3.7
CVE-2025-67500 - Mastodon Error Handling Discrepancy Enables Private Status Existence Enumeration
Mastodon is a free, open-source social network server based on ActivityPub. Versions 4.2.27 and prior, 4.3.0-beta.1 through 4.3.14, 4.4.0-beta.1 through 4.4.9, 4.5.0-beta.1 through 4.5.2 have discrepancies in error handling which allow checking whether a given status exists by sending a request witβ¦
9.1
CVE-2025-61808 - ColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434)
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could lead to arbitrary code execution by a high priviledged attacker. Exploitation of this issue does not require user interaction and scope is changed.
8.2
CVE-2025-61813 - ColdFusion | Improper Restriction of XML External Entity Reference ('XXE') (CWE-611)
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files on the server. Exploitation oβ¦
8.4
CVE-2025-61812 - ColdFusion | Improper Input Validation (CWE-20)
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could allow a high privileged attacker to gain arbitrary code execution. Exploitation of this issue does not require user interaction.
6.8
CVE-2025-61821 - ColdFusion | Improper Restriction of XML External Entity Reference ('XXE') (CWE-611)
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and data on the server. Exploβ¦
4.3
CVE-2025-64898 - ColdFusion | Insufficiently Protected Credentials (CWE-522)
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could result in limited unauthorized write access. An attacker could leverage this vulnerability to gain unauthorized access by exploiting improperly stored or transmiβ¦
8.4
CVE-2025-61810 - ColdFusion | Deserialization of Untrusted Data (CWE-502)
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. A high privileged attacker could exploit this vulnerability by providing maliciously crafted sβ¦
9.1
CVE-2025-61809 - ColdFusion | Improper Input Validation (CWE-20)
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access. Exploitation of β¦
6.2
CVE-2025-61822 - ColdFusion | Improper Input Validation (CWE-20)
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could exploit this vulnerability to write malicious files to arbitrary locations on the file system. Exploitation of this iβ¦
5.6
CVE-2025-64897 - ColdFusion | Improper Access Control (CWE-284)
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Access Control vulnerability. A low privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized write access potentially resulting in denial of service. Exploitatβ¦