CVE-2023-53880

Lucee 5.4.2.17 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through administrative interface parameters. Attackers can craft specific payloads targeting admin pages like server.cfm and web.cfm to execute arbitrary JavaScri...

EUVD-2025-19755

Malicious code in bioql PyPI...

EUVD-2024-54395

Malicious code in bioql PyPI...

CVE-2025-34074

An authenticated remote code execution vulnerability exists in Lucee’s administrative interface due to insecure design in the scheduled task functionality. An administrator with access to /lucee/admin/web.cfm can configure a scheduled job to retrieve a remote .cfm file from an attacker-controlled...

CVE-2025-34074

An authenticated remote code execution vulnerability exists in Lucee’s administrative interface due to insecure design in the scheduled task functionality. An administrator with access to /lucee/admin/web.cfm can configure a scheduled job to retrieve a remote .cfm file from an attacker-controlled...

PT-2025-27666

Name of the Vulnerable Software and Affected Versions: Lucee versions 5.x through 6.x Description: An authenticated remote code execution issue exists in Lucee's administrative interface due to insecure design in the scheduled task functionality. An administrator with access to /lucee/admin/web.c...

CVE-2024-55354

Lucee before 5.4.7.3 LTS and 6 before 6.1.1.118, when an attacker can place files on the server, is vulnerable to a protection mechanism failure that can let an attacker run code that would be expected to be blocked and access resources that would be expected to be protected...

CVE-2024-55354

Lucee before 5.4.7.3 LTS and 6 before 6.1.1.118, when an attacker can place files on the server, is vulnerable to a protection mechanism failure that can let an attacker run code that would be expected to be blocked and access resources that would be expected to be protected...

CVE-2024-55354

CVE-2024-55354 affects Lucee before 5.4.7.3 LTS and 6 before 6.1.1.118. A protection mechanism failure allows an attacker who can place files on the server to run code that should be blocked and access resources that should be protected, enabling arbitrary code execution with Lucee service accoun...

CVE-2024-55354

Lucee before 5.4.7.3 LTS and 6 before 6.1.1.118, when an attacker can place files on the server, is vulnerable to a protection mechanism failure that can let an attacker run code that would be expected to be blocked and access resources that would be expected to be protected...

CVE-2024-55354

Lucee before 5.4.7.3 LTS and 6 before 6.1.1.118, when an attacker can place files on the server, is vulnerable to a protection mechanism failure that can let an attacker run code that would be expected to be blocked and access resources that would be expected to be protected...

Lucee 安全漏洞

Lucee is a high-performance open source CFML server written in Java by Lucee Open Source. A security vulnerability exists in Lucee versions prior to 6.1.1.118 that stems from a protection mechanism failure that could lead to code execution and access to protected resources...

Lucee RCE/XXE Vulnerability

Impact The Lucee team received a responsible disclosure of a security vulnerability which affects all previous releases of Lucee. After reviewing the report and confirming the vulnerability, the Lucee team then conducted a further security review and found additional vulnerabilities which have be...