Total
188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1278 | 2 Adobe, Microsoft | 3 Coldfusion, Jrun, Internet Information Server | 2025-04-09 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root. | |||||
| CVE-2006-3978 | 1 Adobe | 1 Coldfusion | 2025-04-09 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in a Verity third party library, as used on Adobe ColdFusion MX 7 through MX 7.0.2 and possibly other products, allows local users to execute arbitrary code via unknown attack vectors. | |||||
| CVE-2006-6483 | 1 Adobe | 1 Coldfusion | 2025-04-09 | 2.6 LOW | N/A |
| Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML tags when protecting against cross-site scripting (XSS) attacks, which allows remote attackers to inject arbitrary web script or HTML via a NULL byte (%00) in certain HTML tags, as demonstrated using "%00script" in a tag. | |||||
| CVE-2008-0644 | 1 Adobe | 1 Coldfusion | 2025-04-09 | 5.0 MEDIUM | N/A |
| Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism for applications via unspecified vectors related to the setEncoding function. | |||||
| CVE-2008-4831 | 1 Adobe | 1 Coldfusion | 2025-04-09 | 7.2 HIGH | N/A |
| Unspecified vulnerability in Adobe ColdFusion 8 and 8.0.1 and ColdFusion MX 7.0.2 allows local users to bypass sandbox restrictions, and obtain sensitive information or possibly gain privileges, via unknown vectors. | |||||
| CVE-2007-5905 | 1 Adobe | 1 Coldfusion | 2025-04-09 | 6.8 MEDIUM | N/A |
| Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a session fixation vulnerability. | |||||
| CVE-2006-4726 | 1 Adobe | 1 Coldfusion | 2025-04-03 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 6.1 through 7.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a ColdFusion error page. | |||||
| CVE-2006-4724 | 1 Adobe | 1 Coldfusion | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the ColdFusion Flash Remoting Gateway in Adobe ColdFusion MX 7 and 7.01 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors involving a crafted command. | |||||
| CVE-2006-4725 | 1 Adobe | 1 Coldfusion | 2025-04-03 | 4.6 MEDIUM | N/A |
| Adobe ColdFusion MX 7 and 7.01 allows local users to bypass security restrictions and call components (CFC) within a sandbox from CFML templates that are located outside of the sandbox. | |||||
| CVE-2018-15961 | 1 Adobe | 1 Coldfusion | 2025-02-13 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2018-4939 | 1 Adobe | 1 Coldfusion | 2025-02-13 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2023-29298 | 1 Adobe | 1 Coldfusion | 2025-02-13 | N/A | 7.5 HIGH |
| Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction. | |||||
| CVE-2023-29300 | 1 Adobe | 1 Coldfusion | 2025-02-13 | N/A | 9.8 CRITICAL |
| Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. | |||||
| CVE-2023-26359 | 1 Adobe | 1 Coldfusion | 2025-02-13 | N/A | 9.8 CRITICAL |
| Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. | |||||
| CVE-2023-26360 | 1 Adobe | 1 Coldfusion | 2025-02-13 | N/A | 8.6 HIGH |
| Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. | |||||
| CVE-2023-38205 | 1 Adobe | 1 Coldfusion | 2025-01-23 | N/A | 7.5 HIGH |
| Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction. | |||||
| CVE-2023-38203 | 1 Adobe | 1 Coldfusion | 2025-01-23 | N/A | 9.8 CRITICAL |
| Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. | |||||
| CVE-2024-20767 | 1 Adobe | 1 Coldfusion | 2024-12-17 | N/A | 7.4 HIGH |
| ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify restricted files. Exploitation of this issue does not require user interaction. Exploitation of this issue requires the admin panel be exposed to the internet. | |||||
| CVE-2024-34112 | 1 Adobe | 1 Coldfusion | 2024-12-03 | N/A | 7.5 HIGH |
| ColdFusion versions 2023u7, 2021u13 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could exploit this vulnerability to gain unauthorized access to sensitive files or data. Exploitation of this issue does not require user interaction. | |||||
| CVE-2024-34113 | 1 Adobe | 1 Coldfusion | 2024-11-21 | N/A | 5.5 MEDIUM |
| ColdFusion versions 2023u7, 2021u13 and earlier are affected by a Weak Cryptography for Passwords vulnerability that could result in a security feature bypass. This vulnerability arises due to the use of insufficiently strong cryptographic algorithms or flawed implementation that compromises the confidentiality of password data. An attacker could exploit this weakness to decrypt or guess passwords, potentially gaining unauthorized access to protected resources. Exploitation of this issue does not require user interaction. | |||||