Every CVE whose affected-product data names Adobe Coldfusion, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (200)
CVE-2026-48281 — CVSS 10.0 (critical): ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary…
CVE-2010-5290 — CVSS 10.0 (critical): The authentication process in Adobe ColdFusion before 10 does not require knowledge of the cleartext password if the password hash is…
CVE-2025-54261 — CVSS 10.0 (critical): ColdFusion versions 2025.3, 2023.15, 2021.21 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory…
CVE-2013-3350 — CVSS 10.0 (critical): Adobe ColdFusion 10 before Update 11 allows remote attackers to call ColdFusion Components (CFC) public methods via WebSockets.
CVE-2013-1389 — CVSS 10.0 (critical): Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 11, 9.0.1 before Update 10, 9.0.2 before Update 5, and 10 before Update 10…
CVE-2026-48276 — CVSS 10.0 (critical): ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could…
CVE-2026-48283 — CVSS 10.0 (critical): ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could…
CVE-2026-48277 — CVSS 10.0 (critical): ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary…
CVE-2018-15959 — CVSS 9.8 (critical): Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of…
CVE-2018-15958 — CVSS 9.8 (critical): Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of…
CVE-2018-15957 — CVSS 9.8 (critical): Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of…
CVE-2019-8074 — CVSS 9.8 (critical): ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability. Successful…
CVE-2023-38204 — CVSS 9.8 (critical): Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by a Deserialization of…
CVE-2023-44350 — CVSS 9.8 (critical): Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability…
CVE-2018-15965 — CVSS 9.8 (critical): Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of…
CVE-2023-44351 — CVSS 9.8 (critical): Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability…
CVE-2023-44353 — CVSS 9.8 (critical): Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability…
CVE-2024-41874 — CVSS 9.8 (critical): ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in…
CVE-2020-3794 — CVSS 9.8 (critical): ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file inclusion vulnerability. Successful exploitation could lead to…
CVE-2019-8073 — CVSS 9.8 (critical): ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection via Vulnerable component…
CVE-2022-35690 — CVSS 9.8 (critical): Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability…
CVE-2019-7091 — CVSS 9.8 (critical): ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a deserialization of untrusted data…
CVE-2019-8256 — CVSS 9.8 (critical): ColdFusion versions Update 6 and earlier have an insecure inherited permissions of default installation directory vulnerability. Successful…
CVE-2022-35710 — CVSS 9.8 (critical): Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability…
CVE-2017-11284 — CVSS 9.8 (critical): Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and…
CVE-2019-7816 — CVSS 9.8 (critical): ColdFusion versions Update 2 and earlier, Update 9 and earlier, and Update 17 and earlier have a file upload restriction bypass…
CVE-2017-11283 — CVSS 9.8 (critical): Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and…
CVE-2019-7838 — CVSS 9.8 (critical): ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a file extension blacklist bypass…
CVE-2019-7839 — CVSS 9.8 (critical): ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a command injection vulnerability…
CVE-2019-7840 — CVSS 9.8 (critical): ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a deserialization of untrusted data…
CVE-2022-35711 — CVSS 9.8 (critical): Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability…
CVE-2022-35712 — CVSS 9.8 (critical): Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability…
CVE-2016-1114 — CVSS 9.8 (critical): Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote attackers to execute arbitrary commands…
CVE-2022-38418 — CVSS 9.8 (critical): Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a…
CVE-2026-47928 — CVSS 9.6 (critical): ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary…
CVE-2026-27304 — CVSS 9.3 (critical): ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary…
CVE-2025-49535 — CVSS 9.3 (critical): ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE')…
CVE-2026-48315 — CVSS 9.3 (critical): ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary…
CVE-2026-48313 — CVSS 9.3 (critical): ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path…
CVE-2025-43563 — CVSS 9.1 (critical): ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in…
CVE-2025-61811 — CVSS 9.1 (critical): ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Access Control vulnerability that could result in…
CVE-2025-61809 — CVSS 9.1 (critical): ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could result in a…
CVE-2025-61808 — CVSS 9.1 (critical): ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability…
CVE-2025-43564 — CVSS 9.1 (critical): ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in…
CVE-2025-43562 — CVSS 9.1 (critical): ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Neutralization of Special Elements used in an OS…
CVE-2025-43561 — CVSS 9.1 (critical): ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Incorrect Authorization vulnerability that could result in…
