Lucene search
K

107 matches found

Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.5 views

PT-2026-32764

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue...

9.3CVSS5.8AI score0.00304EPSS
Exploits0References4
OSV
OSV
added 2026/01/13 7:16 p.m.1 views

CVE-2026-21272

Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could leverage this vulnerability to manipulate or inject malicious data into files on the system. Exploitation of this issue requir...

8.6CVSS5.9AI score0.00195EPSS
Exploits0References1
OSV
OSV
added 2025/12/10 12:16 a.m.3 views

CVE-2025-61822

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could exploit this vulnerability to write malicious files to arbitrary locations on the file system. Exploitation of this...

6.2CVSS5.9AI score0.00637EPSS
Exploits0References1
OSV
OSV
added 2025/12/10 12:16 a.m.4 views

CVE-2025-61821

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and data on the server...

8.6CVSS5.9AI score0.0045EPSS
Exploits0References1
OSV
OSV
added 2025/12/10 12:16 a.m.6 views

CVE-2025-61811

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. A high privileged attacker could leverage this vulnerability to bypass security measures and execute...

9.1CVSS6.3AI score0.01048EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/09 11:41 p.m.40 views

CVE-2025-61808 ColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434)

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could lead to arbitrary code execution by a high priviledged attacker. Exploitation of this issue does not require user interaction and scope is changed...

9.1CVSS0.08453EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/09 11:41 p.m.4 views

CVE-2025-61808 ColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434)

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could lead to arbitrary code execution by a high priviledged attacker. Exploitation of this issue does not require user interaction and scope is changed...

9.1CVSS7.3AI score0.08453EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/09 11:41 p.m.3 views

CVE-2025-61822 ColdFusion | Improper Input Validation (CWE-20)

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could exploit this vulnerability to write malicious files to arbitrary locations on the file system. Exploitation of this...

6.2CVSS6.5AI score0.00637EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.6 views

PT-2025-50287

Name of the Vulnerable Software and Affected Versions ColdFusion versions 2025.4, 2023.16, and 2021.22 and earlier Description ColdFusion is affected by an Improper Restriction of XML External Entity Reference 'XXE' issue that could allow an attacker to read arbitrary files from the system. An...

8.6CVSS6AI score0.0045EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/10/15 9:37 p.m.7 views

CVE-2025-61796

Adobe Experience Manager versions 11.6 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse...

5.4CVSS5.4AI score0.00217EPSS
Exploits0References1
CVE
CVE
added 2025/10/14 9:53 p.m.18 views

CVE-2025-49552

Adobe Connect is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability in versions 12.9 and earlier. The issue is caused by improper handling/validation of user input, enabling a high-privileged attacker to execute scripts in a victim’s browser and potentially hijack a session. Exploit...

8.1CVSS5.5AI score0.00357EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/10/14 8:27 p.m.7 views

CVE-2025-54266 Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript ma...

4.8CVSS0.00247EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/14 12:0 a.m.6 views

PT-2025-42203

Name of the Vulnerable Software and Affected Versions Adobe Connect versions 12.9 and earlier Description A DOM-based Cross-Site Scripting XSS issue exists in Adobe Connect. A high-privileged attacker could exploit this to execute malicious scripts in a victim’s browser. Exploitation requires a...

8.1CVSS5.2AI score0.00357EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-24448

Malicious code in bioql PyPI...

8.7CVSS6.3AI score0.00604EPSS
Exploits0References2
NVD
NVD
added 2025/09/09 5:15 p.m.3 views

CVE-2025-54261

ColdFusion versions 2025.3, 2023.15, 2021.21 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary code execution by an attacker. The victim must have optional configurations enabled. Scope is changed...

10CVSS0.19934EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.2 views

PT-2025-36859

Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2025.3, 2023.15, 2021.21 and earlier Description: ColdFusion versions 2025.3, 2023.15, and 2021.21 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' issue. This cou...

10CVSS7AI score0.19934EPSS
Exploits0References14
Github Security Blog
Github Security Blog
added 2025/08/12 6:31 p.m.5 views

Magento Cross-site Scripting vulnerability

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form fields. These scripts may be...

8.7CVSS5.6AI score0.00604EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2025/08/12 6:31 p.m.4 views

GHSA-8MQ8-C243-2335 Magento Cross-site Scripting vulnerability

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form fields. These scripts may be...

8.7CVSS5.6AI score0.00604EPSS
Exploits0References2
NVD
NVD
added 2025/08/12 6:15 p.m.2 views

CVE-2025-49555

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Cross-Site Request Forgery CSRF vulnerability that could result in privilege escalation. A high-privileged attacker could trick a victim into executing unintended actions on a w...

8.1CVSS0.0085EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/12 5:55 p.m.8 views

CVE-2025-49557 Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form fields. A successful attacker...

8.7CVSS0.00604EPSS
Exploits0References1
Rows per page
Query Builder