Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

NCSC
NCSCadded 2025/04/09 8:8 a.m.4 views

Vulnerabilities fixed in Adobe ColdFusion

Adobe has fixed vulnerabilities in ColdFusion Specifically for versions 2023.12, 2021.18, 2025.0 and earlier. The vulnerabilities are in the way ColdFusion handles input validation, authentication, access and deserialization of untrusted data. Malicious parties can exploit these vulnerabilities t...

9.1CVSS7.6AI score0.07382EPSS
Exploits0References1
OSV
OSVadded 2025/04/08 8:15 p.m.1 views

CVE-2025-30292

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's...

6.1CVSS5.7AI score0.0287EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2025/04/08 8:15 p.m.0 views

CVE-2025-30289

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead in arbitrary code execution by an attacker. A low privileged attacker with local access could leverage...

8.2CVSS7.9AI score0.00031EPSS
Exploits0References2
OSV
OSVadded 2025/04/08 8:15 p.m.0 views

CVE-2025-30281

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution. A high-privileged attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitati...

9.1CVSS7.7AI score
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/04/08 8:2 p.m.11 views

CVE-2025-30282 ColdFusion | Improper Authentication (CWE-287)

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass authentication mechanisms and...

9.1CVSS8.6AI score0.00089EPSS
Exploits0References1
CNNVD
CNNVDadded 2025/04/08 12:0 a.m.1 views

Adobe ColdFusion 跨站脚本漏洞

Adobe ColdFusion is a set of rapid application development platform from the American company Audobee Adobe. The platform includes an integrated development environment and a scripting language. A cross-site scripting vulnerability exists in Adobe ColdFusion versions 2023.12, 2021.18, 2025.0 and...

6.1CVSS5.8AI score0.0287EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/04/08 12:0 a.m.3 views

PT-2025-15656 · Adobe · Coldfusion

Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier Description: The issue is related to an Improper Authentication vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could leverag...

8.2CVSS9.3AI score0.00037EPSS
Exploits0References9
CNNVD
CNNVDadded 2025/04/08 12:0 a.m.1 views

Adobe ColdFusion 输入验证错误漏洞

Adobe ColdFusion is a suite of rapid application development platforms from the American company Audobee Adobe. The platform includes an integrated development environment and a scripting language. An input validation error vulnerability exists in Adobe ColdFusion versions 2023.12, 2021.18, 2025....

6.8CVSS6AI score0.0026EPSS
Exploits0References2
Rows per page
Query Builder