains a path traversal vulnerability allowing an authenticated user's Staging Sync Server to upload arbitrary data to relative path...

  • SecurityApr 21, 2026

    CVE-2026-39918: Vvveb CMS Unauthenticated PHP Code

    Vvveb CMS versions prior to 1.0.8.1 allow unauthenticated attackers to inject arbitrary PHP code through the installation endpoint's unsanitized subdir...

  • SecurityApr 9, 2026

    CVE-2026-25776: Movable Type Critical Code Injection (CVSS

    Six Apart's Movable Type CMS contains a critical code injection vulnerability allowing unauthenticated attackers to execute arbitrary Perl scripts on...