In Lucee Admin, there is a Remote Code Execution vulnerability.
Lucee Server is a dynamic, Java based (JSR-223), tag and scripting language used for rapid web application development. In Lucee Admin before versions 184.108.40.206, 220.127.116.11 or 18.104.22.168 there is an unauthenticated remote code exploit. This is fixed in versions 22.214.171.124, 126.96.36.199 or 188.8.131.52. As a workaround, one can block access to the Lucee Administrator.