CVE-2026-4913

Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to retain access when their account has been disabled...

CVE-2026-4913

Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to retain access when their account has been disabled...

CVE-2026-4913

Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to retain access when their account has been disabled...

PT-2026-32647

Name of the Vulnerable Software and Affected Versions Ivanti N-ITSM versions prior to 2025.4 Description Improper protection of an alternate path allows a remote authenticated attacker to retain access to the system even after their account has been disabled. Recommendations Update to version...

CVE-2026-2258

A flaw has been found in aardappel lobster up to 2025.4. Affected by this vulnerability is the function WaveFunctionCollapse in the library dev/src/lobster/wfc.h. Executing a manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been published and ma...

PT-2026-7197

A flaw has been found in aardappel lobster up to 2025.4. Affected by this vulnerability is the function WaveFunctionCollapse in the library dev/src/lobster/wfc.h. Executing a manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been published and ma...

PT-2026-7208

A vulnerability has been found in aardappel lobster up to 2025.4. Affected by this issue is the function lobster::Parser::ParseStatements in the library dev/src/lobster/parser.h of the component Parsing. The manipulation leads to memory corruption. The attack can only be performed from a local...

CVE-2025-61813

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files on the server. Exploitation o...

EUVD-2025-202343

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could result in limited unauthorized write access. An attacker could leverage this vulnerability to gain unauthorized access by exploiting improperly stored or...

Adobe ColdFusion 代码问题漏洞

Adobe ColdFusion is a suite of rapid application development platforms from the American company Audobee Adobe. The platform includes an integrated development environment and a scripting language. A code issue vulnerability exists in Adobe ColdFusion versions 2025.4, 2023.16, 2021.22, and prior...

Adobe ColdFusion 安全漏洞

Adobe ColdFusion is a dynamic Web server platform and application development framework maintained by Adobe for rapidly building and deploying data-driven dynamic Web sites, Web applications, and enterprise-class services. Adobe ColdFusion suffers from an insufficiently protected credentials...

Adobe ColdFusion 代码问题漏洞

Adobe ColdFusion is a suite of rapid application development platforms from the American company Audobee Adobe. The platform includes an integrated development environment and a scripting language. A code issue vulnerability exists in Adobe ColdFusion versions 2025.4, 2023.16, 2021.22, and prior...

CVE-2025-61821 ColdFusion | Improper Restriction of XML External Entity Reference ('XXE') (CWE-611)

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and data on the server...

CVE-2025-61809 ColdFusion | Improper Input Validation (CWE-20)

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access. Exploitation o...

PT-2025-50288

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could exploit this vulnerability to write malicious files to arbitrary locations on the file system. Exploitation of this...

PT-2025-50287

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and data on the server...

N-able N-central 安全漏洞

N-able N-central is an RMM platform from N-able Canada Inc. provides large-scale management, automation and orchestration capabilities for sophisticated MSPs and IT professionals. A security vulnerability exists in N-able N-central versions prior to 2025.4 that stems from a deserialization issue...

PT-2025-91: Local Privilege Escalation in Mullvad VPN

The vulnerability was identified in Mullvad VPN, version 2025.4. The discovered vulnerability allows an attacker to escalate privileges from a normal user to root. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 24.06.2025 Recommendations: Update to version 2025.7 or...

Autodesk Navisworks Freedom 25.0.x < 2025.4 Multiple Vulnerabilities (adsk-sa-2024-0027)

The version of Autodesk Navisworks Freedom installed on the remote host is prior to 2025.4. It is, therefore, affected by multiple vulnerabilities as referenced in the adsk-sa-2024-0027 advisory. - A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bound...