Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
AdobeColdfusion

188 matches found

CVE
CVEadded 2025/05/13 9:16 p.m.49 views

CVE-2025-43559

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security mechanisms and execut...

9.1CVSS9.5AI score0.01787EPSS
CVE
CVEadded 2007/02/14 2:28 a.m.48 views

CVE-2006-5860

Cross-site scripting (XSS) vulnerability in the administrator console for Adobe JRun 4.0, as used in ColdFusion, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3CVSS5.6AI score0.02328EPSS
CVE
CVEadded 2008/03/12 12:44 a.m.48 views

CVE-2008-0644

Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism for applications via unspecified vectors related to the setEncoding function.

5CVSS5.9AI score0.01883EPSS
CVE
CVEadded 2015/11/18 9:59 p.m.48 views

CVE-2015-8052

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 18 and 11 before Update 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-8053.

4.3CVSS5.7AI score0.00752EPSS
CVE
CVEadded 2016/05/11 1:59 a.m.48 views

CVE-2016-1113

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.1CVSS6.2AI score0.00809EPSS
CVE
CVEadded 2020/07/17 12:15 a.m.48 views

CVE-2020-9672

Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation.

7.8CVSS7.4AI score0.00103EPSS
CVE
CVEadded 2007/01/10 2:0 a.m.47 views

CVE-2006-5858

Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft IIS, allows remote attackers to read arbitrary files, list directories, or read source code via a double URL-encoded NULL byte in a ColdFusion filename, such as a CFM file.

5CVSS6.7AI score0.07899EPSS
CVE
CVEadded 2011/02/10 4:0 p.m.47 views

CVE-2011-0583

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via the cfform tag.

4.3CVSS5.8AI score0.01633EPSS
CVE
CVEadded 2012/11/20 5:52 a.m.47 views

CVE-2012-5674

Unspecified vulnerability in Adobe ColdFusion 10 before Update 5, when Internet Information Services (IIS) is used, allows attackers to cause a denial of service via unknown vectors.

7.1CVSS6.6AI score0.01923EPSS
CVE
CVEadded 2013/04/10 3:48 a.m.47 views

CVE-2013-1387

Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 10, 9.0.1 before Update 9, 9.0.2 before Update 4, and 10 before Update 9 allows attackers to impersonate users via unknown vectors.

7.5CVSS6.5AI score0.01848EPSS
CVE
CVEadded 2016/06/16 2:59 p.m.47 views

CVE-2016-4159

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 20, 11 before Update 9, and 2016 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.1CVSS5.9AI score0.00698EPSS
CVE
CVEadded 2018/09/25 1:29 p.m.47 views

CVE-2018-15962

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a directory listing vulnerability. Successful exploitation could lead to information disclosure.

5.3CVSS6.7AI score0.02392EPSS
CVE
CVEadded 2008/04/09 7:5 p.m.46 views

CVE-2008-1656

Adobe ColdFusion 8 and 8.0.1 does not properly implement the public access level for CFC methods, which allows remote attackers to invoke these methods via Flex 2 remoting, a different vulnerability than CVE-2006-4725.

7.5CVSS6.7AI score0.04664EPSS
CVE
CVEadded 2010/05/13 5:30 p.m.46 views

CVE-2010-1293

Cross-site scripting (XSS) vulnerability in the Administrator page in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.8AI score0.00816EPSS
CVE
CVEadded 2012/03/13 10:55 p.m.46 views

CVE-2012-0770

Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

5CVSS6.8AI score0.0147EPSS
CVE
CVEadded 2012/12/12 11:38 a.m.46 views

CVE-2012-5675

Adobe ColdFusion 9.0 through 9.0.2, and 10, allows local users to bypass intended shared-hosting sandbox permissions via unspecified vectors.

4.4CVSS6.5AI score0.00108EPSS
CVE
CVEadded 2013/07/10 10:55 a.m.46 views

CVE-2013-3350

Adobe ColdFusion 10 before Update 11 allows remote attackers to call ColdFusion Components (CFC) public methods via WebSockets.

10CVSS6.7AI score0.01608EPSS
CVE
CVEadded 2018/09/25 1:29 p.m.46 views

CVE-2018-15959

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.

10CVSS9.6AI score0.41632EPSS
CVE
CVEadded 2018/09/25 1:29 p.m.46 views

CVE-2018-15964

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to information disclosure.

7.5CVSS8AI score0.11331EPSS
CVE
CVEadded 2025/05/13 9:16 p.m.46 views

CVE-2025-43566

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. A high-privileged attacker could leverage this vulnerability to bypass security pro...

6.8CVSS7AI score0.00236EPSS
CVE
CVEadded 2015/11/18 9:59 p.m.45 views

CVE-2015-8053

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 18 and 11 before Update 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-8052.

4.3CVSS5.7AI score0.00752EPSS
CVE
CVEadded 2018/09/25 1:29 p.m.45 views

CVE-2018-15965

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.

10CVSS9.6AI score0.41632EPSS
CVE
CVEadded 2024/06/13 12:15 p.m.45 views

CVE-2024-34112

ColdFusion versions 2023u7, 2021u13 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could exploit this vulnerability to gain unauthorized access to sensitive files or data. Exploitation of this issue does not require ...

7.5CVSS7.7AI score0.05081EPSS
CVE
CVEadded 2025/05/13 9:16 p.m.45 views

CVE-2025-43560

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security mechanisms and execut...

9.1CVSS9.5AI score0.01807EPSS
CVE
CVEadded 2009/08/18 10:30 p.m.44 views

CVE-2009-1875

Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1877.

