CVE-2025-61810
- EPSS 8.15%
- Veröffentlicht 09.12.2025 23:41:09
- Zuletzt bearbeitet 12.12.2025 19:05:29
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. A high privileged attacker could exploit this...
CVE-2025-61809
- EPSS 0.59%
- Veröffentlicht 09.12.2025 23:41:08
- Zuletzt bearbeitet 12.12.2025 19:04:51
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain una...
CVE-2025-61822
- EPSS 0.67%
- Veröffentlicht 09.12.2025 23:41:07
- Zuletzt bearbeitet 12.12.2025 19:58:58
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could exploit this vulnerability to write malicious files to arbitrary loc...
CVE-2025-64897
- EPSS 0.11%
- Veröffentlicht 09.12.2025 23:41:07
- Zuletzt bearbeitet 12.12.2025 18:41:18
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Access Control vulnerability. A low privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized write access pote...
CVE-2025-61823
- EPSS 0.43%
- Veröffentlicht 09.12.2025 23:41:06
- Zuletzt bearbeitet 12.12.2025 18:42:12
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. A high privileged attacker could exploit this vulne...
CVE-2025-61811
- EPSS 1.07%
- Veröffentlicht 09.12.2025 23:41:05
- Zuletzt bearbeitet 16.12.2025 16:15:58
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. A high privileged attacker could leverage this vulnera...
- EPSS 19.93%
- Veröffentlicht 09.09.2025 16:58:42
- Zuletzt bearbeitet 03.10.2025 12:34:44
ColdFusion versions 2025.3, 2023.15, 2021.21 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary code execution by an attacker. The victim must have ...
CVE-2025-54234
- EPSS 0.72%
- Veröffentlicht 18.08.2025 16:43:51
- Zuletzt bearbeitet 06.11.2025 22:23:13
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to limited file system read. A high-privilege authenticated attacker can force the application to make arbitra...
CVE-2025-49542
- EPSS 1.09%
- Veröffentlicht 08.07.2025 20:49:41
- Zuletzt bearbeitet 11.07.2025 16:46:52
ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScr...
CVE-2025-49535
- EPSS 0.55%
- Veröffentlicht 08.07.2025 20:49:40
- Zuletzt bearbeitet 11.07.2025 16:46:44
ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in a Security feature bypass. An attacker could exploit this vulnerability to ac...