CVE-2025-43560 — CVSS 9.1 (critical): ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Input Validation vulnerability that could result in…
CVE-2025-43559 — CVSS 9.1 (critical): ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Input Validation vulnerability that could result in…
CVE-2025-30282 — CVSS 9.1 (critical): ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in…
CVE-2025-30281 — CVSS 9.1 (critical): ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in…
CVE-2025-24447 — CVSS 9.1 (critical): ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could…
CVE-2025-24446 — CVSS 9.1 (critical): ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in…
CVE-2026-48307 — CVSS 8.8 (high): ColdFusion versions 2025.9, 2023.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could…
CVE-2025-49551 — CVSS 8.8 (high): ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a Use of Hard-coded Credentials vulnerability that could result in…
CVE-2026-47932 — CVSS 8.8 (high): ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path…
CVE-2025-30290 — CVSS 8.7 (high): ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory…
CVE-2026-27305 — CVSS 8.6 (high): ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path…
CVE-2016-4264 — CVSS 8.6 (high): The Office Open XML (OOXML) feature in Adobe ColdFusion 10 before Update 21 and 11 before Update 10 allows remote attackers to read…
CVE-2026-48285 — CVSS 8.6 (high): ColdFusion versions 2025.9, 2023.20 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a…
CVE-2025-30286 — CVSS 8.4 (high): ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Neutralization of Special Elements used in an OS…
CVE-2026-27306 — CVSS 8.4 (high): ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary…
CVE-2025-61810 — CVSS 8.4 (high): ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could…
CVE-2025-30285 — CVSS 8.4 (high): ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could…
CVE-2025-61812 — CVSS 8.4 (high): ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could allow a high…
CVE-2026-47929 — CVSS 8.4 (high): ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary…
CVE-2025-30284 — CVSS 8.4 (high): ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could…
CVE-2025-43565 — CVSS 8.4 (high): ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Incorrect Authorization vulnerability that could lead to…
CVE-2026-47931 — CVSS 8.4 (high): ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary…
CVE-2025-30288 — CVSS 8.2 (high): ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in a…
CVE-2025-30289 — CVSS 8.2 (high): ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Neutralization of Special Elements used in an OS…
CVE-2025-30287 — CVSS 8.2 (high): ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in…
CVE-2025-61813 — CVSS 8.2 (high): ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE')…
CVE-2026-47930 — CVSS 8.1 (high): ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security…
CVE-2024-53961 — CVSS 8.1 (high): ColdFusion versions 2023.11, 2021.17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path…
CVE-2025-49537 — CVSS 7.9 (high): ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Neutralization of Special Elements used in an OS…
CVE-2020-3768 — CVSS 7.8 (high): ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a dll search-order hijacking vulnerability. Successful exploitation could…
CVE-2020-10145 — CVSS 7.8 (high): The Adobe ColdFusion installer fails to set a secure access-control list (ACL) on the default installation directory, such as…
CVE-2020-9673 — CVSS 7.8 (high): Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking…
CVE-2020-9672 — CVSS 7.8 (high): Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking…
CVE-2018-4938 — CVSS 7.8 (high): Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Insecure Library Loading…
CVE-2013-5328 — CVSS 7.8 (high): Adobe ColdFusion 10 before Update 12 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2026-34619 — CVSS 7.7 (high): ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path…
CVE-2018-15960 — CVSS 7.5 (high): Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with…
CVE-2008-1203 — CVSS 7.5 (high): The administrator interface for Adobe ColdFusion 8 and ColdFusion MX7 does not log failed authentication attempts, which makes it easier…
CVE-2008-1656 — CVSS 7.5 (high): Adobe ColdFusion 8 and 8.0.1 does not properly implement the public access level for CFC methods, which allows remote attackers to invoke…
CVE-2013-1387 — CVSS 7.5 (high): Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 10, 9.0.1 before Update 9, 9.0.2 before Update 4, and 10 before Update 9…
CVE-2013-1388 — CVSS 7.5 (high): Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 10, 9.0.1 before Update 9, 9.0.2 before Update 4, and 10 before Update 9…
CVE-2017-11286 — CVSS 7.5 (high): Adobe ColdFusion has an XML external entity (XXE) injection vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016…
CVE-2018-15964 — CVSS 7.5 (high): Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with…
CVE-2018-4942 — CVSS 7.5 (high): Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Unsafe XML External Entity…
CVE-2019-8072 — CVSS 7.5 (high): ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security bypass vulnerability. Successful…
CVE-2020-3761 — CVSS 7.5 (high): ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote file read vulnerability. Successful exploitation could lead to…
CVE-2022-38419 — CVSS 7.5 (high): Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Restriction of XML External Entity…
