78 matches found
EUVD-2023-32867
Malicious code in bioql PyPI...
EUVD-2022-45415
Malicious code in bioql PyPI...
CVE-2025-49545
Adobe ColdFusion is affected by CVE-2025-49545 (SSRF leading to arbitrary file system read) in versions 2025.2, 2023.14, 2021.20 and earlier. A high-privilege authenticated attacker can force the application to make arbitrary requests by URL injection; exploitation requires no user interaction an...
CVE-2025-43566
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read. A high-privileged attacker could leverage this vulnerability to bypass security...
CVE-2025-43564
Adobe ColdFusion (versions 2025.1, 2023.13, 2021.19 and earlier) is affected by an Improper Access Control vulnerability that can allow arbitrary file system read. The issue stems from improper access restrictions and could let a high-privileged attacker access or modify sensitive data without au...
CVE-2025-43564 ColdFusion | Incorrect Authorization (CWE-863)
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. A high-privileged attacker could leverage this vulnerability to access or modify sensitive data without proper authorization...
CVE-2025-43563
CVE-2025-43563 affects Adobe ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier. It is an Improper Access Control vulnerability that could enable an attacker with high privileges to perform an arbitrary file system read, potentially accessing or modifying sensitive data. Exploitation requir...
CVE-2025-43563 ColdFusion | Improper Access Control (CWE-284)
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. A high-privileged attacker could leverage this vulnerability to access or modify sensitive data without proper authorization...
PT-2025-21123 · Adobe · Coldfusion
Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier Description: The issue is related to an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or...
CVE-2025-30281
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitation of this...
CVE-2025-30281
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution. A high-privileged attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitati...
CVE-2025-30281
CVE-2025-30281 affects Adobe ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier. The vulnerability is an Improper Access Control that could allow a high-privilege, remote attacker to access or modify sensitive data and potentially execute arbitrary code without user interaction. The issue’s...
CVE-2025-30281 ColdFusion | Improper Access Control (CWE-284)
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution. A high-privileged attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitati...
CVE-2025-30281 ColdFusion | Improper Access Control (CWE-284)
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution. A high-privileged attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitati...
GHSA-3FR3-GCQH-3M2G Magento Open Source Improper Input Validation vulnerability
Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to read files from the system outside of the intended...
GHSA-G9FM-WC6H-PVGJ Magento Open Source Server-Side Request Forgery (SSRF) vulnerability
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection ...
Magento Open Source Improper Input Validation vulnerability
Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to read files from the system outside of the intended...
Magento Open Source Server-Side Request Forgery (SSRF) vulnerability
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection ...
CVE-2024-45117
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to read files from the system outside of the intended directorie...
CVE-2024-45119
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection ...