Lucene search
K

2759 matches found

CVE
CVE
added 2026/06/30 3:11 p.m.18 views

CVE-2026-48307

CVE-2026-48307 affects ColdFusion versions 2025.9, 2023.20 and earlier and is a reflected Cross-Site Scripting vulnerability (CWE-79). An attacker can inject malicious scripts into a web page, potentially leading to arbitrary code execution in the context of the current user. Exploitation require...

8.8CVSS6.4AI score0.00314EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/30 3:11 p.m.15 views

CVE-2026-48314

CVE-2026-48314 affects ColdFusion versions 2025.9, 2023.20 and earlier. The issue is an Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) that could bypass security features, allowing an attacker to gain limited read and write access to files or directories outside the ...

6.5CVSS5.8AI score0.00333EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/30 3:11 p.m.40 views

CVE-2026-48276 ColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS0.00917EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 3:11 p.m.29 views

CVE-2026-48276

CVE-2026-48276 affects ColdFusion versions 2025.9, 2023.20 and earlier. The issue is an Unrestricted Upload of File with Dangerous Type (CWE-434) that could lead to arbitrary code execution in the context of the current user. Exploitation does not require user interaction. The vulnerability scope...

10CVSS6.4AI score0.00917EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/30 3:11 p.m.10 views

CVE-2026-48282 ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interactio...

10CVSS6.4AI score0.03199EPSS
Exploits3References1
Cvelist
Cvelist
added 2026/06/30 3:11 p.m.37 views

CVE-2026-48283 ColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS0.0063EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 3:11 p.m.26 views

CVE-2026-48283

CVE-2026-48283 affects ColdFusion versions 2025.9, 2023.20 and earlier. The vulnerability is an Unrestricted Upload of File with Dangerous Type (CWE-434) that can lead to arbitrary code execution in the context of the current user. Exploitation requires no user interaction and is network‑visible;...

10CVSS6.4AI score0.0063EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.7 views

PT-2026-54766

Name of the Vulnerable Software and Affected Versions ColdFusion versions 2023.20 and earlier ColdFusion version 2025.9 Description An improper input validation issue exists that allows a remote attacker to execute arbitrary code in the context of the current user. This exploitation does not...

10CVSS7.8AI score0.01396EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-53900

Name of the Vulnerable Software and Affected Versions Adobe ColdFusion versions prior to 2025.10 Adobe ColdFusion versions prior to 2023.21 Description An unrestricted upload of files with dangerous types allows for arbitrary code execution in the context of the current user. The issue stems from...

10CVSS7.9AI score0.00917EPSS
Exploits0References24
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-53908

Name of the Vulnerable Software and Affected Versions ColdFusion versions 2023.20 and earlier ColdFusion version 2025.9 Description An Improper Limitation of a Pathname to a Restricted Directory, also known as Path Traversal, allows an attacker to access sensitive files and directories outside th...

9.3CVSS6.2AI score0.01577EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-53903

Name of the Vulnerable Software and Affected Versions Adobe ColdFusion versions prior to 2025 Update 10 Adobe ColdFusion versions prior to 2023 Update 21 Description Adobe ColdFusion contains a path traversal flaw resulting from the improper limitation of a pathname to a restricted directory. Thi...

10CVSS8.1AI score0.03199EPSS
Exploits3References104
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.92 views

Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI

Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to 1 CFIDE/administrator/settings/mappings.cfm, 2 logging/settings.cfm, 3 datasources/index.cfm, 4...

9.8CVSS8.7AI score0.99721EPSS
Exploits13References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.104 views

Adobe ColdFusion - Unrestricted File Upload Remote Code Execution

Adobe ColdFusion versions July 12 release 2018.0.0.310739, Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution. id: CVE-2018-15961 info: name: Adobe ColdFusion - Unrestricted File Upload...

10CVSS9.2AI score0.9995EPSS
Exploits11References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.70 views

Adobe ColdFusion - Access Control Bypass

An attacker is able to access every CFM and CFC endpoint within the ColdFusion Administrator path /CFIDE/, of which there are 437 CFM files and 96 CFC files in a ColdFusion 2021 Update 6 install. id: CVE-2023-29298 info: name: Adobe ColdFusion - Access Control Bypass author:...

7.5CVSS8.4AI score0.99754EPSS
Exploits0References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.76 views

Adobe ColdFusion - Pre-Auth Remote Code Execution

Adobe ColdFusion versions 2018u16 and earlier, 2021u6 and earlier and 2023.0.0.330468 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. id: CVE-2023-29300 info:...

9.8CVSS8.9AI score0.99984EPSS
Exploits0References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.96 views

Adobe ColdFusion - Arbitrary File Read

ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to sensitive files and perform arbitrary...

7.4CVSS8AI score0.98514EPSS
Exploits7References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.159 views

Adobe ColdFusion - Deserialization of Untrusted Data

Adobe ColdFusion versions 2018u17 and earlier, 2021u7 and earlier and 2023u1 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. id: CVE-2023-38203 info: name:...

9.8CVSS8.9AI score0.97003EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/10 9:4 p.m.11 views

CVE-2026-47933

ColdFusion versions 2023.19, 2025.8 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to...

5.4CVSS5.4AI score0.00224EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:2 p.m.10 views

CVE-2026-47960

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended...

7.4CVSS5.6AI score0.00406EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:2 p.m.13 views

CVE-2026-47928

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS6.2AI score0.08871EPSS
Exploits0References1
Rows per page
Query Builder