High CVE-2026-47960 ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories...

#Sicherheitslücke

Original-Artikel öffnen Zurück zur Übersicht

ARTICLEVIEW

[High] CVE-2026-47960 – ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Rest...

VERWANDTEARTIKEL

CVE-2026-53673 - BuddyPress 14.4.0 Private Message IDOR via REST API user_id Parameter

CVE-2026-45782 - Cloud Hypervisor: Use-after-free in virtio-block Async I/O Completion

CVE-2026-46491 - SimpleSAMLphp casserver FileSystemTicketStore path traversal allows out-of-ticket-directory read/unserialize and conditional deletion

CVE-2026-41729 - Spring Data REST SpEL Injection via Map Key in JSON Patch

CVE-2026-41732 - In Spring for Apache Pulsar, overly broad trusted-package matching in header mapper exposes JDK classes to deserialization

CVE-2026-41717 - Spring Data MongoDB - SpEL Expression Injection via Annotated Query Parameter Binding