Lucene search
K

70138 matches found

Nuclei
Nuclei
added 8 hours ago159 views

Adobe Connect < 12.1.5 - Local File Disclosure

Adobe Connect versions 11.4.5 and earlier, 12.1.5 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the integrity of a minor feature. Exploitation of this issue does not...

5.3CVSS6.2AI score0.81875EPSS
Exploits4References4
Nuclei
Nuclei
added 8 hours ago71 views

Adobe Coldfusion <=8.0.1 - Cross-Site Scripting

Adobe ColdFusion Server 8.0.1 and earlier contain multiple cross-site scripting vulnerabilities which allow remote attackers to inject arbitrary web script or HTML via 1 the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to 2 wizards/common/logintowizard.cfm, 3...

4.3CVSS6.2AI score0.1614EPSS
Exploits2References5
Nuclei
Nuclei
added 8 hours ago44 views

Adobe Experience Manager - XML External Entity Injection

Adobe Experience Manager 6.5, 6.4, 6.3 and 6.2 are susceptible to XML external entity injection. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2019-8086 info: name: Adobe...

7.5CVSS7AI score0.24141EPSS
Exploits0References5
Nuclei
Nuclei
added 8 hours ago33 views

Adobe Experience Manager ≤ 6.5.23.0 - XML Injection

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an XML Injection vulnerability that could result in a Security feature bypass. id: CVE-2025-54251 info: name: Adobe Experience Manager ≤ 6.5.23.0 - XML Injection author: DhiyaneshDK,assetnote severity: medium description: |...

4.3CVSS6.1AI score0.01609EPSS
Exploits0
Nuclei
Nuclei
added 8 hours ago221 views

Adobe Coldfusion - Authentication Bypass

Adobe ColdFusion versions 2023.5 and earlier and 2021.11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to access the administration CFM and CFC endpoints...

7.5CVSS7AI score0.10072EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday107 views

Adobe ColdFusion - Cross-Site Scripting

Adobe Coldfusion versions 2016 update 16 and earlier, 2018 update 10 and earlier and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability. An attacker could abuse this vulnerability to execute arbitrary JavaScript code...

5.4CVSS6.7AI score0.37095EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday89 views

Adobe AEM Dispatcher <4.15 - Rules Bypass

Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors. id: CVE-2016-0957 info: name: Adobe AEM Dispatcher 4.15 - Rules Bypass author: geeknik severity:...

7.8CVSS7AI score0.5071EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday7 views

Adobe ColdFusion - RDS Arbitrary File Write

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary code execution in the context of the current user. The RDS FILEIO WRITE operation allows unauthenticated...

10CVSS7.5AI score0.28583EPSS
Exploits3References2
Nuclei
Nuclei
added yesterday74 views

Adobe ColdFusion - Access Control Bypass

An attacker is able to access every CFM and CFC endpoint within the ColdFusion Administrator path /CFIDE/, of which there are 437 CFM files and 96 CFC files in a ColdFusion 2021 Update 6 install. id: CVE-2023-29298 info: name: Adobe ColdFusion - Access Control Bypass author:...

7.5CVSS7.1AI score0.99761EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday193 views

Adobe ColdFusion WDDX Deserialization Gadgets

Adobe ColdFusion versions 2023.5 and earlier and 2021.11 and earlier are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. id: CVE-2023-44353 info: name: Adobe ColdFusion WDDX...

9.8CVSS7.2AI score0.80178EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday109 views

Adobe ColdFusion - Pre-Auth Remote Code Execution

Adobe ColdFusion versions 2018u16 and earlier, 2021u6 and earlier and 2023.0.0.330468 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. id: CVE-2023-29300 info:...

9.8CVSS7.2AI score0.99988EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday65 views

Adobe ColdFusion - Access Control Bypass

There is an access control bypass vulnerability in Adobe ColdFusion versions 2023 Update 2 and below, 2021 Update 8 and below and 2018 update 18 and below, which allows a remote attacker to bypass the ColdFusion mechanisms that restrict unauthenticated external access to ColdFusion's Administrato...

7.5CVSS7.1AI score0.99732EPSS
Exploits0References4
Nuclei
Nuclei
added 3 days ago132 views

Adobe ColdFusion - Unrestricted File Upload Remote Code Execution

Adobe ColdFusion versions July 12 release 2018.0.0.310739, Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution. id: CVE-2018-15961 info: name: Adobe ColdFusion - Unrestricted File Upload...

10CVSS7.3AI score0.9995EPSS
Exploits11References5
Nuclei
Nuclei
added 3 days ago181 views

Adobe Coldfusion - Cross-Site Scripting

Adobe ColdFusion versions 2023.5 and earlier and 2021.11 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within th...

6.1CVSS6.5AI score0.84811EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-57260 Security vulnerability in Foxit PDF Editor/Reader — U3D Adobe Mesh Decompression (Type Confusion / Invalid Pointer Dereference)

The application opened a PDF file containing an abnormal Unity 3D object. During parsing, the application incorrectly resolved a portion of the abnormal object as a pointer and used it as a valid address, ultimately causing the application to crash...

7.8CVSS0.00116EPSS
Exploits0References1
The Hacker News
The Hacker News
added 6 days ago13 views

CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added four security flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerabilities are listed below - CVE-2026-48282 CVSS score: 10.0 - A path traversal vulnerability i...

10CVSS8.2AI score0.28583EPSS
Exploits16
Nuclei
Nuclei
added last week146 views

Adobe ColdFusion - Local File Read

Unauthenticated Arbitrary File Read vulnerability due to deserialization of untrusted data in Adobe ColdFusion. The vulnerability affects ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier id: CVE-2023-26360 info: name: Adobe ColdFusion - Local File Read author:...

9.8CVSS7.3AI score0.97339EPSS
Exploits13References5
CISA KEV Catalog
CISA KEV Catalog
added 2026/07/07 12:0 a.m.26 views

Adobe ColdFusion Path Traversal Vulnerability

Adobe ColdFusion contains a path traversal vulnerability that could lead to arbitrary code execution in the context of the current user...

10CVSS7.9AI score0.28583EPSS
In wildExploits3
NVD
NVD
added 2026/06/30 4:16 p.m.8 views

CVE-2026-48286

Adobe Campaign Classic ACC versions 7.4.3 build 9396 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS0.00712EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 3:8 p.m.34 views

CVE-2026-48286

Adobe Campaign Classic (ACC) versions 7.4.3 build 9396 and earlier are affected by an Incorrect Authorization vulnerability (CWE-863) that could permit arbitrary code execution in the context of the current user. Exploitation does not require user interaction, and the impact is limited to the use...

10CVSS6.4AI score0.00712EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder