Lucene search
K

137 matches found

Cvelist
Cvelist
added 2025/07/08 8:49 p.m.8 views

CVE-2025-49545 ColdFusion | Server-Side Request Forgery (SSRF) (CWE-918)

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. A high-privilege authenticated attacker can force the application to make arbitrary requests via injection of URLs. Exploitation...

6.2CVSS0.00362EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/08 12:0 a.m.5 views

PT-2025-28752 · Adobe · Coldfusion

Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier Description: ColdFusion is susceptible to a Server-Side Request Forgery SSRF issue that may allow arbitrary file system read. A high-privilege authenticated attacker can exploit this...

6.8CVSS6.4AI score0.00362EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/15 9:14 p.m.18 views

CVE-2025-43566

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read. A high-privileged attacker could leverage this vulnerability to bypass security...

6.8CVSS6.9AI score0.3768EPSS
Exploits0References3
CVE
CVE
added 2025/05/13 8:49 p.m.63 views

CVE-2025-43566

Adobe ColdFusion is affected by CVE-2025-43566: an Improper Limitation of a Pathname to a Restricted Directory (path traversal) that could allow a high-privileged attacker to read arbitrary files, without user interaction. Affected versions include 2025.1, 2023.13, 2021.19 and earlier. The underl...

6.8CVSS7AI score0.3768EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/05/13 8:49 p.m.20 views

CVE-2025-43564 ColdFusion | Incorrect Authorization (CWE-863)

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. A high-privileged attacker could leverage this vulnerability to access or modify sensitive data without proper authorization...

9.1CVSS0.09517EPSS
Exploits0References1
CVE
CVE
added 2025/05/13 8:49 p.m.70 views

CVE-2025-43564

Adobe ColdFusion (versions 2025.1, 2023.13, 2021.19 and earlier) is affected by an Improper Access Control vulnerability that can allow arbitrary file system read. The issue stems from improper access restrictions and could let a high-privileged attacker access or modify sensitive data without au...

9.1CVSS6.1AI score0.09517EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/13 8:49 p.m.9 views

CVE-2025-43563 ColdFusion | Improper Access Control (CWE-284)

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. A high-privileged attacker could leverage this vulnerability to access or modify sensitive data without proper authorization...

9.1CVSS6.1AI score0.09517EPSS
Exploits0References1
CVE
CVE
added 2025/05/13 8:49 p.m.63 views

CVE-2025-43563

CVE-2025-43563 affects Adobe ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier. It is an Improper Access Control vulnerability that could enable an attacker with high privileges to perform an arbitrary file system read, potentially accessing or modifying sensitive data. Exploitation requir...

9.1CVSS6.1AI score0.09517EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/05/13 12:0 a.m.4 views

PT-2025-21123 · Adobe · Coldfusion

Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier Description: The issue is related to an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or...

9.8CVSS6AI score0.09517EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/04/10 9:8 p.m.18 views

CVE-2025-30281

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitation of this...

9.8CVSS6.8AI score0.14812EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2025/04/09 3:12 a.m.23 views

Adobe Patches 11 Critical ColdFusion Flaws Amid 30 Total Vulnerabilities Discovered

Adobe has released security updates to fix a fresh set of security flaws, including multiple critical-severity bugs in ColdFusion versions 2025, 2023 and 2021 that could result in arbitrary file read and code execution. Of the 30 flaws in the product, 11 are rated Critical in severity -...

9.1CVSS9.2AI score0.19687EPSS
Exploits0
NVD
NVD
added 2025/04/08 8:15 p.m.10 views

CVE-2025-30281

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution. A high-privileged attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitati...

9.1CVSS0.14812EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/08 8:2 p.m.14 views

CVE-2025-30281 ColdFusion | Improper Access Control (CWE-284)

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution. A high-privileged attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitati...

9.1CVSS0.14812EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/08 8:2 p.m.8 views

CVE-2025-30281 ColdFusion | Improper Access Control (CWE-284)

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution. A high-privileged attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitati...

9.1CVSS9.4AI score0.14812EPSS
Exploits0References1
CVE
CVE
added 2025/04/08 8:2 p.m.80 views

CVE-2025-30281

CVE-2025-30281 affects Adobe ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier. The vulnerability is an Improper Access Control that could allow a high-privilege, remote attacker to access or modify sensitive data and potentially execute arbitrary code without user interaction. The issue’s...

9.1CVSS9.4AI score0.14812EPSS
Exploits0References1Affected Software1
Adobe
Adobe
added 2025/04/08 12:0 a.m.25 views

APSB25-15 : Security update available for Adobe ColdFusion

Adobe has released security updates for ColdFusion versions 2025, 2023 and 2021. These updates resolve critical and important vulnerabilities that could lead to arbitrary file system read, arbitrary code execution and security feature bypass...

8.3AI score
Exploits0Affected Software1
CNVD
CNVD
added 2024/12/25 12:0 a.m.10 views

Adobe ColdFusion path traversal vulnerability (CNVD-2025-0256230)

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion suffers from a path traversal vulnerability, which arises when the program fails to...

8.1CVSS9.2AI score0.13403EPSS
Exploits0References1
Adobe
Adobe
added 2024/12/23 12:0 a.m.27 views

APSB24-107 : Security update available for Adobe ColdFusion

Adobe has released security updates for ColdFusion versions 2023 and 2021. These updates resolve a critical vulnerability that could lead to arbitrary file system read...

8.1CVSS7.4AI score0.13403EPSS
Exploits0
OSV
OSV
added 2024/10/10 12:31 p.m.16 views

GHSA-3FR3-GCQH-3M2G Magento Open Source Improper Input Validation vulnerability

Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to read files from the system outside of the intended...

7.6CVSS7.6AI score0.00852EPSS
Exploits0References3
OSV
OSV
added 2024/10/10 12:31 p.m.11 views

GHSA-G9FM-WC6H-PVGJ Magento Open Source Server-Side Request Forgery (SSRF) vulnerability

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection ...

4.9CVSS5.4AI score0.00761EPSS
Exploits0References3
Rows per page
Query Builder