Skip to content
LEARN

Learning Resources

Expand your knowledge with our curated content.

Documents

Workshops, presentations, and demos.

No resources available yet.

Vulnerabilities (CVE)

Actively exploited or maximum-severity vulnerabilities.

Actively exploitedCVSS 10.0EPSS 0.29

CVE-2026-48282

adobe:coldfusion
BackendCyberSecurityJavaLinuxWindowsCloud

Adobe ColdFusion contains a path traversal vulnerability that could lead to arbitrary code execution in the context of the current user.

Analysis

Adobe ColdFusion presenta una vulnerabilidad crítica de Path Traversal que permite la ejecución de código arbitrario sin necesidad de interacción del usuario. Al alcanzar un puntaje de 10.0, este fallo permite a un atacante tomar control total del servidor afectado en el contexto del servicio actual. Es imperativo actualizar las instancias de ColdFusion inmediatamente para proteger la infraestructura del backend.

Added to KEV: 2026-07-07View details
Actively exploitedCVSS 9.8

CVE-2026-56290

joomlack:page_builder_ck
PhpBackendCyberSecurityLinux

Joomlack Page Builder contains an improper access control vulnerability that could allow for remote code execution via unauthenticated arbitrary file upload.

Analysis

Page Builder CK for Joomla is vulnerable to an unauthenticated arbitrary file upload leading to Remote Code Execution (RCE). While the CVSS score is 9.8, the impact is limited to users of this specific extension, who should update to the latest version immediately.

Added to KEV: 2026-07-07View details
Actively exploitedCVSS 8.4

CVE-2026-55255

langflow:langflow
IAPythonBackendCyberSecurityMachineLearningDataScience

Langflow contains an authorization bypass through user-controlled key vulnerability which allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request.

Analysis

Langflow versions prior to 1.9.2 contain a critical IDOR vulnerability that allows an authenticated user to execute AI flows belonging to other users. While the CVSS is high at 9.9, the requirement for authentication and the specific nature of the tool keep it below the community alert threshold.

Added to KEV: 2026-07-07View details
Actively exploitedCVSS 9.8

CVE-2026-48908

ollyo:sp_page_builder
PhpBackendCyberSecurityLinux

JoomShaper SP Page Builder contains an unrestricted upload of file with dangerous type vulnerability that allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP co…

Analysis

Esta vulnerabilidad en SP Page Builder para Joomla permite a atacantes no autenticados subir archivos arbitrarios y ejecutar código PHP en el servidor. Se encuentra en la lista KEV de CISA debido a que está siendo explotada activamente, lo que facilita el compromiso total del sitio y la infraestructura.

Added to KEV: 2026-07-07View details
Actively exploitedCVSS 8.8

CVE-2026-45659

microsoft:sharepoint_server
WindowsBackendCyberSecurityCloud

Microsoft SharePoint Server contains a deserialization of untrusted data vulnerability which allows an authorized attacker to execute code over a network.

Analysis

Microsoft SharePoint Server permite la ejecución remota de código (RCE) debido a una vulnerabilidad de deserialización de datos no confiables. Este fallo está siendo explotado activamente y permite que un atacante con acceso a la red tome el control del servidor. Es fundamental actualizar las instancias afectadas de inmediato para proteger la infraestructura empresarial.

Added to KEV: 2026-07-01View details
Actively exploitedCVSS 10.0

CVE-2026-48558

simple-help:simplehelp
BackendCyberSecurityWindowsLinuxCloud

SimpleHelp contains an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographi…

Analysis

Las versiones 5.5.15 y anteriores de SimpleHelp permiten que atacantes remotos no autenticados eviten el proceso de inicio de sesión mediante el envío de tokens OIDC falsificados sin verificación de firma. Esta vulnerabilidad otorga acceso completo con privilegios de técnico y puede saltarse la autenticación de dos factores, comprometiendo totalmente la infraestructura de soporte remoto.

Added to KEV: 2026-06-29View details
HomeEventsBlogResources
Team