Lucene search
K

2762 matches found

RedhatCVE
RedhatCVE
added 2026/06/10 9:4 p.m.12 views

CVE-2026-47933

ColdFusion versions 2023.19, 2025.8 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to...

5.4CVSS5.4AI score0.00224EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:2 p.m.10 views

CVE-2026-47960

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended...

7.4CVSS5.6AI score0.00406EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:2 p.m.13 views

CVE-2026-47928

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS6.2AI score0.08871EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:2 p.m.10 views

CVE-2026-47930

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access...

8.1CVSS5.5AI score0.0039EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:2 p.m.11 views

CVE-2026-47929

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could exploit this vulnerability to gain elevated access or control over the victim...

9.1CVSS6.2AI score0.07535EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:2 p.m.10 views

CVE-2026-47932

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access unauthorized files or directories...

9.6CVSS5.5AI score0.07624EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.13 views

PT-2026-49071

CVE-2026-48556 - Adobe ColdFusion Information Disclosure in Administrator Function CVE ID :CVE-2026-48556 Published : June 10, 2026, 6:17 p.m. | 1 hour ago Description :Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Severity: 0.0 | NA Visit the link fo...

5.2AI score
Exploits0References1
NVD
NVD
added 2026/06/09 9:17 p.m.16 views

CVE-2026-47960

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended...

7.4CVSS0.00406EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 9:17 p.m.11 views

CVE-2026-47931

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. An attacker with high privileges could exploit this vulnerability to execute arbitrary code. Exploitation of...

9.1CVSS0.00555EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 9:17 p.m.17 views

CVE-2026-47932

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access unauthorized files or directories...

9.6CVSS0.07624EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 9:17 p.m.11 views

CVE-2026-47933

ColdFusion versions 2023.19, 2025.8 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to...

5.4CVSS0.00224EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 9:17 p.m.14 views

CVE-2026-47930

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access...

8.1CVSS0.0039EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 9:17 p.m.11 views

CVE-2026-47928

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS0.08871EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 9:17 p.m.14 views

CVE-2026-47929

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could exploit this vulnerability to gain elevated access or control over the victim...

9.1CVSS0.07535EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 8:33 p.m.11 views

EUVD-2026-35833

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could exploit this vulnerability to gain elevated access or control over the victim...

8.4CVSS6.2AI score0.07535EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 8:33 p.m.40 views

CVE-2026-47932 ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access unauthorized files or directories...

8.8CVSS0.07624EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 8:33 p.m.27 views

CVE-2026-47929

CVE-2026-47929 affects Adobe ColdFusion versions 2023.19, 2025.8 and earlier. The issue is an incorrect authorization vulnerability that could enable arbitrary code execution in the context of the current user. Exploitation does not require user interaction, and the vulnerability could allow a hi...

9.1CVSS6.2AI score0.07535EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/09 8:33 p.m.27 views

CVE-2026-47932

CVE-2026-47932 — Path Traversal in Adobe ColdFusion affects ColdFusion versions 2023.19, 2025.8 and earlier. The issue is an improper limitation of a pathname to a restricted directory, enabling a security feature bypass and potential access to unauthorized files/directories. Exploitation require...

9.6CVSS5.5AI score0.07624EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/09 8:33 p.m.9 views

CVE-2026-47929 ColdFusion | Incorrect Authorization (CWE-863)

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could exploit this vulnerability to gain elevated access or control over the victim...

8.4CVSS6.2AI score0.07535EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 8:33 p.m.11 views

EUVD-2026-35832

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access unauthorized files or directories...

8.8CVSS5.5AI score0.07624EPSS
Exploits0References1
Rows per page
Query Builder