Adobe

Coldfusion

208 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.7

CVE-2026-34619

Medienbericht
  • EPSS 0.08%
  • Veröffentlicht 14.04.2026 21:53:59
  • Zuletzt bearbeitet 16.04.2026 14:28:33

ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerabil...

2.4

CVE-2026-27308

  • EPSS 0.03%
  • Veröffentlicht 14.04.2026 21:53:58
  • Zuletzt bearbeitet 16.04.2026 14:40:42

ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. A high-privileged attacker could exploit this vulnerability and exhaust system resour...

7.5

CVE-2026-27282

Medienbericht
  • EPSS 0.57%
  • Veröffentlicht 14.04.2026 21:53:57
  • Zuletzt bearbeitet 16.04.2026 14:43:12

ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized...

8.6

CVE-2026-27305

Medienbericht
  • EPSS 0.19%
  • Veröffentlicht 14.04.2026 21:53:57
  • Zuletzt bearbeitet 16.04.2026 14:42:19

ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerabilit...

9.3

CVE-2026-27304

Medienbericht
  • EPSS 0.1%
  • Veröffentlicht 14.04.2026 21:53:55
  • Zuletzt bearbeitet 16.04.2026 14:42:47

ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.

8.4

CVE-2026-27306

Medienbericht
  • EPSS 0.14%
  • Veröffentlicht 14.04.2026 21:53:54
  • Zuletzt bearbeitet 16.04.2026 14:41:48

ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Attacker requires elevated privileges. Exploitation of this i...

2.4

CVE-2026-27307

  • EPSS 0.03%
  • Veröffentlicht 14.04.2026 21:53:53
  • Zuletzt bearbeitet 16.04.2026 14:41:24

ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. A high-privileged attacker could exploit this vulnerability and exhaust system resour...

9.1

CVE-2025-61808

Medienbericht
  • EPSS 0.64%
  • Veröffentlicht 09.12.2025 23:41:13
  • Zuletzt bearbeitet 12.12.2025 19:04:17

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could lead to arbitrary code execution by a high priviledged attacker. Exploitation of this issue does not ...

8.4

CVE-2025-61812

  • EPSS 0.04%
  • Veröffentlicht 09.12.2025 23:41:12
  • Zuletzt bearbeitet 12.12.2025 19:59:21

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could allow a high privileged attacker to gain arbitrary code execution. Exploitation of this issue does not require user interac...

8.6

CVE-2025-61813

  • EPSS 0.03%
  • Veröffentlicht 09.12.2025 23:41:12
  • Zuletzt bearbeitet 28.04.2026 03:16:01

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to acc...