CVE Tools
Back to feed
The Hacker News ·EN News source Exploited in the wildAdobe ColdFusionJoomlack Page BuilderJoomShaper SP Page Builder

CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV

By The Hacker News··3 min read
CVE Tools coverage

The U.S. CISA added four vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog after evidence of active in-the-wild abuse affecting Adobe ColdFusion, Joomlack Page Builder, JoomShaper SP Page Builder, and Langflow. The affected CVEs are CVE-2026-48282 and CVE-2026-56290 (both with CVSS 10.0), CVE-2026-55255, and CVE-2026-48908 (CVSS 10.0), spanning issues like path traversal and improper access control that can enable remote code execution and other takeovers. This matters because KEV-listed bugs are prioritized for remediation, with FCEB agencies advised to patch by July 10, 2026.