CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.16)
A Path Traversal vulnerability in ColdFusion versions 2025.9, 2023.20 and earlier allows bypassing path restrictions. An attacker can gain limited read and write access to unauthorized files or directories outside intended restrictions. Exploitation does not require user interaction.
A Path Traversal vulnerability in ColdFusion versions 2025.9, 2023.20 and earlier allows unauthorized file system read and limited write access outside the intended directory. An attacker can exploit this without user interaction, gaining access to sensitive files.
Reflected XSS vulnerability in ColdFusion versions 2025.9, 2023.20 and earlier. An attacker can inject malicious scripts into a web page, potentially leading to arbitrary code execution in the context of the current user. User interaction (clicking a malicious link) is required.
Adobe Campaign Classic (ACC) versions 7.4.3 build 9396 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation does not require user interaction and the scope is changed.
An SSRF vulnerability in ColdFusion allows bypassing security measures and unauthorized read access. Exploitation requires no user interaction and the scope is changed.
A vulnerability in ColdFusion allows unrestricted upload of files with dangerous types, potentially leading to arbitrary code execution in the context of the current user. Exploitation does not require user interaction, and the scope is changed.
A Path Traversal vulnerability in ColdFusion versions 2025.9, 2023.20 and earlier allows a remote attacker to execute arbitrary code in the context of the current user without requiring user interaction. The issue stems from improper limitation of a pathname to a restricted directory.
ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
A vulnerability in ColdFusion versions 2025.9, 2023.20 and earlier is caused by improper input validation, potentially leading to remote arbitrary code execution in the context of the current user. Exploitation requires no user interaction and the scope is changed.
A vulnerability in ColdFusion allows unrestricted upload of files with dangerous types, potentially leading to arbitrary code execution in the context of the current user. Exploitation requires no user interaction and the scope is changed.
A path traversal vulnerability in the ImageScan subsystem of Rancher Fleet affects versions 0.12.0 to 0.12.16, 0.13.0 to 0.13.12, 0.14.0 to 0.14.7, and 0.15.0 to 0.15.3, allowing an attacker to traverse outside the intended directory and cause a denial of service.
A vulnerability in PostgreSQL Anonymizer allows unprivileged masked users to repeatedly call the anon.hash() function and collect (seed, hash_output) pairs to perform an offline brute-force attack and deduce the salt.
The Tarfile.extract() function does not properly pass the filter parameter when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract() function.
A vulnerability in Mendix Studio Pro arises from improper validation and sanitization of project files processed during the build pipeline. An attacker can trick a user into opening and running a specially crafted malicious project, leading to arbitrary code execution in the context of that user.
A vulnerability in Rancher FleetWorkspace allows an unauthenticated attacker with network access to the in-cluster rancher-webhook service to create workspace-related Kubernetes objects with attacker-chosen identity data. Affected versions are 0.7.0 to 0.7.10, 0.8.0 to 0.8.7, 0.9.0 to 0.9.6, and 0.10.0 to 0.10.7.
A missing clean-up in the legacy Project Role Template Binding (PRTB) reconciler in Rancher versions 2.13.0 up to 2.13.7 and 2.14.0 up to 2.14.3 allowed users to retain unauthorized Pod Security Admission (PSA) permissions after an administrator removes those permissions from a RoleTemplate.
In Coolify prior to version 4.0.0-beta.464, an authenticated command injection vulnerability in the CA Certificate management feature allows any authenticated user to execute arbitrary commands as the configured SSH user on the managed server host.
Coolify prior to version 4.0.0-beta.464 has a vulnerability in the `GET /api/v1/servers/{server_uuid}/domains?uuid={app_uuid}` endpoint that bypasses team scoping when the optional `uuid` parameter is provided. Any authenticated API user can enumerate domain names (FQDNs) of applications belonging to other teams.
Coolify prior to version 4.0.0-beta.464 has a vulnerability in the executeInDocker() helper that wraps commands in bash -c without escaping single quotes. The docker_compose_custom_build_command and docker_compose_custom_start_command fields are interpolated directly, allowing an attacker to break out of the bash -c argument and execute arbitrary commands on the managed server host.
Coolify prior to version 4.0.0-beta.464 has a vulnerability in the GET /api/v1/deployments/{uuid} endpoint that allows any authenticated user to access deployment details of any team, bypassing team-based authorization. The issue stems from the $teamId extracted from the authentication token not being used to scope the database query.

