Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

51 matches found

EUVD
EUVDadded 2026/04/15 12:31 a.m.0 views

EUVD-2026-22728

ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue requires us...

7.5CVSS5.8AI score0.00565EPSS
Exploits0References2
NVD
NVDadded 2026/04/14 10:16 p.m.2 views

CVE-2026-34619

ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access unauthorized files or directories...

7.7CVSS0.0008EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/04/14 9:53 p.m.1 views

CVE-2026-27308

ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. A high-privileged attacker could exploit this vulnerability and exhaust system resources, reducing application speed. Exploitation o...

2.4CVSS5.8AI score0.00032EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/04/14 9:53 p.m.1 views

CVE-2026-27304

ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction...

9.3CVSS6.3AI score0.00098EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/04/14 9:53 p.m.1 views

CVE-2026-27307

ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. A high-privileged attacker could exploit this vulnerability and exhaust system resources, reducing application speed. Exploitation o...

2.4CVSS5.8AI score0.00032EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/04/14 12:0 a.m.1 views

PT-2026-32920

ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction...

9.3CVSS6.3AI score0.00098EPSS
Exploits0References4
EUVD
EUVDadded 2025/12/10 12:30 a.m.1 views

EUVD-2025-202348

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. A high privileged attacker could exploit this vulnerability to access sensitive files and data on th...

6.2CVSS6AI score0.00044EPSS
Exploits0References2
EUVD
EUVDadded 2025/12/10 12:30 a.m.1 views

EUVD-2025-202342

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and data on the server...

6.8CVSS6.3AI score0.00042EPSS
Exploits0References2
OSV
OSVadded 2025/12/10 12:16 a.m.0 views

CVE-2025-61822

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could exploit this vulnerability to write malicious files to arbitrary locations on the file system. Exploitation of this...

6.2CVSS5.9AI score0.0005EPSS
Exploits0References1
OSV
OSVadded 2025/12/10 12:16 a.m.1 views

CVE-2025-61821

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and data on the server...

8.6CVSS5.9AI score0.00042EPSS
Exploits0References1
OSV
OSVadded 2025/12/10 12:16 a.m.0 views

CVE-2025-61823

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. A high privileged attacker could exploit this vulnerability to access sensitive files and data on th...

6.2CVSS5.9AI score
Exploits0References1
OSV
OSVadded 2025/12/10 12:16 a.m.0 views

CVE-2025-61811

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. A high privileged attacker could leverage this vulnerability to bypass security measures and execute...

9.1CVSS6.3AI score0.00946EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2025/12/09 11:41 p.m.0 views

CVE-2025-61813

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files on the server. Exploitation o...

8.6CVSS5.6AI score0.00043EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/12/09 12:0 a.m.2 views

PT-2025-50284

Name of the Vulnerable Software and Affected Versions ColdFusion versions 2025.4, 2023.16, and 2021.22 and earlier Description An improper access control issue exists in ColdFusion that could allow for arbitrary code execution with the privileges of the current user. An attacker with high...

9.1CVSS7.4AI score0.00946EPSS
Exploits0References9
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2025-14525

Malicious code in bioql PyPI...

8.4CVSS6.3AI score0.03578EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2025-14805

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.01574EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2025-11912

Malicious code in bioql PyPI...

8.2CVSS9AI score0.00037EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2025-11910

Malicious code in bioql PyPI...

8.2CVSS9AI score0.00031EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2025-14519

Malicious code in bioql PyPI...

9.1CVSS6.3AI score0.01807EPSS
Exploits0References2
CVE
CVEadded 2025/08/18 4:43 p.m.10 views

CVE-2025-54234

CVE-2025-54234 affects Adobe ColdFusion: SSRF allows a high-privilege authenticated attacker to cause the application to fetch arbitrary URLs, potentially enabling a limited file system read. Affected versions include ColdFusion 2025.1, 2023.13, 2021.19 and earlier; exploitation requires no user ...

2.7CVSS7.2AI score0.00072EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder