cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-53961,https://securityvulnerability.io/vulnerability/CVE-2024-53961,Path Traversal Vulnerability in ColdFusion by Adobe,"Adobe ColdFusion versions 2023.11, 2021.17, and earlier are affected by a vulnerability that allows attackers to bypass restrictions on directory access. This path traversal vulnerability could enable unauthorized users to read files from the file system, potentially compromising sensitive data and allowing manipulation of system information. It poses a significant risk, as attackers may exploit this weakness to navigate outside the limited directories defined by the application, thus accessing and disclosing confidential files.",Adobe,Coldfusion,7.4,HIGH,0.000910000002477318,false,true,false,true,,false,false,2024-12-23T20:11:38.875Z,1754
CVE-2024-41874,https://securityvulnerability.io/vulnerability/CVE-2024-41874,Adobe ColdFusion Vulnerability: Deserialization of Untrusted Data Could Lead to Arbitrary Code Execution,"ColdFusion is susceptible to a deserialization of untrusted data issue that allows for arbitrary code execution in the context of the current user. Attackers can exploit this flaw by submitting specially crafted inputs to applications, which, upon deserialization, execute the malicious code without requiring any user interaction. This vulnerability poses significant risks as it can compromise the integrity of applications running on affected ColdFusion versions.",Adobe,Coldfusion,9.8,CRITICAL,0.0010900000343099236,false,false,false,false,,false,false,2024-09-13T09:18:03.226Z,0
CVE-2024-45113,https://securityvulnerability.io/vulnerability/CVE-2024-45113,Adobe ColdFusion Vulnerability: Unauthorized Access Possible via Improper Authentication,"ColdFusion versions 2023.6, 2021.12, and earlier are vulnerable due to an improper authentication issue. This vulnerability allows attackers to exploit the application without requiring any user interaction, potentially leading to unauthorized access and privilege escalation. As a result, the integrity of the application may be compromised, making it critical for users to address this security concern promptly. Adobe has released an advisory detailing the impact and available mitigations.",Adobe,Coldfusion,7.5,HIGH,0.000539999979082495,false,false,false,false,,false,false,2024-09-13T09:18:02.435Z,0
CVE-2024-34112,https://securityvulnerability.io/vulnerability/CVE-2024-34112,Adobe ColdFusion Vulnerable to Improper Access Control,"Adobe ColdFusion versions 2023u7, 2021u13, and earlier are vulnerable to an Improper Access Control issue that enables attackers to perform arbitrary file system reads. This vulnerability allows unauthorized users to access sensitive files or confidential data without needing any user interaction. Organizations utilizing affected versions of ColdFusion should review the security implications and apply the necessary updates as outlined by Adobe to mitigate potential risks from this vulnerability.",Adobe,Coldfusion,7.5,HIGH,0.0005000000237487257,false,false,false,false,,false,false,2024-06-13T11:27:15.891Z,0
CVE-2024-34113,https://securityvulnerability.io/vulnerability/CVE-2024-34113,Weak Cryptography for Passwords Vulnerability Affects ColdFusion Versions,"ColdFusion versions 2023u7, 2021u13 and earlier are affected by a Weak Cryptography for Passwords vulnerability that could result in a security feature bypass. This vulnerability arises due to the use of insufficiently strong cryptographic algorithms or flawed implementation that compromises the confidentiality of password data. An attacker could exploit this weakness to decrypt or guess passwords, potentially gaining unauthorized access to protected resources. Exploitation of this issue does not require user interaction.",Adobe,Coldfusion,5.5,MEDIUM,0.00046999999904073775,false,false,false,false,,false,false,2024-06-13T11:27:15.139Z,0
CVE-2024-20767,https://securityvulnerability.io/vulnerability/CVE-2024-20767,Adobe ColdFusion Vulnerable to Improper Access Control,"An improper access control vulnerability in Adobe ColdFusion versions 2023.6, 2021.12, and earlier allows attackers to perform arbitrary file system reads. This security flaw can be exploited without requiring user interaction, provided the admin panel is exposed to the internet. Attackers leveraging this vulnerability can access or modify restricted files, posing a significant risk to data integrity and confidentiality.",Adobe,Coldfusion,7.4,HIGH,0.9657999873161316,true,true,true,true,true,true,false,2024-03-18T11:43:28.473Z,3978
CVE-2023-44353,https://securityvulnerability.io/vulnerability/CVE-2023-44353,ColdFusion WDDX Deserialization Gadgets,Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.,Adobe,Coldfusion,9.8,CRITICAL,0.012629999779164791,false,false,false,true,true,false,false,2023-11-17T14:15:00.000Z,0
