Masa CMS 跨站请求伪造漏洞

Masa CMS is a digital experience platform operated by Masa CMS organization. Versions of Masa CMS 7.5.2 and earlier contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the createBundle method in csettings.cfc, which did not properly validate the anti-CSRF token...

CVE-2026-40329

Masa CMS is an open source content management system. In versions 7.5.2 and earlier, a SQL injection vulnerability exists in the beanFeed.cfc component within the getQuery function's processing of the sortBy parameter. The application fails to properly sanitize or parameterize this input before...

CVE-2026-40330

Masa CMS is an open source content management system. In versions 7.2.0 through 7.2.9, 7.3.0 through 7.3.14, 7.4.0 through 7.4.9, and 7.5.0 through 7.5.2, a SQL injection vulnerability exists in the beanFeed.cfc component within the getQuery function's handling of the sortDirection parameter. The...

CVE-2025-67830

Mura before 10.1.14 allows beanFeed.cfc getQuery sortby SQL injection...

Mura 安全漏洞

Mura is a content management system developed by Mura Corporation. Versions of Mura prior to 10.1.14 contained security vulnerabilities, which were caused by SQL injection attacks in the getQuery and sortby parameters of the beanFeed.cfc file...

PT-2026-26085

CVE-2025-67829 Mura before 10.1.14 allows beanFeed.cfc getQuery sortDirection SQL injection. https://t.co/EsT6nGpd9g...

PT-2026-26086

CVE-2025-67830 Mura before 10.1.14 allows beanFeed.cfc getQuery sortby SQL injection. https://t.co/IUknqurxhS...

CVE-2025-67830

Mura before 10.1.14 allows beanFeed.cfc getQuery sortby SQL injection...

Mura 安全漏洞

Mura is a content management system developed by Mura Corporation. Versions of Mura prior to 10.1.14 contained security vulnerabilities, which were caused by SQL injection attacks in the getQuery sortDirection parameter of the beanFeed.cfc file...

PT-2026-3782

Name of the Vulnerable Software and Affected Versions Tenda AX-1806 version 1.0.0.1 Description The Tenda AX-1806 device contains a stack overflow issue in the time parameter of the sub 60CFC function. A crafted request can trigger a Denial of Service DoS. The time parameter is vulnerable...

EUVD-2008-1657

Malware in sbrugna...

EUVD-2014-6729

Malware in sbrugna...

MAL-2024-10952 Malicious code in cfc-i18n (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 80e9bcf726b0cddf43089f7e5225471ba86fc21687c8987ec61276e9196dd994 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in cfc-i18n (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 80e9bcf726b0cddf43089f7e5225471ba86fc21687c8987ec61276e9196dd994 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-44350 ColdFusion | Deserialization of Untrusted Data (CWE-502)

Adobe ColdFusion versions 2023.5 and earlier and 2021.11 and earlier are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction...

Improper access control

Adobe ColdFusion versions 2018u18 and earlier, 2021u8 and earlier and 2023u2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints...

cfc.gov.lk Cross Site Scripting vulnerability OBB-2436184

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

cfc-fanpage.de XSS vulnerability

Open Bug Bounty ID: OBB-611528 Description| Value ---|--- Affected Website:| cfc-fanpage.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Siemens SIMATIC ProSave, SIMATIC CFC, SIMATIC STEP 7, SIMOTION Scout, and STARTER Insufficiently Qualified Paths (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-064-02 Siemens SIMATIC ProSave, SIMATIC CFC, SIMATIC STEP 7, SIMOTION Scout, and STARTER Insufficiently Qualified Paths that was published March 5, 2015, on the NCCIC/ICS‑CERT web site. Ivan Sanchez from...

CVE-2014-6851

The New Beginnings CFC aka com.goodbarber.nbcfc application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...