Max severity Adobe ColdFusion flaw now exploited in attacks
Attackers are now exploiting a maximum-severity Adobe ColdFusion vulnerability tracked as CVE-2026-48282, according to vulnerability intelligence company KEVIntel. [...]
Adobe develops creative, document, and commerce software, making its vulnerabilities and security advisories relevant to users and connected systems.
Search across headline titles and summaries.
Background for this topic.
Adobe software encompasses applications that create, view, and edit complex file formats such as PDFs, images, and multimedia. These files often contain embedded scripts, interactive elements, or executable code, which can introduce vulnerabilities when processed by Adobe products. Attackers exploit flaws in file parsing or script execution to trigger memory corruption or remote code execution, potentially compromising systems that open maliciously crafted files.
Security risks focus on timely patching of vulnerabilities in Adobe readers, editors, and browser plugins to prevent exploitation. Organizations should restrict file access, especially from untrusted sources, and monitor for suspicious activity related to Adobe file handling. Maintaining updated software and applying vendor advisories promptly reduces exposure to targeted attacks leveraging Adobe’s complex file processing capabilities.
Weekly headline count for the current query.
Attackers are now exploiting a maximum-severity Adobe ColdFusion vulnerability tracked as CVE-2026-48282, according to vulnerability intelligence company KEVIntel. [...]
Adobe has released an emergency security update for Acrobat Reader to fix a vulnerability, tracked as CVE-2026-34621, that has been exploited in zero-day attacks since at least December. [...]
Hackers are actively exploiting the critical SessionReaper vulnerability (CVE-2025-54236) in Adobe Commerce (formerly Magento) platforms, with hundreds of attempts recorded. [...]
Adobe is warning of a critical vulnerability (CVE-2025-54236) in its Commerce and Magento Open Source platforms that researchers call SessionReaper and describe as one of " the most severe" flaws in the history of the product. [...]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning about hackers actively exploiting a critical vulnerability in Adobe ColdFusion identified as CVE-2023-26360 to gain initial access to government servers. [...]
Adobe released an emergency ColdFusion security update that fixes critical vulnerabilities, including a fix for a new zero-day exploited in attacks. [...]
Adobe warns that a critical ColdFusion pre-authentication remote code execution vulnerability tracked as CVE-2023-29300 is actively exploited in attacks. [...]
Adobe warns that a critical ColdFusion pre-authentication remote code execution vulnerability tracked as CVE-2023-29300 is actively exploited in attacks. [...]
Offensive security researchers have created exploit code for CVE-2022-24086, the critical vulnerability affecting Adobe Commerce and Magento Open Source that Adobe that patched in an out-of-band update last Sunday. [...]
Adobe rolled out emergency updates for Adobe Commerce and Magento Open Source to fix a critical vulnerability tracked as CVE-2022-24086 that's being exploited in the wild. [...]