Lucene search
+L

60 matches found

circl
circl
added 2026/07/01 9:45 a.m.11 views

CVE-2026-48307

creationtimestamp| type| source ---|---|--- 2026-07-01 09:45:23+00:00| seen| https://www.cert.dk/news/2026-07-01/Kritiske-ColdFusion-saarbarheder-aabner-for-fuld-serverovertagelse 2026-07-01 13:00:13+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mpll4ubpnt2q 2026-07-08...

8.8CVSS7.3AI score0.00314EPSS
Exploits0References3
circl
circl
added 2026/07/01 9:45 a.m.11 views

CVE-2026-48285

creationtimestamp| type| source ---|---|--- 2026-07-01 09:45:21+00:00| seen| https://www.cert.dk/news/2026-07-01/Kritiske-ColdFusion-saarbarheder-aabner-for-fuld-serverovertagelse 2026-07-01 13:00:13+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mpll4ubpnt2q 2026-07-08...

8.6CVSS7AI score0.00439EPSS
Exploits0References4
nvd
nvd
added 2026/06/30 4:16 p.m.9 views

CVE-2026-48314

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain limited read and write access to...

6.5CVSS0.00333EPSS
Exploits0References1
cve
cve
added 2026/06/30 3:12 p.m.36 views

CVE-2026-48281

CVE-2026-48281 affects Adobe ColdFusion versions 2025.9, 2023.20 and earlier. The issue is an Improper Input Validation vulnerability that could allow arbitrary code execution in the context of the current user, with no user interaction required. The CVSS vector indicates network access, low atta...

10CVSS6.4AI score0.00855EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2026/06/30 3:12 p.m.51 views

CVE-2026-48277 ColdFusion | Improper Input Validation (CWE-20)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS0.00855EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/30 3:11 p.m.73 views

CVE-2026-48282 ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interactio...

10CVSS0.28583EPSS
Exploits3References1
redhatcve
redhatcve
added 2026/06/10 9:2 p.m.10 views

CVE-2026-47931

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

9.9CVSS6.2AI score0.00555EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/09 8:33 p.m.36 views

CVE-2026-47929 ColdFusion | Incorrect Authorization (CWE-863)

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could exploit this vulnerability to gain elevated access or control over the victim...

8.4CVSS0.07535EPSS
Exploits0References1
cve
cve
added 2026/06/09 8:33 p.m.28 views

CVE-2026-47930

CVE-2026-47930 affects ColdFusion versions 2023.19, 2025.8 and earlier. The issue is an Improper Input Validation vulnerability that allows a low-privileged attacker to bypass security measures and gain unauthorized read and write access, with exploitation not requiring user interaction. The CVSS...

8.1CVSS5.5AI score0.0039EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2026/06/09 12:0 a.m.26 views

PT-2026-48269

Name of the Vulnerable Software and Affected Versions ColdFusion versions 2023.19 and earlier ColdFusion versions 2025.8 and earlier Description An incorrect authorization flaw allows a high-privileged attacker to achieve arbitrary code execution in the context of the current user. This issue...

9.1CVSS6AI score0.07535EPSS
Exploits0References3
euvd
euvd
added 2025/12/10 12:30 a.m.7 views

EUVD-2025-202349

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. A high privileged attacker could leverage this vulnerability to bypass security measures and execute...

8.4CVSS7.1AI score0.01067EPSS
Exploits0References2
nvd
nvd
added 2025/12/10 12:16 a.m.12 views

CVE-2025-61823

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. A high privileged attacker could exploit this vulnerability to access sensitive files and data on th...

6.2CVSS0.00429EPSS
Exploits0References1
osv
osv
added 2025/12/10 12:16 a.m.7 views

CVE-2025-61812

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could allow a high privileged attacker to gain arbitrary code execution. Exploitation of this issue does not require user interaction...

8.4CVSS6AI score0.03878EPSS
Exploits0References1
cve
cve
added 2025/12/09 11:41 p.m.21 views

CVE-2025-64898

Adobe ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could allow limited unauthorized write access without user interaction. The CVE-2025-64898 entry is corroborated by multiple sources and advisories in the conn...

5.3CVSS6.4AI score0.00388EPSS
Exploits0References1Affected Software1
cve
cve
added 2025/12/09 11:41 p.m.31 views

CVE-2025-61809

Adobe ColdFusion remote vulnerability CVE-2025-61809 arises from Improper Input Validation affecting ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier. The issue could bypass security checks and allow unauthorized read and write access without user interaction, with exploitation described ...

9.1CVSS6.2AI score0.00586EPSS
Exploits0References1Affected Software1
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2000-0057

Malware in sbrugna...

7.5CVSS6.4AI score0.05547EPSS
Exploits1References3
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-25130

Malicious code in bioql PyPI...

2.7CVSS6.6AI score0.00717EPSS
Exploits0References1
cve
cve
added 2025/09/09 4:58 p.m.41 views

CVE-2025-54261

Adobe ColdFusion is affected by CVE-2025-54261 due to an Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) that could allow arbitrary code execution. Affected are ColdFusion versions 2025.3, 2023.15, 2021.21 and earlier; the issue requires optional configurations to be ...

10CVSS7.2AI score0.19934EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2025/08/18 5:15 p.m.8 views

CVE-2025-54234

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to limited file system read. A high-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs...

2.7CVSS0.00717EPSS
Exploits0References1
osv
osv
added 2025/05/13 9:16 p.m.3 views

CVE-2025-43559

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security mechanisms and...

9.1CVSS6.3AI score0.01157EPSS
Exploits0References1
Rows per page
Query Builder