CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/06/09 8:33 p.m.•32 views

CVE-2026-47929 ColdFusion | Incorrect Authorization (CWE-863)

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could exploit this vulnerability to gain elevated access or control over the victim...

8.4CVSS0.07535EPSS

Vulnrichment•added 2026/06/09 8:33 p.m.•8 views

CVE-2026-47929 ColdFusion | Incorrect Authorization (CWE-863)

8.4CVSS6.2AI score0.07535EPSS

EUVD•added 2026/06/09 8:33 p.m.•9 views

EUVD-2026-35833

8.4CVSS6.2AI score0.07535EPSS

CVE•added 2026/06/09 8:33 p.m.•21 views

CVE-2026-47929

CVE-2026-47929 affects Adobe ColdFusion versions 2023.19, 2025.8 and earlier. The issue is an incorrect authorization vulnerability that could enable arbitrary code execution in the context of the current user. Exploitation does not require user interaction, and the vulnerability could allow a hi...

9.1CVSS6.2AI score0.07535EPSS

Cvelist•added 2026/06/09 8:33 p.m.•34 views

CVE-2026-47928 ColdFusion | Improper Input Validation (CWE-20)

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

9.6CVSS0.08871EPSS

Vulnrichment•added 2026/06/09 8:33 p.m.•6 views

CVE-2026-47928 ColdFusion | Improper Input Validation (CWE-20)

9.6CVSS6.2AI score0.08871EPSS

CVE•added 2026/06/09 8:33 p.m.•33 views

CVE-2026-47928

CVE-2026-47928 affects ColdFusion versions 2023.19, 2025.8 and earlier. The issue is an Improper Input Validation vulnerability that could allow arbitrary code execution in the context of the current user . Exploitation is possible without user interaction, and the document set notes a scope chan...

10CVSS6.2AI score0.08871EPSS

EUVD•added 2026/06/09 8:33 p.m.•8 views

EUVD-2026-35830

9.6CVSS6.2AI score0.08871EPSS

Cvelist•added 2026/06/09 8:33 p.m.•37 views

CVE-2026-47931 ColdFusion | Improper Input Validation (CWE-20)

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. An attacker with high privileges could exploit this vulnerability to execute arbitrary code. Exploitation of...

8.4CVSS0.00634EPSS

EUVD•added 2026/06/09 8:33 p.m.•21 views

EUVD-2026-35829

8.4CVSS6.2AI score0.00634EPSS

Vulnrichment•added 2026/06/09 8:33 p.m.•8 views

CVE-2026-47931 ColdFusion | Improper Input Validation (CWE-20)

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. An attacker with high privileges could exploit this vulnerability to execute arbitrary code. Exploitation of...

8.4CVSS6.5AI score0.00634EPSS

CVE•added 2026/06/09 8:33 p.m.•17 views

CVE-2026-47931

This CVE affects Adobe ColdFusion versions 2023.19, 2025.8 and earlier. It is caused by improper input validation that could allow arbitrary code execution in the context of the current user, with exploitation not requiring user interaction. The connected advisories indicate updates have been rel...

9.9CVSS6.5AI score0.00634EPSS

OSV•added 2026/06/09 8:29 p.m.•4 views

MAL-2026-5469 Malicious code in getd-transactional-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe5e89f2411faf9265508a84772d5667bb3095cf28937bb9e9ab80a215ff4208 On npm install, postinstall.js issues an HTTPS GET to https://webhook.site/18dc4281-d366-438a-9186-76fbcd56ade5 carrying os.hostname,...

OSV•added 2026/06/09 8:29 p.m.•9 views

MAL-2026-5471 Malicious code in getd-ui-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fcdbf66757b102ed524f01c498adae819b02968aa455f57316f4e08af1fb9ea0 On npm install, postinstall.js runs unconditionally scripts.postinstall = 'node postinstall.js' and sends an HTTPS GET to a hardcoded webhook.site UR...

OSSF Malicious Packages•added 2026/06/09 8:25 p.m.•11 views

Malicious code in getd-web-corporativa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6751d3ca04c2ae596f7e809e339770edaed576060d361c061311960b0a3a7033 On npm install, postinstall.js performs an HTTPS GET to a hardcoded webhook.site receiver, leaking the installer's hostname, OS username, platform,...

OSV•added 2026/06/09 8:25 p.m.•10 views

MAL-2026-5472 Malicious code in getd-web-corporativa (npm)

Snyk•added 2026/06/09 8:24 p.m.•6 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow through the FTS5 extension when processing a crafted database containing malformed FTS5 page data. An attacker can cause process crashes, memory exhaustion, or execute arbitrary code by supplying a specially...

8.5CVSS6.2AI score0.00175EPSS

Exploits0References2

OSSF Malicious Packages•added 2026/06/09 8:21 p.m.•11 views

Malicious code in ipy-rev-proxy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 591a0d253aee02115544f9bcac7609e62d8c18a9ac60cc4967d7d6e8c7f7d555 On npm install, index.js runs as a preinstall hook and POSTs hostname, username, platform, architecture, cwd, CI flags, and npm user-agent to...

5.6AI score