A critical vulnerability has been discovered in Tassos Framework, a widely used foundation for extensions in the Joomla ecosystem. The issue lies in an AJAX handler and effectively behaves like an unlocked door — one that does not ask who is entering. The framework underpins several popular plugins, including Convert Forms, EngageBox, Advanced Custom Fields, and Google Structured Data. In practical terms, sites relying on multiple Tassos-based extensions may be dealing with a shared point of failure...
Modified: 04/02/2026The U.S. Cybersecurity and Infrastructure Security Agency, CISA, has added two flaws in the widely used email client Roundcube Webmail to its catalog of known actively exploited vulnerabilities. This is not a case of theoretical risk or academic curiosity — both issues have already been observed in real-world attacks. A Near-Perfect Score for Attackers The first vulnerability, tracked as CVE-2025-49113, carries a CVSS score ...
Modified: 02/26/2026
English
Русский