CVE-2025-43566 - ColdFusion versions 2025.1, 2023.13, 2021.19 and e
CVE ID : CVE-2025-43566
Published : May 13, 2025, 9:16 p.m. | 2 hours, 7 minutes ago
Description : ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. A high-privileged attacker could leverage this vulnerability to bypass security protections and gain unauthorized read access. Exploitation of this issue does not require user interaction and scope is changed.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43566
Published : May 13, 2025, 9:16 p.m. | 2 hours, 7 minutes ago
Description : ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. A high-privileged attacker could leverage this vulnerability to bypass security protections and gain unauthorized read access. Exploitation of this issue does not require user interaction and scope is changed.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43567 - Adobe Connect Reflected Cross-Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-43567
Published : May 13, 2025, 9:16 p.m. | 2 hours, 7 minutes ago
Description : Adobe Connect versions 12.8 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43567
Published : May 13, 2025, 9:16 p.m. | 2 hours, 7 minutes ago
Description : Adobe Connect versions 12.8 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43568 - Substance3D Use After Free Vulnerability
CVE ID : CVE-2025-43568
Published : May 13, 2025, 9:16 p.m. | 2 hours, 7 minutes ago
Description : Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43568
Published : May 13, 2025, 9:16 p.m. | 2 hours, 7 minutes ago
Description : Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43569 - Substance3D Stager Out-of-Bounds Write Vulnerability
CVE ID : CVE-2025-43569
Published : May 13, 2025, 9:16 p.m. | 2 hours, 7 minutes ago
Description : Substance3D - Stager versions 3.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43569
Published : May 13, 2025, 9:16 p.m. | 2 hours, 7 minutes ago
Description : Substance3D - Stager versions 3.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43570 - Substance3D Use After Free Vulnerability
CVE ID : CVE-2025-43570
Published : May 13, 2025, 9:16 p.m. | 2 hours, 7 minutes ago
Description : Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43570
Published : May 13, 2025, 9:16 p.m. | 2 hours, 7 minutes ago
Description : Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43571 - Substance3D Use After Free Vulnerability
CVE ID : CVE-2025-43571
Published : May 13, 2025, 9:16 p.m. | 2 hours, 7 minutes ago
Description : Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43571
Published : May 13, 2025, 9:16 p.m. | 2 hours, 7 minutes ago
Description : Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43572 - Dimension File Handler Arbitrary Code Execution
CVE ID : CVE-2025-43572
Published : May 13, 2025, 9:16 p.m. | 2 hours, 7 minutes ago
Description : Dimension versions 4.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43572
Published : May 13, 2025, 9:16 p.m. | 2 hours, 7 minutes ago
Description : Dimension versions 4.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4668 - Apache HTTP Server Deserialization Vulnerability
CVE ID : CVE-2025-4668
Published : May 13, 2025, 9:16 p.m. | 2 hours, 7 minutes ago
Description : Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4668
Published : May 13, 2025, 9:16 p.m. | 2 hours, 7 minutes ago
Description : Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-26646 - Microsoft .NET Path Traversal Spoofing
CVE ID : CVE-2025-26646
Published : May 13, 2025, 10:15 p.m. | 1 hour, 8 minutes ago
Description : External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-26646
Published : May 13, 2025, 10:15 p.m. | 1 hour, 8 minutes ago
Description : External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47905 - Varnish Cache HTTP/1 Chunk Boundary CRLF Injection
CVE ID : CVE-2025-47905
Published : May 13, 2025, 10:15 p.m. | 1 hour, 8 minutes ago
Description : Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47905
Published : May 13, 2025, 10:15 p.m. | 1 hour, 8 minutes ago
Description : Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4574 - Crossbeam-channel Rust Crate Double-Free Error
CVE ID : CVE-2025-4574
Published : May 13, 2025, 10:15 p.m. | 1 hour, 8 minutes ago
Description : In crossbeam-channel rust crate, the internal `Channel` type's `Drop` method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4574
Published : May 13, 2025, 10:15 p.m. | 1 hour, 8 minutes ago
Description : In crossbeam-channel rust crate, the internal `Channel` type's `Drop` method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3623 - WordPress Uncanny Automator PHP Object Injection Vulnerability
CVE ID : CVE-2025-3623
Published : May 14, 2025, 3:15 a.m. | 2 hours, 8 minutes ago
Description : The Uncanny Automator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.4.0.1 via deserialization of untrusted input in the automator_api_decode_message() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3623
Published : May 14, 2025, 3:15 a.m. | 2 hours, 8 minutes ago
Description : The Uncanny Automator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.4.0.1 via deserialization of untrusted input in the automator_api_decode_message() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4520 - Uncanny Automator WordPress Unauthorized Data Modification Vulnerability
CVE ID : CVE-2025-4520
Published : May 14, 2025, 3:15 a.m. | 2 hours, 8 minutes ago
Description : The Uncanny Automator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 6.4.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update plugin settings.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4520
Published : May 14, 2025, 3:15 a.m. | 2 hours, 8 minutes ago
Description : The Uncanny Automator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 6.4.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update plugin settings.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47891 - Apache Struts Command Injection
CVE ID : CVE-2025-47891
Published : May 14, 2025, 4:16 a.m. | 1 hour, 7 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47891
Published : May 14, 2025, 4:16 a.m. | 1 hour, 7 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47892 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-47892
Published : May 14, 2025, 4:16 a.m. | 1 hour, 7 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47892
Published : May 14, 2025, 4:16 a.m. | 1 hour, 7 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47893 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-47893
Published : May 14, 2025, 4:16 a.m. | 1 hour, 7 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47893
Published : May 14, 2025, 4:16 a.m. | 1 hour, 7 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47894 - Apache HTTP Server CSRF
CVE ID : CVE-2025-47894
Published : May 14, 2025, 4:16 a.m. | 1 hour, 7 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47894
Published : May 14, 2025, 4:16 a.m. | 1 hour, 7 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47895 - Apache HTTP Server Authentication Bypass
CVE ID : CVE-2025-47895
Published : May 14, 2025, 4:16 a.m. | 1 hour, 7 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47895
Published : May 14, 2025, 4:16 a.m. | 1 hour, 7 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47896 - VMware Remote Code Execution
CVE ID : CVE-2025-47896
Published : May 14, 2025, 4:16 a.m. | 1 hour, 7 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47896
Published : May 14, 2025, 4:16 a.m. | 1 hour, 7 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47897 - Apache HTTP Server Remote Code Execution
CVE ID : CVE-2025-47897
Published : May 14, 2025, 4:16 a.m. | 1 hour, 7 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47897
Published : May 14, 2025, 4:16 a.m. | 1 hour, 7 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47898 - Apache HTTP Server Authentication Bypass
CVE ID : CVE-2025-47898
Published : May 14, 2025, 4:16 a.m. | 1 hour, 7 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47898
Published : May 14, 2025, 4:16 a.m. | 1 hour, 7 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...