CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

299 matches found

EUVD•added 2026/04/15 12:31 a.m.•0 views

EUVD-2026-22736

ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. A high-privileged attacker could exploit this vulnerability and exhaust system resources, reducing application speed. Exploitation o...

2.4CVSS5.8AI score0.00032EPSS

Exploits0References2

Positive Technologies•added 2026/04/14 12:0 a.m.•2 views

PT-2026-32919

ColdFusion | Improper Input Validation CWE-20 CVE: CVE-2026-27282 PT ID: PT-2026-32919 Vendor: Adobe Product: ColdFusion CVSS: 7.5 Credits: n/a Description: ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security...

7.5CVSS6AI score0.00565EPSS

Exploits0References4

RedhatCVE•added 2026/01/09 11:41 a.m.•4 views

CVE-2001-1514

ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to 1 child processes created with and 2 child processes that call the CreateProcess function and are executed with or end with the CFX extension...

10CVSS7.4AI score0.00072EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:41 a.m.•2 views

CVE-1999-0756

ColdFusion Administrator with Advanced Security enabled allows remote users to stop the ColdFusion server via the Start/Stop utility...

5CVSS7AI score0.00655EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:39 a.m.•3 views

CVE-1999-0455

The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server via exprcalc.cfm, which does not restrict access to the server properly...

7.5CVSS7AI score0.09129EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:36 a.m.•7 views

CVE-2019-7091

ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution...

10CVSS7.2AI score0.63074EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:35 a.m.•5 views

CVE-2019-7092

ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a cross site scripting vulnerability. Successful exploitation could lead to information disclosure...

6.1CVSS5.6AI score0.01219EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:34 a.m.•5 views

CVE-2019-7838

ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a file extension blacklist bypass vulnerability. Successful exploitation could lead to arbitrary code execution...

10CVSS7.4AI score0.30353EPSS

Exploits0References1

CNVD•added 2025/12/15 12:0 a.m.•2 views

Adobe ColdFusion Improper Input Validation Vulnerability

Adobe ColdFusion is a dynamic Web server platform and application development framework maintained by Adobe for rapidly building and deploying data-driven dynamic Web sites, Web applications, and enterprise-class services. An improper input validation vulnerability exists in Adobe ColdFusion, whi...

6.2CVSS6AI score0.0005EPSS

Exploits0References1

CNVD•added 2025/12/15 12:0 a.m.•2 views

Adobe ColdFusion Input Validation Improperity Vulnerability (CNVD-2026-0494539)

8.4CVSS6.1AI score0.00055EPSS

Exploits0References1

OSV•added 2025/12/10 12:16 a.m.•0 views

CVE-2025-64898

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could result in limited unauthorized write access. An attacker could leverage this vulnerability to gain unauthorized access by exploiting improperly stored or...

5.3CVSS5.8AI score

Exploits0References1

NVD•added 2025/12/10 12:16 a.m.•2 views

CVE-2025-61813

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files on the server. Exploitation o...

8.2CVSS0.00043EPSS

Exploits0References1

Cvelist•added 2025/12/09 11:41 p.m.•20 views

CVE-2025-61808 ColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434)

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could lead to arbitrary code execution by a high priviledged attacker. Exploitation of this issue does not require user interaction and scope is changed...

9.1CVSS0.00302EPSS

Exploits0References1

Vulnrichment•added 2025/12/09 11:41 p.m.•3 views

CVE-2025-61811 ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. A high privileged attacker could leverage this vulnerability to bypass security measures and execute...

9.1CVSS7AI score0.00946EPSS

Exploits0References1

Positive Technologies•added 2025/12/09 12:0 a.m.•1 views

PT-2025-50287

6.8CVSS6.8AI score0.00042EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2008-4810

Malware in sbrugna...

7.2CVSS6.4AI score0.00261EPSS

Exploits1References7

EUVD•added 2025/10/07 12:30 a.m.•1 views