Lucene search
K

328 matches found

Cvelist
Cvelist
added yesterday8 views

CVE-2026-48318 ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

ColdFusion is affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope...

9.9CVSS
Exploits0References1
Circl
Circl
added 2026/07/01 9:45 a.m.9 views

CVE-2026-48313

creationtimestamp| type| source ---|---|--- 2026-07-01 09:45:16+00:00| seen| https://www.cert.dk/news/2026-07-01/Kritiske-ColdFusion-saarbarheder-aabner-for-fuld-serverovertagelse 2026-07-01 13:00:13+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mpll4ubpnt2q 2026-07-02...

9.3CVSS7.3AI score0.01577EPSS
Exploits0References5
Circl
Circl
added 2026/07/01 3:7 a.m.11 views

CVE-2026-48281

creationtimestamp| type| source ---|---|--- 2026-07-01 03:07:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mpkjycun2h2g 2026-07-01 09:45:09+00:00| seen| https://www.cert.dk/news/2026-07-01/Kritiske-ColdFusion-saarbarheder-aabner-for-fuld-serverovertagelse 2026-07-01 13:00:13+00:00|...

10CVSS7.3AI score0.00855EPSS
Exploits0References4
Circl
Circl
added 2026/07/01 2:7 a.m.8 views

CVE-2026-48276

creationtimestamp| type| source ---|---|--- 2026-07-01 02:07:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mpkgmzkfc726 2026-07-01 09:45:03+00:00| seen| https://www.cert.dk/news/2026-07-01/Kritiske-ColdFusion-saarbarheder-aabner-for-fuld-serverovertagelse 2026-07-01 12:00:35+00:00|...

10CVSS7.3AI score0.00917EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/10 9:2 p.m.11 views

CVE-2026-47929

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could exploit this vulnerability to gain elevated access or control over the victim...

9.1CVSS6.2AI score0.07535EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 8:33 p.m.9 views

CVE-2026-47931 ColdFusion | Improper Input Validation (CWE-20)

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. An attacker with high privileges could exploit this vulnerability to execute arbitrary code. Exploitation of...

8.4CVSS6.5AI score0.00555EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/15 12:31 a.m.6 views

EUVD-2026-22736

ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. A high-privileged attacker could exploit this vulnerability and exhaust system resources, reducing application speed. Exploitation o...

2.4CVSS5.8AI score0.02912EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.6 views

PT-2026-32919

ColdFusion | Improper Input Validation CWE-20 CVE: CVE-2026-27282 PT ID: PT-2026-32919 Vendor: Adobe Product: ColdFusion CVSS: 7.5 Credits: n/a Description: ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security...

7.5CVSS6AI score0.00693EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 11:41 a.m.9 views

CVE-2001-1514

ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to 1 child processes created with and 2 child processes that call the CreateProcess function and are executed with or end with the CFX extension...

10CVSS7.4AI score0.01422EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:41 a.m.5 views

CVE-1999-0756

ColdFusion Administrator with Advanced Security enabled allows remote users to stop the ColdFusion server via the Start/Stop utility...

5CVSS7AI score0.01258EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:39 a.m.11 views

CVE-1999-0455

The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server via exprcalc.cfm, which does not restrict access to the server properly...

7.5CVSS7AI score0.05845EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:36 a.m.11 views

CVE-2019-7091

ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution...

10CVSS7.2AI score0.25704EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:35 a.m.8 views

CVE-2019-7092

ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a cross site scripting vulnerability. Successful exploitation could lead to information disclosure...

6.1CVSS5.6AI score0.02391EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:34 a.m.9 views

CVE-2019-7838

ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a file extension blacklist bypass vulnerability. Successful exploitation could lead to arbitrary code execution...

10CVSS7.4AI score0.17447EPSS
Exploits0References1
CNVD
CNVD
added 2025/12/15 12:0 a.m.3 views

Adobe ColdFusion Input Validation Improperity Vulnerability (CNVD-2026-0494539)

Adobe ColdFusion is a dynamic Web server platform and application development framework maintained by Adobe for rapidly building and deploying data-driven dynamic Web sites, Web applications, and enterprise-class services. An improper input validation vulnerability exists in Adobe ColdFusion, whi...

8.4CVSS6.1AI score0.03878EPSS
Exploits0References1
CNVD
CNVD
added 2025/12/15 12:0 a.m.4 views

Adobe ColdFusion Improper Input Validation Vulnerability

Adobe ColdFusion is a dynamic Web server platform and application development framework maintained by Adobe for rapidly building and deploying data-driven dynamic Web sites, Web applications, and enterprise-class services. An improper input validation vulnerability exists in Adobe ColdFusion, whi...

6.2CVSS6AI score0.00668EPSS
Exploits0References1
OSV
OSV
added 2025/12/10 12:16 a.m.8 views

CVE-2025-64898

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could result in limited unauthorized write access. An attacker could leverage this vulnerability to gain unauthorized access by exploiting improperly stored or...

5.3CVSS5.8AI score0.00388EPSS
Exploits0References1
NVD
NVD
added 2025/12/10 12:16 a.m.8 views

CVE-2025-61813

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files on the server. Exploitation o...

8.2CVSS0.00474EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/09 11:41 p.m.45 views

CVE-2025-61808 ColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434)

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could lead to arbitrary code execution by a high priviledged attacker. Exploitation of this issue does not require user interaction and scope is changed...

9.1CVSS0.08773EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/09 11:41 p.m.6 views

CVE-2025-61811 ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. A high privileged attacker could leverage this vulnerability to bypass security measures and execute...

9.1CVSS7AI score0.01067EPSS
Exploits0References1
Rows per page
Query Builder