18 matches found
EUVD-2026-22762
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access unauthorized files or directories...
EUVD-2026-22730
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction...
CVE-2026-27306
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Attacker requires elevated privileges. Exploitation of this issue requires user interaction in that a victim...
CVE-2026-27304
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction...
CVE-2026-34619
The CVE-2026-34619 entry affects ColdFusion versions 2023.18, 2025.6 and earlier. It describes an Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability that could allow an attacker to access unauthorized files or directories outside intended restrictions. Expl...
CVE-2026-34619 ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access unauthorized files or directories...
CVE-2026-27308 ColdFusion | Uncontrolled Resource Consumption (CWE-400)
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. A high-privileged attacker could exploit this vulnerability and exhaust system resources, reducing application speed. Exploitation o...
CVE-2026-27304 ColdFusion | Improper Input Validation (CWE-20)
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction...
CVE-2026-27307
CVE-2026-27307 affects Adobe ColdFusion 2023.18, 2025.6 and earlier, with an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. The issue can be exploited by a high-privilege attacker without user interaction and has a low CVSS base score per the pro...
CVE-2026-27307 ColdFusion | Uncontrolled Resource Consumption (CWE-400)
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. A high-privileged attacker could exploit this vulnerability and exhaust system resources, reducing application speed. Exploitation o...
PT-2026-32919
ColdFusion | Improper Input Validation CWE-20 CVE: CVE-2026-27282 PT ID: PT-2026-32919 Vendor: Adobe Product: ColdFusion CVSS: 7.5 Credits: n/a Description: ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security...
PT-2026-32923
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. A high-privileged attacker could exploit this vulnerability and exhaust system resources, reducing application speed. Exploitation o...
PT-2026-32920
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction...
Adobe ColdFusion 资源管理错误漏洞
Adobe ColdFusion is a rapid application development platform provided by Adobe Inc. This platform includes an integrated development environment and a scripting language. Versions of Adobe ColdFusion such as 2023.18, 2025.6, and earlier have a resource management vulnerability. This vulnerability...
PT-2026-32921
ColdFusion | Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' CWE-22 CVE: CVE-2026-27305 PT ID: PT-2026-32921 Vendor: Adobe Product: ColdFusion CVSS: 8.6 Credits: n/a Description: ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of...
CVE-2025-8089
CVE-2025-8089 corresponds to a stored XSS in the WordPress Advanced iFrame plugin. The vulnerability exists in the parameter for versions up to and including 2025.6, due to insufficient input sanitization and output escaping. Impact: authenticated attackers with contributor-level access or highe...
WordPress Advanced iFrame plugin <= 2025.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin Advanced iFrame versions = 2025.6...
PT-2025-33538 · WordPress · Advanced Iframe
Name of the Vulnerable Software and Affected Versions: Advanced iFrame plugin for WordPress versions prior to 2025.7 Description: The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the additional parameter due to insufficient input sanitization and output...