EUVD-2025-202349

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. A high privileged attacker could leverage this vulnerability to bypass security measures and execute...

CVE-2025-61823

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. A high privileged attacker could exploit this vulnerability to access sensitive files and data on th...

CVE-2025-61812

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could allow a high privileged attacker to gain arbitrary code execution. Exploitation of this issue does not require user interaction...

CVE-2025-64898

Adobe ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could allow limited unauthorized write access without user interaction. The CVE-2025-64898 entry is corroborated by multiple sources and advisories in the conn...

CVE-2025-61809

Adobe ColdFusion remote vulnerability CVE-2025-61809 arises from Improper Input Validation affecting ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier. The issue could bypass security checks and allow unauthorized read and write access without user interaction, with exploitation described ...

EUVD-2000-0057

Malware in sbrugna...

EUVD-2025-25130

Malicious code in bioql PyPI...

CVE-2025-54261

Adobe ColdFusion is affected by CVE-2025-54261 due to an Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) that could allow arbitrary code execution. Affected are ColdFusion versions 2025.3, 2023.15, 2021.21 and earlier; the issue requires optional configurations to be ...

CVE-2025-54234

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to limited file system read. A high-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs...

CVE-2025-43559

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security mechanisms and...

CVE-2025-30293

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security protections and gain unauthorized write access...

PT-2025-15653 · Adobe · Coldfusion

Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2025.0 and earlier ColdFusion versions 2023.12 ColdFusion versions 2021.18 Description: The issue is related to a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context...

PT-2024-2206

Name of the Vulnerable Software and Affected Versions Adobe ColdFusion versions 2023.6 and 2021.12 and earlier Description Adobe ColdFusion is affected by an Improper Access Control issue. This flaw allows an unauthenticated attacker to gain access to sensitive files and perform arbitrary file...

Ortus TestBox Path Traversal Vulnerability

Ortus Solutions Ortus Solutions Testbox is a behavior-driven testing framework for ColdFusion environments from Ortus Solutions, USA. A path traversal vulnerability exists in Ortus TestBox versions 2.4.0 through 4.1.0, which stems from an unvalidated query string parameter test-browser/index.cfm...

CVE-2020-3767

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an insufficient input validation vulnerability. Successful exploitation could lead to application-level denial-of-service dos...

CVE-2020-3794

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file inclusion vulnerability. Successful exploitation could lead to arbitrary code execution of files located in the webroot or its subdirectory...

Adobe Issues ColdFusion Software Update for 6 Critical Vulnerabilities

Adobe has released September 2018 security patch updates for a total of 10 vulnerabilities in Flash Player and ColdFusion, six of which are rated as critical that affected ColdFusion and could allow attackers to remotely execute arbitrary code on a vulnerable server. What's the good news this mon...

Railo Remote File Include (CVE-2014-5468)

This module exploits a remote file include vulnerability in Railo. A vulnerability in thumbnail.cfm allows an attacker to download an arbitrary PNG file, and by taking advantage of a directory traversal, an attacker can append cold fusion markup to the PNG file, and have it interpreted by the...

Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities in DNG Software Development Kit SDK, Brackets, Creative Cloud Desktop Application, and Cold Fusion. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and...

Adobe ColdFusion Cross-Site Scripting Vulnerability (CNVD-2016-03022)

Adobe ColdFusion is a dynamic Web server product from Adobe, which runs CFML, a programming language for Web applications. A cross-site scripting vulnerability exists in Adobe ColdFusion. A remote attacker can exploit this vulnerability to inject arbitrary Web script or HTML...