Lucene search
K

8985 matches found

Nuclei
Nuclei
added 9 hours ago89 views

PHP-Fusion 9.03.50 - Remote Code Execution

PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user not admin to send a crafted request to the server and perform remote command execution. id: CVE-2020-24949 info: name: PHP-Fusion 9.03.50 - Remote Code Execution author: geeknik severity: high description: PHP-Fusion 9.03.50...

9CVSS7.1AI score0.67289EPSS
Exploits4References5
Nuclei
Nuclei
added 9 hours ago144 views

Oracle Business Intelligence - Path Traversal

Oracle Business Intelligence versions 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0 are vulnerable to path traversal in the BI Publisher formerly XML Publisher component of Oracle Fusion Middleware subcomponent: BI Publisher Security. id: CVE-2019-2588 info: name: Oracle Business Intelligence - Path...

4.9CVSS6.4AI score0.37099EPSS
Exploits4References5
Nuclei
Nuclei
added 9 hours ago246 views

Oracle WebLogic Server - Remote Code Execution

The Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: WLS - Web Services is susceptible to a remote code execution vulnerability that is easily exploitable and could allow unauthenticated attackers with network access via HTTP to compromise the server. Supported versions...

9.8CVSS7.4AI score0.50224EPSS
Exploits7References5
Nuclei
Nuclei
added 9 hours ago71 views

Oracle Fusion Middleware WebCenter Sites - Cross-Site Scripting

The Oracle WebCenter Sites component of Oracle Fusion Middleware is susceptible to multiple instances of cross-site scripting that could allow unauthenticated attackers with network access via HTTP to compromise Oracle WebCenter Sites. Impacted versions that are affected are 11.1.1.8.0, 12.2.1.2....

8.2CVSS7AI score0.3945EPSS
Exploits4References5
Nuclei
Nuclei
added 9 hours ago115 views

WordPress Fusion Builder <3.6.2 - Server-Side Request Forgery

WordPress Fusion Builder plugin before 3.6.2 is susceptible to server-side request forgery. The plugin does not validate a parameter in its forms, which can be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. An attacker can...

9.8CVSS7.1AI score0.71722EPSS
Exploits6References5
Nuclei
Nuclei
added 11 hours ago162 views

Oracle WebLogic Server Administration Console - Remote Code Execution

The Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Services versions 0.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0 contain an easily exploitable vulnerability that allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. id:...

9.8CVSS7.1AI score0.8883EPSS
Exploits11References5
Nuclei
Nuclei
added 2 days ago63 views

Oracle Fusion Middleware Weblogic Server - Remote OS Command Execution

The Oracle WebLogic Server component of Oracle Fusion Middleware Web Services versions 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2 is susceptible to a difficult to exploit vulnerability that could allow unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic...

7.4CVSS7AI score0.96281EPSS
Exploits9References5
Nuclei
Nuclei
added 2026/07/06 3:2 a.m.66 views

Oracle Fusion - Directory Traversal/Local File Inclusion

Oracle Business Intelligence Enterprise Edition 5.5.0.0.0, 12.2.1.3.0, and 12.2.1.4.0 are vulnerable to local file inclusion vulnerabilities via "getPreviewImage." id: CVE-2020-14864 info: name: Oracle Fusion - Directory Traversal/Local File Inclusion author: Ivo Palazzolo @palaziv severity: high...

7.8CVSS7.1AI score0.97233EPSS
Exploits2References5
Nuclei
Nuclei
added 2026/07/02 9:36 a.m.370 views

Oracle Forms & Reports RCE (CVE-2012-3152 & CVE-2012-3153)

An unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component. id: CVE-2012-3153 info: name: Oracle Forms &...

9.1CVSS7.2AI score0.98695EPSS
Exploits11References5
Circl
Circl
added 2026/07/01 9:45 a.m.8 views

CVE-2026-48307

creationtimestamp| type| source ---|---|--- 2026-07-01 09:45:23+00:00| seen| https://www.cert.dk/news/2026-07-01/Kritiske-ColdFusion-saarbarheder-aabner-for-fuld-serverovertagelse 2026-07-01 13:00:13+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mpll4ubpnt2q 2026-07-08...

8.8CVSS7.3AI score0.00314EPSS
Exploits0References3
Circl
Circl
added 2026/07/01 9:45 a.m.8 views

CVE-2026-48285

creationtimestamp| type| source ---|---|--- 2026-07-01 09:45:21+00:00| seen| https://www.cert.dk/news/2026-07-01/Kritiske-ColdFusion-saarbarheder-aabner-for-fuld-serverovertagelse 2026-07-01 13:00:13+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mpll4ubpnt2q 2026-07-08...

8.6CVSS7AI score0.00439EPSS
Exploits0References4
NVD
NVD
added 2026/06/30 4:16 p.m.9 views

CVE-2026-48314

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain limited read and write access to...

6.5CVSS0.00333EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 3:12 p.m.34 views

CVE-2026-48281

CVE-2026-48281 affects Adobe ColdFusion versions 2025.9, 2023.20 and earlier. The issue is an Improper Input Validation vulnerability that could allow arbitrary code execution in the context of the current user, with no user interaction required. The CVSS vector indicates network access, low atta...

10CVSS6.4AI score0.00855EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/30 3:12 p.m.50 views

CVE-2026-48277 ColdFusion | Improper Input Validation (CWE-20)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS0.00855EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 3:11 p.m.73 views

CVE-2026-48282 ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interactio...

10CVSS0.28583EPSS
Exploits3References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/29 4:12 p.m.5 views

Security Bulletin: Vulnerability in github.com/jackc/pgx/v5 bundled with IBM Fusion, IBM Fusion HCI, IBM Fusion Content-Aware Storage

Summary IBM Fusion, IBM Fusion HCI, IBM Fusion Content-Aware Storage include github.com/jackc/pgx/v5. It is vulnerable to memory-safety vulnerability. CVE-2026-33816 Vulnerability Details CVEID:CVE-2026-33816 DESCRIPTION: Memory-safety vulnerability in github.com/jackc/pgx/v5. CVSS Source: CISA A...

9.8CVSS5.8AI score0.00561EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/29 4:10 p.m.15 views

Security Bulletin: Multiple Vulnerabilities in bcprov package bundled with IBM Fusion, IBM Fusion HCI, IBM Fusion Data Cataloging, and IBM Fusion Content-Aware Storage

Summary IBM Fusion, IBM Fusion HCI, IBM Fusion Data Cataloging, and IBM Fusion Content-Aware Storage include bcprov library, which is susceptible to use of broken cryptographic algorithm, Improper neutralization, covert timing channel vulnerabilities CVE-2025-14813, CVE-2026-0636, CVE-2026-5598...

9.9CVSS6.7AI score0.00691EPSS
Exploits0Affected Software2
NVD
NVD
added 2026/06/26 3:16 p.m.5 views

CVE-2026-56008

Contributor Privilege Escalation in Fusion Builder = 3.15.4 versions...

8.8CVSS0.00278EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.34 views

CVE-2026-56008 WordPress Fusion Builder plugin <= 3.15.4 - Privilege Escalation vulnerability

Contributor Privilege Escalation in Fusion Builder = 3.15.4 versions...

8.8CVSS0.00278EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.15 views

CVE-2026-56008

CVE-2026-56008 affects WordPress Fusion Builder plugin versions

8.8CVSS5.8AI score0.00278EPSS
Exploits0References1
Rows per page
Query Builder