CVE-2023-44352,https://securityvulnerability.io/vulnerability/CVE-2023-44352,Unauthenticate Reflected XSS on Adobe Coldfusion 2018 - 2021 - 2023 last version,"Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.",Adobe,Coldfusion,6.1,MEDIUM,0.0062699997797608376,false,false,false,false,,false,false,2023-11-17T14:15:00.000Z,0
CVE-2023-44350,https://securityvulnerability.io/vulnerability/CVE-2023-44350,ColdFusion | Deserialization of Untrusted Data (CWE-502),Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.,Adobe,Coldfusion,9.8,CRITICAL,0.0019199999514967203,false,false,false,false,,false,false,2023-11-17T14:15:00.000Z,0
CVE-2023-44355,https://securityvulnerability.io/vulnerability/CVE-2023-44355,ColdFusion | Improper Input Validation (CWE-20),Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to impact a minor integrity feature. Exploitation of this issue does require user interaction.,Adobe,Coldfusion,4.3,MEDIUM,0.0008699999889358878,false,false,false,false,,false,false,2023-11-17T14:15:00.000Z,0
CVE-2023-44351,https://securityvulnerability.io/vulnerability/CVE-2023-44351,Adobe ColdFusion RCE Security Vulnerability,Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.,Adobe,Coldfusion,9.8,CRITICAL,0.0019199999514967203,false,false,false,false,,false,false,2023-11-17T14:15:00.000Z,0
CVE-2023-26347,https://securityvulnerability.io/vulnerability/CVE-2023-26347,CVE-2023-38205 issues | ColdFusion Admin Panel Access,"Adobe ColdFusion versions 2023.5 and earlier, as well as 2021.11 and earlier, are susceptible to an improper access control vulnerability. This flaw allows unauthenticated attackers to bypass security features, gaining access to sensitive administration CFM and CFC endpoints without requiring user interaction. It is essential for users to apply necessary patches to mitigate potential security risks.",Adobe,Coldfusion,7.5,HIGH,0.00343999988399446,false,false,false,false,,false,false,2023-11-17T14:15:00.000Z,0
CVE-2023-38204,https://securityvulnerability.io/vulnerability/CVE-2023-38204,Bypass APSB23-41 (CVE-2023-38203) - Pre-Auth RCE ColdFusion 2021 Update 8,"Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.",Adobe,ColdFusion,9.8,CRITICAL,0.0019199999514967203,false,false,false,false,,false,false,2023-09-14T08:15:00.000Z,0
CVE-2023-38205,https://securityvulnerability.io/vulnerability/CVE-2023-38205,Adobe ColdFusion Vulnerable to Improper Access Control,"Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.",Adobe,Coldfusion,7.5,HIGH,0.22755999863147736,true,true,false,true,,false,false,2023-09-14T08:15:00.000Z,0
CVE-2023-38206,https://securityvulnerability.io/vulnerability/CVE-2023-38206,ColdFusion | Improper Access Control (CWE-284),"Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints resulting in a low-confidentiality impact. Exploitation of this issue does not require user interaction.",Adobe,Coldfusion,5.3,MEDIUM,0.000590000010561198,false,false,false,false,,false,false,2023-09-14T08:15:00.000Z,0
CVE-2021-40699,https://securityvulnerability.io/vulnerability/CVE-2021-40699,ColdFusion CFIDE Improper Access Control Leads To Privilege Escalation,"ColdFusion versions 2021 (update 1 and earlier) and 2018 (version 10 and earlier) are susceptible to an improper access control vulnerability within the CFIDE path. This flaw allows an authenticated attacker to execute unauthorized actions, potentially leading to the access and manipulation of sensitive data within the server environment. This vulnerability highlights the importance of validating permission checks to safeguard against unauthorized data exposure.",Adobe,Coldfusion,7.4,HIGH,0.0006900000153109431,false,false,false,false,,false,false,2023-09-07T12:54:41.029Z,0
CVE-2021-40698,https://securityvulnerability.io/vulnerability/CVE-2021-40698,ColdFusion Use of Inherently Dangerous Function Leads To Security feature bypass  ,"Adobe ColdFusion versions 2021 up to update 1 and 2018.10 and earlier are susceptible to a vulnerability related to the use of inherently dangerous functions. This flaw allows an authenticated attacker to bypass security features, potentially gaining access to and manipulating arbitrary data within the system. Organizations using affected versions are urged to review their security measures and apply necessary updates to safeguard their environments.",Adobe,Coldfusion,7.4,HIGH,0.0006900000153109431,false,false,false,false,,false,false,2023-09-07T12:54:33.320Z,0
CVE-2023-38203,https://securityvulnerability.io/vulnerability/CVE-2023-38203,Adobe ColdFusion Vulnerability Could Lead to Arbitrary Code Execution,"Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.",Adobe,ColdFusion,9.8,CRITICAL,0.3255299925804138,true,true,true,true,,false,false,2023-07-20T16:15:00.000Z,0
