Lucene search
K

2761 matches found

Circl
Circl
added 2026/07/01 9:45 a.m.10 views

CVE-2026-48316

creationtimestamp| type| source ---|---|--- 2026-07-01 09:45:11+00:00| seen| https://www.cert.dk/news/2026-07-01/Kritiske-ColdFusion-saarbarheder-aabner-for-fuld-serverovertagelse 2026-07-01 13:00:13+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mpll4ubpnt2q 2026-07-03...

10CVSS7.3AI score0.01396EPSS
Exploits0References7
NCSC
NCSC
added 2026/07/01 8:52 a.m.10 views

Vulnerabilities in Adobe ColdFusion

Adobe has addressed several vulnerabilities in Adobe ColdFusion versions 25.9, 23.20, and earlier versions. The vulnerabilities in Adobe ColdFusion include unlimited uploading of dangerous file types, improper input validation, path traversal, reflected Cross-Site Scripting XSS, and Server-Side...

10CVSS6AI score0.28583EPSS
Exploits3References1
Circl
Circl
added 2026/07/01 3:7 a.m.10 views

CVE-2026-48281

creationtimestamp| type| source ---|---|--- 2026-07-01 03:07:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mpkjycun2h2g 2026-07-01 09:45:09+00:00| seen| https://www.cert.dk/news/2026-07-01/Kritiske-ColdFusion-saarbarheder-aabner-for-fuld-serverovertagelse 2026-07-01 13:00:13+00:00|...

10CVSS7.3AI score0.00855EPSS
Exploits0References4
Circl
Circl
added 2026/07/01 2:37 a.m.10 views

CVE-2026-48277

creationtimestamp| type| source ---|---|--- 2026-07-01 02:37:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mpkicnwhvr2v 2026-07-01 09:45:07+00:00| seen| https://www.cert.dk/news/2026-07-01/Kritiske-ColdFusion-saarbarheder-aabner-for-fuld-serverovertagelse 2026-07-01 13:00:13+00:00|...

10CVSS7.3AI score0.00855EPSS
Exploits0References6
Circl
Circl
added 2026/07/01 2:7 a.m.7 views

CVE-2026-48276

creationtimestamp| type| source ---|---|--- 2026-07-01 02:07:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mpkgmzkfc726 2026-07-01 09:45:03+00:00| seen| https://www.cert.dk/news/2026-07-01/Kritiske-ColdFusion-saarbarheder-aabner-for-fuld-serverovertagelse 2026-07-01 12:00:35+00:00|...

10CVSS7.3AI score0.00917EPSS
Exploits0References9
NVD
NVD
added 2026/06/30 4:16 p.m.7 views

CVE-2026-48315

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gainin...

9.3CVSS0.00548EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 4:16 p.m.7 views

CVE-2026-48313

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read and limited write access. An attacker could exploit this vulnerability to access sensitive...

9.3CVSS0.01577EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 4:16 p.m.10 views

CVE-2026-48276

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS0.00917EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 4:16 p.m.6 views

CVE-2026-48283

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS0.0063EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 4:16 p.m.8 views

CVE-2026-48307

ColdFusion versions 2025.9, 2023.20 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially resulting in arbitrary code execution in the context of the current user...

8.8CVSS0.00314EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 4:16 p.m.8 views

CVE-2026-48281

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS0.00855EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 4:16 p.m.7 views

CVE-2026-48285

ColdFusion versions 2025.9, 2023.20 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue...

8.6CVSS0.00439EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 4:16 p.m.19 views

CVE-2026-48277

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS0.00855EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 4:16 p.m.12 views

CVE-2026-48282

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interactio...

10CVSS0.28583EPSS
Exploits3References2
CVE
CVE
added 2026/06/30 3:12 p.m.33 views

CVE-2026-48315

Summary: CVE-2026-48315 affects ColdFusion versions 2025.9, 2023.20 and earlier. It is described as an Improper Input Validation vulnerability that could lead to arbitrary code execution in the context of the current user. An attacker could inject malicious scripts into a web page, potentially ga...

9.3CVSS6.4AI score0.00548EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/30 3:12 p.m.47 views

CVE-2026-48281 ColdFusion | Improper Input Validation (CWE-20)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS0.00855EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 3:12 p.m.23 views

CVE-2026-48277

CVE-2026-48277 affects ColdFusion versions 2025.9, 2023.20 and earlier. The issue is an Improper Input Validation that could allow arbitrary code execution in the context of the current user. Exploitation does not require user interaction (network access implied by CVSS). No remediation or patch ...

10CVSS6.4AI score0.00855EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/30 3:12 p.m.17 views

CVE-2026-48313

The CVE-2026-48313 issue affects ColdFusion versions 2025.9, 2023.20 and earlier. It describes an Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability that could lead to arbitrary file system read and limited write access, allowing an attacker to access sensi...

9.3CVSS5.9AI score0.01577EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/30 3:12 p.m.44 views

CVE-2026-48285 ColdFusion | Server-Side Request Forgery (SSRF) (CWE-918)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue...

8.6CVSS0.00439EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 3:12 p.m.36 views

CVE-2026-48285

CVE-2026-48285 affects ColdFusion versions 2025.9, 2023.20 and earlier. It describes a Server-Side Request Forgery (SSRF) that can bypass security features and grant unauthorized read access without user interaction. The Bug’s scope is reported as changed, and the CVSS v3.1 base score is 8.6 (HIG...

8.6CVSS5.8AI score0.00439EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder