Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.

Threat Intelligence Database

Comprehensive database of the latest cyber threats affecting organizations worldwide. Filter and search to find specific threat intelligence relevant to your organization.

Pro Console Lifetime

Stop chasing alerts. Route them.

Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.

Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)

View Plans & Pricing

API access activates after upgrading in Console -> Billing.

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

Filter Threats

Narrow down the results by type, severity, or affected countries

Search threats by title, CVE ID, or description. Maximum 100 characters.

Threat Intelligence

Click on any threat for detailed analysis and mitigation recommendations

CVE-2026-48315: Improper Input Validation (CWE-20) in Adobe ColdFusionCVE-2026-48315
0

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.

Join the discussion
CVE-2026-48314: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22) in Adobe ColdFusionCVE-2026-48314
0

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain limited read and write access to unauthorized files or directories outside the intended restrictions. Exploitation of this issue does not require user interaction.

Join the discussion
CVE-2026-48313: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22) in Adobe ColdFusionCVE-2026-48313
0

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read and limited write access. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue does not require user interaction. Scope is changed.

Join the discussion
CVE-2026-48307: Cross-site Scripting (Reflected XSS) (CWE-79) in Adobe ColdFusionCVE-2026-48307
0

ColdFusion versions 2025.9, 2023.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially resulting in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious link. Scope is changed.

Join the discussion
CVE-2026-48283: Unrestricted Upload of File with Dangerous Type (CWE-434) in Adobe ColdFusionCVE-2026-48283
0

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.

Join the discussion
CVE-2026-47960: Improper Restriction of XML External Entity Reference ('XXE') (CWE-611) in Adobe ColdFusionCVE-2026-47960
0

Adobe ColdFusion versions 2023.0.0 through 2023.19 and 2025.0.0 through 2025.8 are affected by an XML External Entity (XXE) vulnerability (CWE-611). This vulnerability allows an attacker to read arbitrary files on the system by exploiting improper restriction of XML external entity references. Exploitation requires user interaction, specifically that a victim opens a malicious file. The vulnerability impacts confidentiality but does not affect integrity or availability.

Join the discussion
CVE-2026-47933: Cross-site Scripting (Stored XSS) (CWE-79) in Adobe ColdFusionCVE-2026-47933
0

Adobe ColdFusion versions 2023.0.0 through 2023.19 and 2025.0.0 through 2025.8 are affected by a stored Cross-Site Scripting (XSS) vulnerability. This flaw allows a low-privileged attacker to inject malicious scripts into vulnerable form fields, which execute in the browsers of users who visit the affected pages. The vulnerability changes the security scope and can lead to limited confidentiality and integrity impacts. No official patch or remediation guidance is currently provided by the vendor.

Join the discussion
CVE-2026-47932: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22) in Adobe ColdFusionCVE-2026-47932
0

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access unauthorized files or directories outside the intended restrictions. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.

Join the discussion
CVE-2026-47929: Incorrect Authorization (CWE-863) in Adobe ColdFusionCVE-2026-47929
0

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could exploit this vulnerability to gain elevated access or control over the victim's account or session. Exploitation of this issue does not require user interaction. Scope is changed.

Join the discussion

Showing 1 to 9 of 9 results

Page 1 of 1
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses