BETWEEN July 6 and July 12, 2026, a total of 1,571 new vulnerabilities (CVEs) were reported, including 125 critical and 510 high-severity issues. The Cybersecurity and Infrastructure Security Agency (CISA) added six actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, all of which allow remote code execution.
Four of these involve Joomla extensions (SP Page Builder, iCagenda, Page Builder CK, and Balbooa Forms), while Adobe ColdFusion's CVE-2026-48282 and Langflow's CVE-2026-55255 also made the list. Notably, critical bugs affecting AI frameworks such as PraisonAI and Langroid were reported. The recommendation is to prioritize patching the six KEV entries and critical applications, while managing other vulnerabilities systematically.