Lucene search
K

14 matches found

RedhatCVE
RedhatCVE
added 2025/12/11 12:3 a.m.6 views

CVE-2025-61822

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could exploit this vulnerability to write malicious files to arbitrary locations on the file system. Exploitation of this...

6.2CVSS6.6AI score0.00637EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/11 12:3 a.m.10 views

CVE-2025-61823

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. A high privileged attacker could exploit this vulnerability to access sensitive files and data on th...

6.2CVSS6.4AI score0.00413EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/10 12:30 a.m.17 views

EUVD-2025-202341

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could allow a high privileged attacker to gain arbitrary code execution. Exploitation of this issue does not require user interaction...

8.4CVSS7AI score0.037EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/10 12:30 a.m.10 views

EUVD-2025-202339

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could lead to arbitrary code execution by a high priviledged attacker. Exploitation of this issue does not require user interaction and scope is changed...

9.1CVSS7.1AI score0.08453EPSS
Exploits0References2
NVD
NVD
added 2025/12/10 12:16 a.m.5 views

CVE-2025-64897

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Access Control vulnerability. A low privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized write access potentially resulting in denial of service...

5.6CVSS0.00106EPSS
Exploits0References1
NVD
NVD
added 2025/12/10 12:16 a.m.6 views

CVE-2025-61821

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and data on the server. Explo...

6.8CVSS0.0045EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.4 views

Adobe ColdFusion 代码问题漏洞

Adobe ColdFusion is a dynamic Web server platform and application development framework maintained by Adobe for rapidly building and deploying data-driven dynamic Web sites, Web applications, and enterprise-class services. Adobe ColdFusion suffers from an improperly restricted XML external entity...

8.6CVSS5.9AI score0.00466EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.5 views

Adobe ColdFusion 输入验证错误漏洞

Adobe ColdFusion is a dynamic Web server platform and application development framework maintained by Adobe for rapidly building and deploying data-driven dynamic Web sites, Web applications, and enterprise-class services. An improper input validation vulnerability exists in Adobe ColdFusion, whi...

6.2CVSS5.9AI score0.00637EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.5 views

Adobe ColdFusion 输入验证错误漏洞

Adobe ColdFusion is a suite of rapid application development platforms from the American company Audobee Adobe. The platform includes an integrated development environment and a scripting language. An input validation error vulnerability exists in Adobe ColdFusion versions 2025.4, 2023.16, 2021.2...

9.1CVSS6AI score0.00564EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/09 11:41 p.m.41 views

CVE-2025-61808 ColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434)

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could lead to arbitrary code execution by a high priviledged attacker. Exploitation of this issue does not require user interaction and scope is changed...

9.1CVSS0.08453EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/09 11:41 p.m.4 views

CVE-2025-61812 ColdFusion | Improper Input Validation (CWE-20)

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could allow a high privileged attacker to gain arbitrary code execution. Exploitation of this issue does not require user interaction...

8.4CVSS7.2AI score0.037EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/09 11:41 p.m.1 views

CVE-2025-61821 ColdFusion | Improper Restriction of XML External Entity Reference ('XXE') (CWE-611)

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and data on the server. Explo...

6.8CVSS6AI score0.0045EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/09 11:41 p.m.28 views

CVE-2025-61823 ColdFusion | Improper Restriction of XML External Entity Reference ('XXE') (CWE-611)

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. A high privileged attacker could exploit this vulnerability to access sensitive files and data on th...

6.2CVSS0.00413EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.6 views

PT-2025-50281

Name of the Vulnerable Software and Affected Versions ColdFusion versions 2025.4, 2023.16, and 2021.22 and earlier Description ColdFusion versions 2025.4, 2023.16, and 2021.22 and earlier are susceptible to an unrestricted file upload issue with dangerous file types. Successful exploitation of th...

9.1CVSS7AI score0.08453EPSS
Exploits0References11
Rows per page
Query Builder