Adobe Warns of Zero-Day Exploits in ColdFusion
March 14, 2023
Adobe has issued an urgent warning about "very limited attacks" exploiting a zero-day vulnerability in its Adobe ColdFusion web app development platform. The company said that CVE-2023-26360 has been exploited in-the-wild in very limited attacks targeting Adobe ColdFusion. According to Adobe's PSIRT, the patches cover software defects that “could lead to arbitrary code execution, arbitrary file system read and memory leak.”
The ColdFusion update also features a second critical bug (CVSS 9.8) that could lead to code execution attacks. In addition, Adobe released patches for a whopping 106 vulnerabilities in a wide range of products, some serious enough to expose both Windows and macOS users to remote code execution attacks.
"Adobe is aware that CVE-2023-26360 has been exploited in-the-wild in very limited attacks targeting Adobe ColdFusion," said Adobe. "The patches cover software defects that could lead to arbitrary code execution, arbitrary file system read and memory leak."
- Fortinet Patches High-Severity FortiOS Bug Used in Zero-Day Attacks
- BlackLotus Secure Boot Bypass Malware Set to Ramp Up
- Unpatched Zero-Day Bugs in Akuvox E11 Smart Intercom Allow Eavesdropping
- CISA Warns of Critical VMware RCE Flaw Exploited in Attacks
- Cisco Patches High-Severity DoS Vulnerability in Enterprise Routers
Like what you see?
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.