3 matches found
CVE-2026-48281 ColdFusion | Improper Input Validation (CWE-20)
ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...
CVE-2026-48307
CVE-2026-48307 affects ColdFusion versions 2025.9, 2023.20 and earlier and is a reflected Cross-Site Scripting vulnerability (CWE-79). An attacker can inject malicious scripts into a web page, potentially leading to arbitrary code execution in the context of the current user. Exploitation require...
PT-2026-53903
Name of the Vulnerable Software and Affected Versions Adobe ColdFusion versions prior to 2025 Update 10 Adobe ColdFusion versions prior to 2023 Update 21 Description Adobe ColdFusion is affected by a path traversal issue due to improper limitation of a pathname to a restricted directory. This fla...