Lucene search
K

78 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-32867

Malicious code in bioql PyPI...

4.9CVSS5.2AI score0.00861EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-45415

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.33841EPSS
Exploits0References1
CVE
CVE
added 2025/07/08 8:49 p.m.22 views

CVE-2025-49545

Adobe ColdFusion is affected by CVE-2025-49545 (SSRF leading to arbitrary file system read) in versions 2025.2, 2023.14, 2021.20 and earlier. A high-privilege authenticated attacker can force the application to make arbitrary requests by URL injection; exploitation requires no user interaction an...

6.2CVSS6.7AI score0.00362EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/15 9:14 p.m.17 views

CVE-2025-43566

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read. A high-privileged attacker could leverage this vulnerability to bypass security...

6.8CVSS6.9AI score0.3768EPSS
Exploits0References3
CVE
CVE
added 2025/05/13 8:49 p.m.67 views

CVE-2025-43564

Adobe ColdFusion (versions 2025.1, 2023.13, 2021.19 and earlier) is affected by an Improper Access Control vulnerability that can allow arbitrary file system read. The issue stems from improper access restrictions and could let a high-privileged attacker access or modify sensitive data without au...

9.1CVSS6.1AI score0.09273EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/05/13 8:49 p.m.19 views

CVE-2025-43564 ColdFusion | Incorrect Authorization (CWE-863)

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. A high-privileged attacker could leverage this vulnerability to access or modify sensitive data without proper authorization...

9.1CVSS0.09273EPSS
Exploits0References1
CVE
CVE
added 2025/05/13 8:49 p.m.63 views

CVE-2025-43563

CVE-2025-43563 affects Adobe ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier. It is an Improper Access Control vulnerability that could enable an attacker with high privileges to perform an arbitrary file system read, potentially accessing or modifying sensitive data. Exploitation requir...

9.1CVSS6.1AI score0.09517EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/13 8:49 p.m.9 views

CVE-2025-43563 ColdFusion | Improper Access Control (CWE-284)

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. A high-privileged attacker could leverage this vulnerability to access or modify sensitive data without proper authorization...

9.1CVSS6.1AI score0.09517EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/13 12:0 a.m.4 views

PT-2025-21123 · Adobe · Coldfusion

Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier Description: The issue is related to an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or...

9.8CVSS6AI score0.09517EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/04/10 9:8 p.m.18 views

CVE-2025-30281

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitation of this...

9.8CVSS6.8AI score0.14812EPSS
Exploits0References3
NVD
NVD
added 2025/04/08 8:15 p.m.10 views

CVE-2025-30281

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution. A high-privileged attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitati...

9.1CVSS0.14812EPSS
Exploits0References1
CVE
CVE
added 2025/04/08 8:2 p.m.79 views

CVE-2025-30281

CVE-2025-30281 affects Adobe ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier. The vulnerability is an Improper Access Control that could allow a high-privilege, remote attacker to access or modify sensitive data and potentially execute arbitrary code without user interaction. The issue’s...

9.1CVSS9.4AI score0.14812EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/04/08 8:2 p.m.12 views

CVE-2025-30281 ColdFusion | Improper Access Control (CWE-284)

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution. A high-privileged attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitati...

9.1CVSS0.14812EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/08 8:2 p.m.8 views

CVE-2025-30281 ColdFusion | Improper Access Control (CWE-284)

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution. A high-privileged attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitati...

9.1CVSS9.4AI score0.14812EPSS
Exploits0References1
OSV
OSV
added 2024/10/10 12:31 p.m.9 views

GHSA-3FR3-GCQH-3M2G Magento Open Source Improper Input Validation vulnerability

Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to read files from the system outside of the intended...

7.6CVSS7.6AI score0.00852EPSS
Exploits0References3
OSV
OSV
added 2024/10/10 12:31 p.m.8 views

GHSA-G9FM-WC6H-PVGJ Magento Open Source Server-Side Request Forgery (SSRF) vulnerability

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection ...

4.9CVSS5.4AI score0.00761EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/10/10 12:31 p.m.19 views

Magento Open Source Improper Input Validation vulnerability

Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to read files from the system outside of the intended...

7.6CVSS6.7AI score0.00852EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/10/10 12:31 p.m.19 views

Magento Open Source Server-Side Request Forgery (SSRF) vulnerability

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection ...

4.9CVSS5AI score0.00761EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/10/10 10:15 a.m.18 views

CVE-2024-45117

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to read files from the system outside of the intended directorie...

7.6CVSS0.00852EPSS
Exploits0References1
OSV
OSV
added 2024/10/10 10:15 a.m.11 views

CVE-2024-45119

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection ...

4.9CVSS5.4AI score
Exploits0References1
Rows per page
Query Builder