4.3CVSS5.7AI score0.00667EPSS
CVE
CVEadded 2011/02/10 4:0 p.m.44 views

CVE-2011-0584

Session fixation vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to hijack web sessions via unspecified vectors.

4.3CVSS6.8AI score0.02203EPSS
CVE
CVEadded 2011/12/14 11:55 a.m.44 views

CVE-2011-4368

Cross-site scripting (XSS) vulnerability in Remote Development Services (RDS) in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.9AI score0.00667EPSS
CVE
CVEadded 2014/10/15 10:55 a.m.44 views

CVE-2014-0571

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.8AI score0.00667EPSS
CVE
CVEadded 2018/09/25 1:29 p.m.44 views

CVE-2018-15963

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary folder creation.

5.3CVSS7.2AI score0.06624EPSS
CVE
CVEadded 2025/05/13 9:16 p.m.44 views

CVE-2025-43565

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Incorrect Authorization vulnerability that could lead to arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security protections and execute c...

8.4CVSS8.7AI score0.00542EPSS
CVE
CVEadded 2006/12/12 8:28 p.m.43 views

CVE-2006-6482

Adobe ColdFusion MX7 allows remote attackers to obtain sensitive information via a URL request (1) for a non-existent (a) JWS, (b) CFM, (c) CFML, or (d) CFC file, which displays the installation path in the resulting error message; or (2) to /CFIDE/administrator/login.cfm without a host, which can ...

5CVSS6.5AI score0.01537EPSS
CVE
CVEadded 2007/11/15 8:46 p.m.43 views

CVE-2007-5905

Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a session fixation vulnerability.

6.8CVSS6.7AI score0.0543EPSS
CVE
CVEadded 2018/05/19 5:29 p.m.43 views

CVE-2018-4940

Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure.

6.1CVSS6.8AI score0.01145EPSS
CVE
CVEadded 2022/10/14 8:15 p.m.43 views

CVE-2022-35690

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability ...

9.8CVSS9.6AI score0.17863EPSS
CVE
CVEadded 2022/10/14 8:15 p.m.43 views

CVE-2022-35710

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability ...

9.8CVSS9.6AI score0.26112EPSS
CVE
CVEadded 2025/05/13 9:16 p.m.43 views

CVE-2025-43563

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. A high-privileged attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitati...

9.1CVSS6.1AI score0.00094EPSS
CVE
CVEadded 2006/09/14 12:7 a.m.42 views

CVE-2006-4726

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 6.1 through 7.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a ColdFusion error page.

2.6CVSS5.8AI score0.02039EPSS
CVE
CVEadded 2007/03/16 8:19 p.m.42 views

CVE-2007-1278

Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root.

4.3CVSS6.6AI score0.04573EPSS
CVE
CVEadded 2011/02/01 6:0 p.m.42 views

CVE-2011-0736

Adobe ColdFusion 9.0.1 CHF1 and earlier, when a web application is configured to use a DBMS, allows remote attackers to obtain potentially sensitive information about the database structure via an id=- query to a .cfm file. NOTE: the vendor disputes the significance of this issue because the Site-w...

5.3CVSS6.3AI score0.00816EPSS
CVE
CVEadded 2014/10/15 10:55 a.m.42 views

CVE-2014-0572

Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows local users to bypass intended IP-based access restrictions via unspecified vectors.

4.6CVSS6.4AI score0.00181EPSS
CVE
CVEadded 2018/09/25 1:29 p.m.42 views

CVE-2018-15958

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.

10CVSS9.6AI score0.41632EPSS
CVE
CVEadded 2018/05/19 5:29 p.m.42 views

CVE-2018-4941

Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure.

6.1CVSS6.8AI score0.01145EPSS
CVE
CVEadded 2024/09/13 10:15 a.m.42 views

CVE-2024-45113

ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access and affect the integrity of the application. Exploitation of this issue does n...

7.5CVSS7.7AI score0.0043EPSS
CVE
CVEadded 2008/03/12 12:44 a.m.41 views

CVE-2008-0643

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.7AI score0.02799EPSS
CVE
CVEadded 2010/05/13 5:30 p.m.41 views

CVE-2009-3467

Cross-site scripting (XSS) vulnerability in an unspecified method in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3CVSS5.8AI score0.00816EPSS
CVE
CVEadded 2011/02/01 6:0 p.m.41 views

CVE-2011-0735

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via vectors involving a "tag script."

4.3CVSS5.7AI score0.00603EPSS
CVE
CVEadded 2011/02/01 6:0 p.m.41 views

CVE-2011-0737

Adobe ColdFusion 9.0.1 CHF1 and earlier allows remote attackers to obtain sensitive information via an id=- query to a .cfm file, which reveals the installation path in an error message. NOTE: the vendor disputes the significance of this issue because the Site-wide Error Handler and Debug Output Se...

5.3CVSS6.3AI score0.00891EPSS
CVE
CVEadded 2013/11/13 1:55 a.m.41 views

CVE-2013-5326

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 12, 9.0.1 before Update 11, 9.0.2 before Update 6, and 10 before Update 12, when the CFIDE directory is available, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related ...

3.5CVSS5.5AI score0.00493EPSS
CVE
CVEadded 2015/04/15 10:59 a.m.41 views

CVE-2015-0345

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 16 and 11 before Update 5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.8AI score0.0316EPSS
CVE
CVEadded 2018/09/25 1:29 p.m.41 views

CVE-2018-15960

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to arbitrary file overwrite.

7.5CVSS7.8AI score0.09043EPSS
Total number of security vulnerabilities188