Vendor
Adobe
Vulnerabilities in Adobe ColdFusion, Commerce (Magento), Reader, and Acrobat — a product line whose enterprise footprint keeps it in the KEV catalog and in attacker toolkits well past its perceived relevance.
Articles

● Breaking
adobe
CISA: Patch ColdFusion CVE-2026-48282 by Friday
CISA added Adobe ColdFusion CVE-2026-48282 to KEV on July 7 and set a July 10 federal patch deadline under BOD 26-04. CVSS 10.0. Actively exploited.
read →

● Breaking
adobe
Adobe ColdFusion CVE-2026-48282: CVSS 10, Exploited
A max-severity unauthenticated path-traversal-to-RCE in ColdFusion 2023 and 2025 is under active attack. Adobe's 72-hour patch window has already passed. Shadowserver counts ~800 exposed instances.
read →