Lucene search

K

13 matches found

CVE
CVE
added 2025/07/08 9:15 p.m.10 views

CVE-2025-49551

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a Use of Hard-coded Credentials vulnerability that could result in privilege escalation. An attacker could leverage this vulnerability to gain unauthorized access to sensitive systems or data. Exploitation of this issue does n...

8.8CVSS6.5AI score0.00029EPSS
CVE
CVE
added 2025/07/08 9:15 p.m.9 views

CVE-2025-49535

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in a Security feature bypass. An attacker could exploit this vulnerability to access sensitive information or denial of service b...

9.3CVSS6.4AI score0.00046EPSS
CVE
CVE
added 2025/07/08 9:15 p.m.7 views

CVE-2025-49537

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead to arbitrary code execution by a high-privileged attacker. Exploitation of this issue requires user in...

7.9CVSS7.3AI score0.00119EPSS
CVE
CVE
added 2025/07/08 9:15 p.m.7 views

CVE-2025-49546

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Access Control vulnerability that could lead to a partial application denial-of-service. A high-privileged attacker could exploit this vulnerability to partially disrupt the availability of the application. Exploit...

2.4CVSS6AI score0.00034EPSS
CVE
CVE
added 2025/07/08 9:15 p.m.6 views

CVE-2025-49536

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of thi...

7.3CVSS6.5AI score0.0004EPSS
CVE
CVE
added 2025/07/08 9:15 p.m.6 views

CVE-2025-49538

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an XML Injection vulnerability that could lead to arbitrary file system read. An attacker can exploit this issue by injecting crafted XML or XPath queries to access unauthorized files or lead to denial of service. Exploitation...

7.4CVSS6.9AI score0.00101EPSS
CVE
CVE
added 2025/07/08 9:15 p.m.6 views

CVE-2025-49542

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of...

5.2CVSS5.6AI score0.00058EPSS
CVE
CVE
added 2025/07/08 9:15 p.m.6 views

CVE-2025-49544

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to access sensitive information or byp...

6.8CVSS6.1AI score0.00121EPSS
CVE
CVE
added 2025/07/08 9:15 p.m.5 views

CVE-2025-49539

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in a security feature bypass. A high-privileged attacker could leverage this vulnerability to access sensitive information. Explo...

4.5CVSS6.3AI score0.00044EPSS
CVE
CVE
added 2025/07/08 9:15 p.m.5 views

CVE-2025-49540

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...

4.3CVSS5.1AI score0.00036EPSS
CVE
CVE
added 2025/07/08 9:15 p.m.5 views

CVE-2025-49541

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...

4.3CVSS5.1AI score0.00036EPSS
CVE
CVE
added 2025/07/08 9:15 p.m.5 views

CVE-2025-49543

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...

4.3CVSS5.1AI score0.00036EPSS
CVE
CVE
added 2025/07/08 9:15 p.m.5 views

CVE-2025-49545

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privilege authenticated attacker can force the application to make arbitrary requests via injection of URLs. Exploitation...

6.2CVSS6.7AI score0.00026EPSS