CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12556 – Kibana Prototype Pollution can lead to code injection
https://notcve.org/view.php?id=CVE-2024-12556
08 Apr 2025 — Prototype Pollution in Kibana can lead to code injection via unrestricted file upload combined with path traversal. • https://discuss.elastic.co/t/kibana-8-16-4-and-8-17-2-security-update-esa-2025-02/376918 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30287 – ColdFusion | Improper Authentication (CWE-287)
https://notcve.org/view.php?id=CVE-2025-30287
08 Apr 2025 — ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in arbitrary code execution in the context of the current user. ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in arbitrary code execution in the context of the current user. A low privileged attacker with local access could leverage this vulnerability ... • https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html • CWE-287: Improper Authentication •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30282 – ColdFusion | Improper Authentication (CWE-287)
https://notcve.org/view.php?id=CVE-2025-30282
08 Apr 2025 — ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in arbitrary code execution in the context of the current user. ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass authent... • https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html • CWE-287: Improper Authentication •
CVSS: 8.4EPSS: 3%CPEs: 1EXPL: 0CVE-2025-30284 – ColdFusion | Deserialization of Untrusted Data (CWE-502)
https://notcve.org/view.php?id=CVE-2025-30284
08 Apr 2025 — ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability... • https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30289 – ColdFusion | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
https://notcve.org/view.php?id=CVE-2025-30289
08 Apr 2025 — ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by a... • https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30288 – ColdFusion | Improper Access Control (CWE-284)
https://notcve.org/view.php?id=CVE-2025-30288
08 Apr 2025 — A low privileged attacker with local access could leverage this vulnerability to bypass security protections and execute code. Exploitation of this issue requires user interaction in that a victim must be coerced into performing actions within the application and scope is changed. • https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html • CWE-284: Improper Access Control •
CVSS: 9.1EPSS: 1%CPEs: 1EXPL: 0CVE-2025-24446 – ColdFusion | Improper Input Validation (CWE-20)
https://notcve.org/view.php?id=CVE-2025-24446
08 Apr 2025 — ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution. ... ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html • CWE-20: Improper Input Validation •
CVSS: 9.4EPSS: 3%CPEs: 1EXPL: 0CVE-2025-24447 – ColdFusion | Deserialization of Untrusted Data (CWE-502)
https://notcve.org/view.php?id=CVE-2025-24447
08 Apr 2025 — ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. ... ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.4EPSS: 4%CPEs: 1EXPL: 0CVE-2025-30285 – ColdFusion | Deserialization of Untrusted Data (CWE-502)
https://notcve.org/view.php?id=CVE-2025-30285
08 Apr 2025 — ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability... • https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30286 – ColdFusion | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
https://notcve.org/view.php?id=CVE-2025-30286
08 Apr 2025 — ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by a... • https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •