CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
- CVE-2026-48908 JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability
- CVE-2026-55255 Langflow Authorization Bypass Through User-Controlled Key Vulnerability
- CVE-2026-56290 Joomlack Page Builder Improper …
Summary
Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication and gain access to restricted resources, obtain credentials, and inject malicious scripts.
The following versions of Digi International PortServer TS, Digi One SP IA are affected:
- PortServer TS
- Digi …
Summary
Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access to device information or cause a denial-of-service condition.
The following versions of ST Engineering iDirect iQ-Series Terminals are affected:
- Evolution iQ‑Series terminals <=4.5.2.1 (CVE-2026-38059, CVE-2026-38057)
- 3315‑Series terminals <=4.5.2.1 …
Summary
Successful exploitation of this vulnerability could allow an attacker to upload arbitrary malicious firmware to the device.
The following versions of CubeSpace CW0057 Reaction Wheel are affected:
- CW0057 Reaction Wheel
| CVSS | Vendor | Equipment | … |
|---|
Summary
Successful exploitation of these vulnerabilities could allow unauthenticated users to access and control IoT Hub managed devices.
The following versions of Gardyn IoT Hub are affected:
- Home Firmware
- Studio Firmware
- Cloud API <2.12.2026 (CVE-2026-13768, CVE-2026-55726, CVE-2026-54477)
Summary
An update is available that resolves vulnerability in the product versions listed as affected in the advisory. An attacker who successfully exploited this vulnerability could cause the product to stop or corrupt memory data.
The following versions of XZ Utils vulnerability impacting B&R Products …
Summary
Schneider Electric is aware of a vulnerability in its EcoStruxure™ IT Data Center Expert. The EcoStruxure™ IT Data Center Expert product is a scalable monitoring software that collects, organizes, and distributes critical device information providing a comprehensive view of equipment. Failure to apply the remediation …
Summary
Successful exploitation of these vulnerabilities could allow a local attacker to tamper with or destroy information in the affected product, cause a denial-of-service condition in the affected product, or execute arbitrary code when a specially crafted archive file is decompressed by the 7-Zip component included …