34 matches found
CVE-2026-27305
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outsi...
EUVD-2026-22738
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. A high-privileged attacker could exploit this vulnerability and exhaust system resources, reducing application speed. Exploitation o...
EUVD-2026-22762
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access unauthorized files or directories...
EUVD-2026-22730
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction...
EUVD-2026-22732
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outsi...
CVE-2026-27308
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. A high-privileged attacker could exploit this vulnerability and exhaust system resources, reducing application speed. Exploitation o...
CVE-2026-27306
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Attacker requires elevated privileges. Exploitation of this issue requires user interaction in that a victim...
CVE-2026-27304
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction...
CVE-2026-27307
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. A high-privileged attacker could exploit this vulnerability and exhaust system resources, reducing application speed. Exploitation o...
CVE-2026-34619
The CVE-2026-34619 entry affects ColdFusion versions 2023.18, 2025.6 and earlier. It describes an Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability that could allow an attacker to access unauthorized files or directories outside intended restrictions. Expl...
CVE-2026-34619 ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access unauthorized files or directories...
CVE-2026-27308
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. A high-privileged attacker could exploit this vulnerability and exhaust system resources, reducing application speed. Exploitation o...
CVE-2026-27308
CVE-2026-27308 affects ColdFusion 2023.18, 2025.6 and earlier. It describes an Uncontrolled Resource Consumption vulnerability that canCause application denial-of-service by exhausting system resources. An attacker with high privileges, located adjacent to the target, can exploit this without use...
CVE-2026-27308 ColdFusion | Uncontrolled Resource Consumption (CWE-400)
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. A high-privileged attacker could exploit this vulnerability and exhaust system resources, reducing application speed. Exploitation o...
CVE-2026-27282
CVE-2026-27282 affects ColdFusion versions 2023.18, 2025.6 and earlier. The issue is an Improper Input Validation vulnerability that can bypass security features, potentially allowing unauthorized access. Exploitation requires user interaction. The CVSS details indicate a high impact on integrity...
CVE-2026-27305 ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outsi...
CVE-2026-27282 ColdFusion | Improper Input Validation (CWE-20)
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue requires us...
CVE-2026-27282 ColdFusion | Improper Input Validation (CWE-20)
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue requires us...
CVE-2026-27305
Affected product: ColdFusion 2023.18, 2025.6 and earlier. Issue: Improper limitation of a pathname to a restricted directory (path traversal) that could lead to arbitrary file system read. Exploitation does not require user interaction. Impact: confidentiality of data could be exposed (High). Ini...
CVE-2026-27304 ColdFusion | Improper Input Validation (CWE-20)
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction...