FOUR critical vulnerabilities have been identified in software related to Joomla and Adobe ColdFusion, as reported by CISA. The vulnerabilities are:
1. **CVE-2026-48908** - A remote code execution flaw in JoomShaper SP Page Builder, allowing unauthenticated file uploads.
2. **CVE-2026-56290** - An unauthenticated file upload vulnerability in Page Builder CK.
3. **CVE-2026-55255** - An authorization bypass flaw in Langflow.
4. **CVE-2026-48282** - A path traversal vulnerability in Adobe ColdFusion.
All four vulnerabilities are actively exploited, with CVSS scores reaching 10, indicating critical severity. Updates are required for users to mitigate risks, particularly for versions prior to specified updates that have been made available.