CVE-2022-38420 — CVSS 7.5 (high): Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Use of Hard-coded Credentials vulnerability…
CVE-2022-38422 — CVSS 7.5 (high): Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a…
CVE-2022-42340 — CVSS 7.5 (high): Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Input Validation vulnerability…
CVE-2022-42341 — CVSS 7.5 (high): Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Restriction of XML External Entity…
CVE-2023-26347 — CVSS 7.5 (high): Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Access Control vulnerability that…
CVE-2024-34112 — CVSS 7.5 (high): ColdFusion versions 2023u7, 2021u13 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary…
CVE-2024-45113 — CVSS 7.5 (high): ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Authentication vulnerability that could result in privilege…
CVE-2026-27282 — CVSS 7.5 (high): ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security…
CVE-2026-47960 — CVSS 7.4 (high): ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE')…
CVE-2021-40699 — CVSS 7.4 (high): ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an improper access control vulnerability…
CVE-2025-49538 — CVSS 7.4 (high): ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an XML Injection vulnerability that could lead to arbitrary file…
CVE-2021-40698 — CVSS 7.4 (high): ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an Use of Inherently Dangerous Function…
CVE-2025-49536 — CVSS 7.3 (high): ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Incorrect Authorization vulnerability that could result in a…
CVE-2022-38424 — CVSS 7.2 (high): Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a…
CVE-2007-1874 — CVSS 7.2 (high): Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions for certain scripts and directories, which allows local users to…
CVE-2022-38421 — CVSS 7.2 (high): Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a…
CVE-2008-4831 — CVSS 7.2 (high): Unspecified vulnerability in Adobe ColdFusion 8 and 8.0.1 and ColdFusion MX 7.0.2 allows local users to bypass sandbox restrictions, and…
CVE-2012-5674 — CVSS 7.1 (high): Unspecified vulnerability in Adobe ColdFusion 10 before Update 5, when Internet Information Services (IIS) is used, allows attackers to…
CVE-2014-0570 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10…
CVE-2007-5905 — CVSS 6.8 (medium): Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions via unspecified vectors that trigger establishment of a session to a…
CVE-2025-61821 — CVSS 6.8 (medium): ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE')…
CVE-2025-49544 — CVSS 6.8 (medium): ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE')…
CVE-2025-43566 — CVSS 6.8 (medium): ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory…
CVE-2011-0629 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 allows remote attackers to hijack the…
CVE-2025-30294 — CVSS 6.8 (medium): ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a…
CVE-2025-30293 — CVSS 6.8 (medium): ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a…
CVE-2020-3796 — CVSS 6.5 (medium): ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an improper access control vulnerability. Successful exploitation could lead…
CVE-2020-3767 — CVSS 6.5 (medium): ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an insufficient input validation vulnerability. Successful exploitation could…
CVE-2026-48314 — CVSS 6.5 (medium): ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path…
CVE-2025-61823 — CVSS 6.2 (medium): ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE')…
CVE-2025-49545 — CVSS 6.2 (medium): ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead…
CVE-2025-61822 — CVSS 6.2 (medium): ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could lead to…
CVE-2025-30292 — CVSS 6.1 (medium): ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an…
CVE-2016-4159 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 20, 11 before Update 9, and 2016 before Update 2 allows…
CVE-2017-11285 — CVSS 6.1 (medium): Adobe ColdFusion has a cross-site scripting (XSS) vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update…
CVE-2023-44352 — CVSS 6.1 (medium): Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS)…
CVE-2018-4940 — CVSS 6.1 (medium): Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting…
CVE-2016-1113 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows…
CVE-2022-28818 — CVSS 6.1 (medium): ColdFusion versions CF2021U3 (and earlier) and CF2018U13 are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an…
CVE-2018-4941 — CVSS 6.1 (medium): Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting…
CVE-2017-3008 — CVSS 6.1 (medium): Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a reflected…
CVE-2019-7092 — CVSS 6.1 (medium): ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a cross site scripting vulnerability…
CVE-2016-1115 — CVSS 5.9 (medium): Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 mishandles wildcards in name fields of X.509…
CVE-2009-1878 — CVSS 5.8 (medium): Session fixation vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2025-64897 — CVSS 5.6 (medium): ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Access Control vulnerability. A low privileged…
CVE-2025-30291 — CVSS 5.5 (medium): ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Information Exposure vulnerability that could result in a…
