107 matches found
PT-2026-32764
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue...
CVE-2026-21272
Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could leverage this vulnerability to manipulate or inject malicious data into files on the system. Exploitation of this issue requir...
CVE-2025-61822
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could exploit this vulnerability to write malicious files to arbitrary locations on the file system. Exploitation of this...
CVE-2025-61821
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and data on the server...
CVE-2025-61811
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. A high privileged attacker could leverage this vulnerability to bypass security measures and execute...
CVE-2025-61808 ColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434)
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could lead to arbitrary code execution by a high priviledged attacker. Exploitation of this issue does not require user interaction and scope is changed...
CVE-2025-61808 ColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434)
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could lead to arbitrary code execution by a high priviledged attacker. Exploitation of this issue does not require user interaction and scope is changed...
CVE-2025-61822 ColdFusion | Improper Input Validation (CWE-20)
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could exploit this vulnerability to write malicious files to arbitrary locations on the file system. Exploitation of this...
PT-2025-50287
Name of the Vulnerable Software and Affected Versions ColdFusion versions 2025.4, 2023.16, and 2021.22 and earlier Description ColdFusion is affected by an Improper Restriction of XML External Entity Reference 'XXE' issue that could allow an attacker to read arbitrary files from the system. An...
CVE-2025-61796
Adobe Experience Manager versions 11.6 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse...
CVE-2025-49552
Adobe Connect is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability in versions 12.9 and earlier. The issue is caused by improper handling/validation of user input, enabling a high-privileged attacker to execute scripts in a victim’s browser and potentially hijack a session. Exploit...
CVE-2025-54266 Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript ma...
PT-2025-42203
Name of the Vulnerable Software and Affected Versions Adobe Connect versions 12.9 and earlier Description A DOM-based Cross-Site Scripting XSS issue exists in Adobe Connect. A high-privileged attacker could exploit this to execute malicious scripts in a victim’s browser. Exploitation requires a...
EUVD-2025-24448
Malicious code in bioql PyPI...
CVE-2025-54261
ColdFusion versions 2025.3, 2023.15, 2021.21 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary code execution by an attacker. The victim must have optional configurations enabled. Scope is changed...
PT-2025-36859
Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2025.3, 2023.15, 2021.21 and earlier Description: ColdFusion versions 2025.3, 2023.15, and 2021.21 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' issue. This cou...
Magento Cross-site Scripting vulnerability
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form fields. These scripts may be...
GHSA-8MQ8-C243-2335 Magento Cross-site Scripting vulnerability
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form fields. These scripts may be...
CVE-2025-49555
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Cross-Site Request Forgery CSRF vulnerability that could result in privilege escalation. A high-privileged attacker could trick a victim into executing unintended actions on a w...
CVE-2025-49557 Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form fields. A successful attacker...