5 matches found
EUVD-2026-22730
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction...
CVE-2026-27308
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. A high-privileged attacker could exploit this vulnerability and exhaust system resources, reducing application speed. Exploitation o...
CVE-2026-34619 ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access unauthorized files or directories...
CVE-2026-27305
Affected product: ColdFusion 2023.18, 2025.6 and earlier. Issue: Improper limitation of a pathname to a restricted directory (path traversal) that could lead to arbitrary file system read. Exploitation does not require user interaction. Impact: confidentiality of data could be exposed (High). Ini...
CVE-2026-27307
CVE-2026-27307 affects Adobe ColdFusion 2023.18, 2025.6 and earlier, with an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. The issue can be exploited by a high-privilege attacker without user interaction and has a low CVSS base score per the pro...