Lucene search
K

591 matches found

NVD
NVD
added yesterday7 views

CVE-2026-48314

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain limited read and write access to...

6.5CVSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-48281

CVE-2026-48281 affects Adobe ColdFusion versions 2025.9, 2023.20 and earlier. The issue is an Improper Input Validation vulnerability that could allow arbitrary code execution in the context of the current user, with no user interaction required. The CVSS vector indicates network access, low atta...

10CVSS6.4AI score
Exploits0References1Affected Software1
Cvelist
Cvelist
added yesterday12 views

CVE-2026-48277 ColdFusion | Improper Input Validation (CWE-20)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday13 views

CVE-2026-48282 ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interactio...

10CVSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:2 p.m.8 views

CVE-2026-47931

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

9.9CVSS6.2AI score0.00555EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 8:33 p.m.32 views

CVE-2026-47929 ColdFusion | Incorrect Authorization (CWE-863)

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could exploit this vulnerability to gain elevated access or control over the victim...

8.4CVSS0.07535EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 8:33 p.m.20 views

CVE-2026-47930

CVE-2026-47930 affects ColdFusion versions 2023.19, 2025.8 and earlier. The issue is an Improper Input Validation vulnerability that allows a low-privileged attacker to bypass security measures and gain unauthorized read and write access, with exploitation not requiring user interaction. The CVSS...

8.1CVSS5.5AI score0.0039EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.23 views

PT-2026-48269

Name of the Vulnerable Software and Affected Versions ColdFusion versions 2023.19 and earlier ColdFusion versions 2025.8 and earlier Description An incorrect authorization flaw allows a high-privileged attacker to achieve arbitrary code execution in the context of the current user. This issue...

9.1CVSS6AI score0.07535EPSS
Exploits0References3
OSV
OSV
added 2026/03/16 8:46 p.m.2 views

GHSA-F7CQ-GVH6-QR25 Monitoring is vulnerable to Archive Slip due to missing checks in sanitization

The sanitizeArchivePath function in pkg/extract/extract.go lines 248–254 is vulnerable to a path traversal bypass due to a missing trailing path separator in the strings.HasPrefix check. A crafted tar archive can write files outside the intended destination directory when using the extractor CLI...

9.8CVSS5.9AI score0.00655EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/03/16 8:46 p.m.12 views

Monitoring is vulnerable to Archive Slip due to missing checks in sanitization

The sanitizeArchivePath function in pkg/extract/extract.go lines 248–254 is vulnerable to a path traversal bypass due to a missing trailing path separator in the strings.HasPrefix check. A crafted tar archive can write files outside the intended destination directory when using the extractor CLI...

9.8CVSS5.9AI score0.00655EPSS
Exploits1References5Affected Software1
Akamai Blog
Akamai Blog
added 2026/03/12 12:0 p.m.5 views

Build Serverless Functions with Zero Cold Starts: WebAssembly and Spin

...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/05 12:0 a.m.3 views

GNSS SpAmming: A Spoofing-Based GNSS Denial-Of-Service Attack

GNSSs are vulnerable to attacks of two kinds: jamming i.e. denying access to the signal and spoofing i.e. impersonating a legitimate satellite. These attacks have been extensively studied, and we have a myriad of countermeasures to mitigate them. In this paper we expose a new type of attack:...

5.6AI score
Exploits0
Snyk
Snyk
added 2026/02/04 5:2 a.m.2 views

Malicious Package

Overview react-toast-cold is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/28 8:21 a.m.6 views

Malicious code in react-toast-cold (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10dcf80d6b6e15bcfb18c2f1a4211efd1c79f6f66e8aa34bbab7107a90d1da86 The package react-toast-cold was found to contain malicious code. Source: ghsa-malware dc67550f336ea3c52946bb6d0ab4f031eee7a60cc562b0fd4220750c72f086...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/01/28 8:21 a.m.8 views

MAL-2026-626 Malicious code in react-toast-cold (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10dcf80d6b6e15bcfb18c2f1a4211efd1c79f6f66e8aa34bbab7107a90d1da86 The package react-toast-cold was found to contain malicious code. Source: ghsa-malware dc67550f336ea3c52946bb6d0ab4f031eee7a60cc562b0fd4220750c72f086...

5.7AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:52 a.m.7 views

CVE-2022-42250

Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/inquiries/viewdetails.php?id=...

7.2CVSS7.9AI score0.00837EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:52 a.m.7 views

CVE-2022-42243

Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/storages/managestorage.php?id=...

7.2CVSS7.9AI score0.00854EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:51 a.m.6 views

CVE-2022-42230

Simple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/admin/?page=user/manageuser=...

7.2CVSS8.1AI score0.00617EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/01/08 9:46 p.m.3 views

coldsnap (>=0.4.0 <=0.5.1) potentially affected by unknown CVE via aws-sdk-ebs (>=0.16.0 <=0.24.0)

aws-sdk-ebs CARGO version =0.16.0, =0.4.0, =0.5.1 Source cves: unknown CVE Source advisory: OSV:GHSA-G59M-GF8J-GJF5...

5.8AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2025/12/31 10:0 a.m.3 views

Discovering the Dimensions of a New Cold War

The United States’ plan for dealing with Putin’s Russia and Xi’s China remains ill-defined among a shifting global order. That must change...

7AI score
Exploits0
Rows per page
Query Builder