47 matches found
CVE-2026-26360
Dell Unisphere for PowerMax, versions 10.2, contains an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to delete arbitrary files...
CVE-2026-26360
creationtimestamp| type| source ---|---|--- 2026-02-19 09:00:34+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mf7a6sr73q2h 2026-02-19 09:00:37+00:00| seen| https://infosec.exchange/users/offseq/statuses/116096475607897964 2026-02-19 15:00:18+00:00| seen|...
CVE-2026-26360
Dell Unisphere for PowerMax, versions 10.2, contains an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to delete arbitrary files...
CVE-2026-26360
CVE-2026-26360 affects Dell Unisphere for PowerMax, version 10.2. The vulnerability is described as External Control of File Name or Path, enabling a low-privileged attacker with remote access to delete arbitrary files. Root cause details are not provided beyond this description; no affected comp...
Exploit for Improper Access Control in Adobe Coldfusion
PoC exploit for CVE-2023-26360, a Remote Code Execution vulnerab...
CVE-2025-26360
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/persistance/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to delete dashboards via crafted HTTP requests...
CVE-2025-26360
creationtimestamp| type| source ---|---|--- 2025-02-12 15:05:55+00:00| seen| https://infosec.exchange/users/cve/statuses/113991532860053925 2025-02-12 16:03:03+00:00| seen| https://t.me/cvedetector/17884...
CVE-2025-26360
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/persistance/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to delete dashboards via crafted HTTP requests...
CVE-2025-26360
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/persistance/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to delete dashboards via crafted HTTP requests...
CVE-2025-26360
CVE-2025-26360 describes a CWE-306 vulnerability: Missing Authentication for Critical Function in the Q-Free MaxTime product. The flaw resides in maxprofile/persistance/routes.lua and affects MaxTime versions less than or equal to 2.11.0, enabling an unauthenticated remote attacker to delete dash...
CVE-2025-26360
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/persistance/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to delete dashboards via crafted HTTP requests...
Exploit for Improper Access Control in Adobe Coldfusion
CVE-2023-26360 Vulnerability Scanner Overview CVE-2023-2...
Adobe ColdFusion v 2018,15 (and earlier) and 2021,5 and earlier - Arbitrary File Read Exploit
Exploit Title: File Read Arbitrary Exploit for CVE-2023-26360 Exploit Author: Youssef Muhammad Vendor Homepage: https://helpx.adobe.com/coldfusion/kb/coldfusion-downloads.html Software Link: https://drive.google.com/drive/folders/17ryBnFhswxiE1sHrNByxMVPKfUnwqmp0 Version: Adobe ColdFusion version...
Adobe ColdFusion 2018,15 / 2021,5 Arbitrary File Read
Exploit Title: File Read Arbitrary Exploit for CVE-2023-26360 Google Dork: not Date: 12/28/2023 Exploit Author: Youssef Muhammad Vendor Homepage: https://helpx.adobe.com/coldfusion/kb/coldfusion-downloads.html Software Link: https://drive.google.com/drive/folders/17ryBnFhswxiE1sHrNByxMVPKfUnwqmp0...
Adobe ColdFusion versions 2018,15 (and earlier) and 2021,5 and earlier - Arbitrary File Read
Exploit Title: File Read Arbitrary Exploit for CVE-2023-26360 Google Dork: not Date: 12/28/2023 Exploit Author: Youssef Muhammad Vendor Homepage: https://helpx.adobe.com/coldfusion/kb/coldfusion-downloads.html Software Link: https://drive.google.com/drive/folders/17ryBnFhswxiE1sHrNByxMVPKfUnwqmp0...
Adobe Coldfusion vulnerability used in attacks on government servers
The Cybersecurity and Infrastructure Security Agency CISA put out a Cybersecurity Advisory CSA to alert government agencies about cybercriminals using a vulnerability in Adobe Coldfusion to gain initial access to servers. Adobe ColdFusion is a platform for building and deploying web and mobile...
CISA Releases Advisory on Threat Actors Exploiting CVE-2023-26360 Vulnerability in Adobe ColdFusion
Today, CISA released a Cybersecurity Advisory CSA, Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers, to disseminate known indicators of compromise IOCs and tactics, techniques, and procedures TTPs. The vulnerability in ColdFusion CVE-2023-26360 presen...
Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers
Actions to take today to mitigate malicious cyber activity: 1. Prioritize remediating known exploited vulnerabilities. 2. Employ proper network segmentation. 3. Enable multifactor authentication MFA for all services to the extent possible, particularly for webmail, VPN, and accounts that access...
U.S. Dept Of Defense: Unauthenticated File Read Adobe ColdFusion
A vulnerability allowing unauthenticated arbitrary file read in Adobe ColdFusion was discovered. This could result in unauthorized access to sensitive data on affected systems. The vulnerability impacts ColdFusion versions 2021 Update 5 and earlier, and 2018 Update 15 and earlier. Mitigation is t...
Adobe ColdFusion vulnerability exploited in the wild
The Cybersecurity and Infrastructure Security Agency CISA has added a critical Adobe ColdFusion vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This means that Federal Civilian Executive Branch FCEB agencies need to remediate this...