CVE-2025-49546
- EPSS 0.05%
- Published 08.07.2025 20:49:33
- Last modified 15.07.2025 18:40:27
ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Access Control vulnerability that could lead to a partial application denial-of-service. A high-privileged attacker could exploit this vulnerability to partially dis...
CVE-2025-49544
- EPSS 0.14%
- Published 08.07.2025 20:49:32
- Last modified 11.07.2025 16:46:56
ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vul...
CVE-2025-49543
- EPSS 0.04%
- Published 08.07.2025 20:49:31
- Last modified 11.07.2025 16:46:54
ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScrip...
CVE-2025-49540
- EPSS 0.04%
- Published 08.07.2025 20:49:30
- Last modified 11.07.2025 16:46:49
ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScrip...
CVE-2025-49538
- EPSS 0.12%
- Published 08.07.2025 20:49:29
- Last modified 11.07.2025 17:45:04
ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an XML Injection vulnerability that could lead to arbitrary file system read. An attacker can exploit this issue by injecting crafted XML or XPath queries to access unauthorized...
CVE-2025-43565
- EPSS 0.77%
- Published 13.05.2025 20:49:31
- Last modified 19.05.2025 20:40:07
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Incorrect Authorization vulnerability that could lead to arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerabi...
CVE-2025-43559
- EPSS 2.32%
- Published 13.05.2025 20:49:30
- Last modified 15.07.2025 18:40:43
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulne...
CVE-2025-43562
- EPSS 1.22%
- Published 13.05.2025 20:49:29
- Last modified 19.05.2025 20:36:17
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could result in arbitrary code execution in the context of the c...
CVE-2025-43566
- EPSS 0.26%
- Published 13.05.2025 20:49:29
- Last modified 19.05.2025 20:40:31
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. A high-privileged attacker could l...
CVE-2025-43564
- EPSS 0.12%
- Published 13.05.2025 20:49:28
- Last modified 15.07.2025 18:40:34
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. A high-privileged attacker could leverage this vulnerability to access or modify sensit...