FOUR critical vulnerabilities have been detected today, including:
1. **CVE-2026-48908**: JoomShaper SP Page Builder allows unrestricted file uploads.
2. **CVE-2026-55255**: Langflow experiences authorization bypass through user-controlled keys.
3. **CVE-2026-56290**: Joomlack Page Builder has improper access control.
4. **CVE-2026-48282**: Adobe ColdFusion is vulnerable to path traversal.
Additionally, cybersecurity firm Nebula revealed a kernel-level vulnerability in Android that can exploit Firefox and a past Linux kernel flaw to achieve root access through a malicious webpage. This attack operates in stages:
- **Browser**: Exploits a security flaw in Firefox.
- **Kernel**: Utilizes a Linux kernel vulnerability to gain privileged access.
- **Post-Exploitation**: Installs a 'su' binary on the device, ensuring root access.
Responsible disclosure practices have been followed, and further details of the vulnerabilities will remain suppressed until remediation is ready.