|
41
|
2.4 |
LOW
Adjacent
|
-
|
-
|
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. A high-privileged attacker could e…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-27307
|
2026-04-15 07:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
42
|
8.4 |
HIGH
Adjacent
|
-
|
-
|
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Attacker r…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-27306
|
2026-04-15 07:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
43
|
8.6 |
HIGH
Network
|
-
|
-
|
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file syste…
New
|
CWE-22
Path Traversal
|
CVE-2026-27305
|
2026-04-15 07:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
44
|
9.3 |
CRITICAL
Adjacent
|
-
|
-
|
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitati…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-27304
|
2026-04-15 07:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
45
|
7.5 |
HIGH
Network
|
-
|
-
|
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerabilit…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-27282
|
2026-04-15 07:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
46
|
5.4 |
MEDIUM
Network
|
docmost
|
docmost
|
Docmost is open-source collaborative wiki and documentation software. From 0.20.0 and before 0.25.0, the public share page functionality in Docmost does not properly HTML-escape page titles before in…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-24045
|
2026-04-15 07:16 |
2026-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
47
|
5.4 |
MEDIUM
Network
|
docmost
|
docmost
|
Docmost es un software de wiki y documentación colaborativo de código abierto. Desde g y antes de 0.25.0, la funcionalidad de página compartida pública en Docmost no escapa correctamente los títulos …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-24045
|
2026-04-15 07:16 |
2026-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
48
|
7.8 |
HIGH
Local
|
-
|
-
|
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragm…
Update
|
CWE-416
Use After Free
|
CVE-2025-7425
|
2026-04-15 07:16 |
2025-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
49
|
7.8 |
HIGH
Local
|
-
|
-
|
Se encontró una falla en libxslt donde los atributos type, atype y flags se modifican de forma que corrompe la gestión de memoria interna. Cuando las funciones XSLT, como el proceso key(), generan fr…
Update
|
CWE-416
Use After Free
|
CVE-2025-7425
|
2026-04-15 07:16 |
2025-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
50
|
7.5 |
HIGH
Network
|
xmlsoft
redhat
|
libxslt
openshift_container_platform
enterprise_linux
|
A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allow…
Update
|
CWE-843
Type Confusion
|
CVE-2025-7424
|
2026-04-15 07:16 |
2025-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
