🔴 Critical  |  Source: The Hacker News


CISA has added four actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalogue, affecting Adobe ColdFusion, Joomla, and Langflow. One flaw in Adobe ColdFusion carries a maximum CVSS score of 10.0 and enables arbitrary code execution via path traversal. Active exploitation means threat actors are already leveraging these weaknesses against real targets, making prompt patching urgent.

Security Architect’s Take: Audit your environment immediately for exposed instances of Adobe ColdFusion, Joomla CMS, and Langflow — particularly any internet-facing deployments hosted on cloud infrastructure — and apply available patches or mitigations before CISA’s KEV remediation deadline. If patching cannot be completed immediately, consider placing these services behind a WAF or restricting network access as a temporary control.

Original advisory: CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV