VYPR

Coldfusion

by Adobe Inc.

Source repositories

CVEs (222)

  • CVE-2023-38204Sep 14, 2023
    risk 0.06cvss epss 0.65

    Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.

  • CVE-2023-44350Nov 17, 2023
    risk 0.05cvss epss 0.65

    Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.

  • CVE-2019-7091May 24, 2019
    risk 0.05cvss epss 0.26

    ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2019-7840Jun 12, 2019
    risk 0.04cvss epss 0.17

    ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2019-7839Jun 12, 2019
    risk 0.04cvss epss 0.44

    ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2009-1872Aug 18, 2009
    risk 0.04cvss epss 0.16

    Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2)…

  • CVE-2007-0817Feb 7, 2007
    risk 0.04cvss epss 0.10

    Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web server allows remote attackers to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page.

  • CVE-2024-41874Sep 13, 2024
    risk 0.03cvss epss 0.30

    ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability by providing crafted input to the…

  • CVE-2023-44351Nov 17, 2023
    risk 0.03cvss epss 0.50

    Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.

  • CVE-2022-38421Oct 14, 2022
    risk 0.03cvss epss 0.79

    Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary code execution in the context of the current user.…

  • CVE-1999-0455Dec 25, 1999
    risk 0.03cvss epss 0.06

    The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server via exprcalc.cfm, which does not restrict access to the server properly.

  • CVE-2022-35711Oct 14, 2022
    risk 0.02cvss epss 0.73

    Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction,…

  • CVE-2022-35712Oct 14, 2022
    risk 0.02cvss epss 0.37

    Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction,…

  • CVE-2022-35710Oct 14, 2022
    risk 0.02cvss epss 0.43

    Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user…

  • CVE-2022-38418Oct 14, 2022
    risk 0.02cvss epss 0.80

    Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary code execution in the context of the current user.…

  • CVE-2020-3794Mar 25, 2020
    risk 0.02cvss epss 0.07

    ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file inclusion vulnerability. Successful exploitation could lead to arbitrary code execution of files located in the webroot or its subdirectory.

  • CVE-2019-7838Jun 12, 2019
    risk 0.02cvss epss 0.17

    ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a file extension blacklist bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2007-1278Mar 16, 2007
    risk 0.02cvss epss 0.26

    Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root.

  • CVE-2025-61810Dec 9, 2025
    risk 0.01cvss epss 0.08

    ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. A high privileged attacker could exploit this vulnerability by providing…

  • CVE-2025-43559May 13, 2025
    risk 0.01cvss epss 0.01

    ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security…

Page 4 of 12