|
971
|
4.3 |
MEDIUM
Network
|
-
|
-
|
In Splunk SOAR (Security Orchestration, Automation, and Response) versions below 8.5.0, an unauthenticated attacker could inject American National Standards Institute (ANSI) escape codes into SOAR ap…
|
CWE-117
Improper Output Neutralization for Logs
|
CVE-2026-20260
|
2026-06-11 03:36 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
972
|
5.7 |
MEDIUM
Network
|
-
|
-
|
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that…
|
CWE-20
Improper Input Validation
|
CVE-2026-20257
|
2026-06-11 03:36 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
973
|
9.6 |
CRITICAL
Adjacent
|
-
|
-
|
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitati…
|
CWE-20
Improper Input Validation
|
CVE-2026-47928
|
2026-06-11 03:35 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
974
|
8.4 |
HIGH
Adjacent
|
-
|
-
|
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. A high-privi…
|
CWE-863
Incorrect Authorization
|
CVE-2026-47929
|
2026-06-11 03:35 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
975
|
8.1 |
HIGH
Network
|
-
|
-
|
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage thi…
|
CWE-20
Improper Input Validation
|
CVE-2026-47930
|
2026-06-11 03:35 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
976
|
8.4 |
HIGH
Adjacent
|
-
|
-
|
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitati…
|
CWE-20
Improper Input Validation
|
CVE-2026-47931
|
2026-06-11 03:35 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
977
|
8.8 |
HIGH
Adjacent
|
-
|
-
|
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a Security feature…
|
CWE-22
Path Traversal
|
CVE-2026-47932
|
2026-06-11 03:35 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
978
|
4.8 |
MEDIUM
Adjacent
|
-
|
-
|
ColdFusion versions 2023.19, 2025.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vu…
|
CWE-79
Cross-site Scripting
|
CVE-2026-47933
|
2026-06-11 03:35 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
979
|
10.0 |
CRITICAL
Network
|
-
|
-
|
Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in privilege escalation. Exploitation of this i…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-47938
|
2026-06-11 03:35 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
980
|
7.4 |
HIGH
Network
|
-
|
-
|
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attack…
|
CWE-611
XXE
|
CVE-2026-47960
|
2026-06-11 03:35 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