CVE-2024-34113 — CVSS 5.5 (medium): ColdFusion versions 2023u7, 2021u13 and earlier are affected by a Weak Cryptography for Passwords vulnerability that could result in a…
CVE-2021-21087 — CVSS 5.4 (medium): Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper…
CVE-2018-15962 — CVSS 5.3 (medium): Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a directory listing…
CVE-2011-0736 — CVSS 5.3 (medium): Adobe ColdFusion 9.0.1 CHF1 and earlier, when a web application is configured to use a DBMS, allows remote attackers to obtain potentially…
CVE-2023-38206 — CVSS 5.3 (medium): Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control…
CVE-2011-0737 — CVSS 5.3 (medium): Adobe ColdFusion 9.0.1 CHF1 and earlier allows remote attackers to obtain sensitive information via an id=- query to a .cfm file, which…
CVE-2018-15963 — CVSS 5.3 (medium): Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a security bypass…
CVE-2025-64898 — CVSS 5.3 (medium): ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could…
CVE-2025-49542 — CVSS 5.2 (medium): ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an…
CVE-2009-1876 — CVSS 5.0 (medium): Adobe ColdFusion 8.0.1 and earlier might allow attackers to obtain sensitive information via unspecified vectors, related to a…
CVE-2006-5858 — CVSS 5.0 (medium): Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft IIS, allows remote attackers to read arbitrary files, list…
CVE-2006-4724 — CVSS 5.0 (medium): Unspecified vulnerability in the ColdFusion Flash Remoting Gateway in Adobe ColdFusion MX 7 and 7.01 allows remote attackers to cause a…
CVE-2011-2091 — CVSS 5.0 (medium): Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 allows remote attackers to cause a denial of service via unknown…
CVE-2008-0644 — CVSS 5.0 (medium): Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism for…
CVE-2012-0770 — CVSS 5.0 (medium): Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 computes hash values for form parameters without restricting the ability to trigger hash…
CVE-2012-2048 — CVSS 5.0 (medium): Unspecified vulnerability in Adobe ColdFusion 10 and earlier allows attackers to cause a denial of service via unknown vectors.
CVE-2013-3336 — CVSS 5.0 (medium): Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors.
CVE-2013-3349 — CVSS 5.0 (medium): Unspecified vulnerability in Adobe ColdFusion 9.0 through 9.0.2, when the JRun application server is used, allows remote attackers to cause…
CVE-2011-0582 — CVSS 5.0 (medium): Unspecified vulnerability in the administrator console in Adobe ColdFusion 8.0 through 9.0.1 allows attackers to obtain sensitive…
CVE-2006-6482 — CVSS 5.0 (medium): Adobe ColdFusion MX7 allows remote attackers to obtain sensitive information via a URL request (1) for a non-existent (a) JWS, (b) CFM, (c)…
CVE-2010-0185 — CVSS 5.0 (medium): The default configuration of Adobe ColdFusion 9.0 does not restrict access to collections that have been created by the Solr Service, which…
CVE-2014-9166 — CVSS 5.0 (medium): Adobe ColdFusion 10 before Update 15 and 11 before Update 3 allows attackers to cause a denial of service (resource consumption) via…
CVE-2023-26361 — CVSS 4.9 (medium): Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Limitation of a Pathname…
CVE-2022-38423 — CVSS 4.9 (medium): Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a…
CVE-2026-47933 — CVSS 4.8 (medium): ColdFusion versions 2023.19, 2025.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a…
CVE-2006-4725 — CVSS 4.6 (medium): Adobe ColdFusion MX 7 and 7.01 allows local users to bypass security restrictions and call components (CFC) within a sandbox from CFML…
CVE-2006-3978 — CVSS 4.6 (medium): Unspecified vulnerability in a Verity third party library, as used on Adobe ColdFusion MX 7 through MX 7.0.2 and possibly other products…
CVE-2014-0572 — CVSS 4.6 (medium): Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows…
CVE-2025-49539 — CVSS 4.5 (medium): ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE')…
CVE-2012-5675 — CVSS 4.4 (medium): Adobe ColdFusion 9.0 through 9.0.2, and 10, allows local users to bypass intended shared-hosting sandbox permissions via unspecified…
CVE-2011-0581 — CVSS 4.3 (medium): Multiple CRLF injection vulnerabilities in Adobe ColdFusion 8.0 through 9.0.1 allow remote attackers to inject arbitrary HTTP headers and…
CVE-2015-8052 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 18 and 11 before Update 7 allows remote attackers to inject…
CVE-2009-3467 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in an unspecified method in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject…
CVE-2011-0583 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or…
CVE-2009-1877 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to inject arbitrary web script or…
CVE-2011-0584 — CVSS 4.3 (medium): Session fixation vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2006-5859 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows…
CVE-2011-0733 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or…
CVE-2011-0734 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or…
CVE-2011-0735 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or…
CVE-2015-5255 — CVSS 4.3 (medium): Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175…
CVE-2009-1875 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion 8.0.1 and earlier allow remote attackers to inject arbitrary web…
CVE-2009-1872 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject…