Two high-severity vulnerabilities in iCagenda and Balbooa Joomla extensions have been added to the U.S. Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities catalog, indicating they are being actively exploited as zero-days. The flaws, including CVE-2026-48939, have a perfect 10.0 CVSS score, signifying a critical impact on affected systems. CISA's inclusion of these vulnerabilities in the catalog suggests that exploitation is ongoing, and users should take immediate action to patch or mitigate the issues. The fact that these flaws are being exploited in the wild, as reported by The Hacker News1, underscores the urgency of addressing them promptly. So what matters to practitioners is that they must prioritize patching these vulnerabilities to prevent potential attacks, given the active exploitation and high severity of the flaws.