CVE-2023-29300,https://securityvulnerability.io/vulnerability/CVE-2023-29300,Adobe ColdFusion Vulnerability Could Lead to Arbitrary Code Execution,"Adobe ColdFusion is significantly impacted by a vulnerability that arises from the deserialization of untrusted data. This issue allows for the potential execution of arbitrary code by an attacker, posing serious risks to system integrity and security. Notably, exploitation does not require any user interaction, thereby amplifying the threat potential. Affected versions include ColdFusion 2018u16 and earlier, 2021u6 and earlier, and 2023.0.0.330468 and earlier. Organizations using these versions are urged to evaluate their security posture and apply necessary updates to mitigate risks.",Adobe,ColdFusion,9.8,CRITICAL,0.3980199992656708,true,true,true,true,,false,false,2023-07-12T16:15:00.000Z,170
CVE-2023-29301,https://securityvulnerability.io/vulnerability/CVE-2023-29301,Adobe ColdFusion Improper Restriction of Excessive Authentication Attempts Security feature bypass,"Adobe ColdFusion is impacted by a vulnerability that allows improper restriction of excessive authentication attempts. This flaw enables attackers to bypass security features, potentially compromising user confidentiality. The vulnerability exists in specific versions of ColdFusion released prior to specific updates, making it a significant concern for users who have not updated their systems. Notably, exploitation of this vulnerability does not necessitate user interaction, increasing the risk of automated attacks.",Adobe,ColdFusion,7.5,HIGH,0.000590000010561198,false,false,false,false,,false,false,2023-07-12T16:15:00.000Z,0
CVE-2023-29298,https://securityvulnerability.io/vulnerability/CVE-2023-29298,Adobe ColdFusion Improper Access Control Security feature bypass,"An improper access control vulnerability in Adobe ColdFusion allows an attacker to bypass security features, potentially granting unauthorized access to sensitive administration endpoints, including CFM and CFC. This vulnerability affects specific versions of Adobe ColdFusion and could be exploited without user interaction, making it critical for organizations using these versions to apply the recommended security measures as outlined in Adobe's security advisory.",Adobe,ColdFusion,7.5,HIGH,0.9717299938201904,true,true,false,true,,false,false,2023-07-12T16:15:00.000Z,0
CVE-2023-26361,https://securityvulnerability.io/vulnerability/CVE-2023-26361,Adobe ColdFusion Directory Traversal Arbitrary file system read Vulnerability,"Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in Arbitrary file system read. Exploitation of this issue does not require user interaction, but does require administrator privileges.",Adobe,ColdFusion,4.9,MEDIUM,0.0008399999933317304,false,false,false,false,,false,false,2023-03-23T00:00:00.000Z,0
CVE-2023-26359,https://securityvulnerability.io/vulnerability/CVE-2023-26359,Adobe ColdFusion Deserialization of Untrusted Data Arbitrary code execution,"Adobe ColdFusion versions 2018 Update 15 and earlier, along with 2021 Update 5 and earlier, are susceptible to a deserialization vulnerability, enabling unauthorized execution of arbitrary code within the context of the current user. This issue can be exploited without requiring any user interaction, posing a significant risk to systems using these versions. It is crucial for administrators and security professionals to address this vulnerability to prevent potential breaches.",Adobe,ColdFusion,9.8,CRITICAL,0.13003000617027283,true,true,false,true,,false,false,2023-03-23T00:00:00.000Z,0
CVE-2023-26360,https://securityvulnerability.io/vulnerability/CVE-2023-26360,Adobe ColdFusion Vulnerability Could Lead to Arbitrary Code Execution,"CVE-2023-26360 is a critical vulnerability affecting Adobe ColdFusion 2018 Update 15 and earlier, as well as ColdFusion 2021 Update 5 and earlier. This improper access control vulnerability can be exploited remotely by unauthenticated attackers to achieve arbitrary code execution without user interaction. The flaw has been exploited in the wild in a limited number of attacks. Adobe has released security updates for ColdFusion 2018 and ColdFusion 2021 to address this vulnerability. CISA has issued an urgent warning, requiring U.S. Federal Civilian Executive Branch agencies to secure their systems against potential attacks exploiting CVE-2023-26360 by April 5, 2023. It is advised for all organizations to apply the security updates to mitigate the risk and apply the necessary security configuration settings as outlined in the ColdFusion 2018 and ColdFusion 2021 lockdown guides.",Adobe,ColdFusion,8.6,HIGH,0.4984399974346161,true,true,true,true,true,false,false,2023-03-23T00:00:00.000Z,0
CVE-2022-38423,https://securityvulnerability.io/vulnerability/CVE-2022-38423,Adobe ColdFusion Application Server Directory Traversal Information Disclosure Vulnerability,"Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in information disclosure. Exploitation of this issue does not require user interaction, but does require administrator privileges.",Adobe,Coldfusion,4.9,MEDIUM,0.0018599999602884054,false,false,false,false,,false,false,2022-10-14T20:15:00.000Z,0