CVSS: 9.4EPSS: %CPEs: 1EXPL: 0CVE-2025-24447 – ColdFusion | Deserialization of Untrusted Data (CWE-502)
https://notcve.org/view.php?id=CVE-2025-24447
08 Apr 2025 — ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. • https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.1EPSS: %CPEs: 1EXPL: 0CVE-2025-30281 – ColdFusion | Improper Access Control (CWE-284)
https://notcve.org/view.php?id=CVE-2025-30281
08 Apr 2025 — ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitation of this issue does not require user interaction. • https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html • CWE-284: Improper Access Control •
CVSS: 6.2EPSS: %CPEs: 1EXPL: 0CVE-2025-30291 – ColdFusion | Information Exposure (CWE-200)
https://notcve.org/view.php?id=CVE-2025-30291
08 Apr 2025 — ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to gain access to sensitive information which could be used to further compromise the system or bypass security mechanisms. Exploitation of this issue does not require user interaction. • https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.0EPSS: %CPEs: 1EXPL: 0CVE-2025-30285 – ColdFusion | Deserialization of Untrusted Data (CWE-502)
https://notcve.org/view.php?id=CVE-2025-30285
08 Apr 2025 — ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. • https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.0EPSS: %CPEs: 1EXPL: 0CVE-2025-30286 – ColdFusion | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
https://notcve.org/view.php?id=CVE-2025-30286
08 Apr 2025 — ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does not require user interaction. • https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53961 – ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
https://notcve.org/view.php?id=CVE-2024-53961
23 Dec 2024 — ColdFusion versions 2023.11, 2021.17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access files or directories that are outside of the restricted directory set by the application. This could lead to the disclosure of sensitive information or the manipulation of system data. Las versiones 2023.11, 2021.17 y anteriores de ColdFusion se ven... • https://helpx.adobe.com/security/products/coldfusion/apsb24-107.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 13%CPEs: 1EXPL: 0CVE-2024-41874 – ColdFusion | Deserialization of Untrusted Data (CWE-502)
https://notcve.org/view.php?id=CVE-2024-41874
13 Sep 2024 — ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability by providing crafted input to the application, which when deserialized, leads to execution of malicious code. Exploitation of this issue does not require user interaction. Las versiones 2023.9, 2021.15 y anteriores de ColdFusion se ven afectadas por una vulnerabilidad de... • https://helpx.adobe.com/security/products/coldfusion/apsb24-71.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45113 – ColdFusion | Improper Authentication (CWE-287)
https://notcve.org/view.php?id=CVE-2024-45113
13 Sep 2024 — ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access and affect the integrity of the application. Exploitation of this issue does not require user interaction. Las versiones 2023.6, 2021.12 y anteriores de ColdFusion se ven afectadas por una vulnerabilidad de autenticación incorrecta que podría provocar una escalada de privilegios. Un atacant... • https://helpx.adobe.com/security/products/coldfusion/apsb24-14.html • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34112 – ColdFusion CFDOCUMENT file retrieval / access control bypass
https://notcve.org/view.php?id=CVE-2024-34112
13 Jun 2024 — ColdFusion versions 2023u7, 2021u13 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could exploit this vulnerability to gain unauthorized access to sensitive files or data. Exploitation of this issue does not require user interaction. Las versiones 2023u7, 2021u13 y anteriores de ColdFusion se ven afectadas por una vulnerabilidad de control de acceso inadecuado que podría provocar una lectura arbitraria del sistema de archivos... • https://helpx.adobe.com/security/products/coldfusion/apsb24-41.html • CWE-284: Improper Access Control •
CVSS: 8.2EPSS: 93%CPEs: 1EXPL: 5CVE-2024-20767 – Adobe ColdFusion Improper Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2024-20767
18 Mar 2024 — ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to sensitive files and perform arbitrary file system write. Exploitation of this issue does not require user interaction. Las versiones 2023.6, 2021.12 y anteriores de ColdFusion se ven afectadas por una vulnerabilidad de control de acceso inadecuado que po... • https://packetstorm.news/files/id/180607 • CWE-284: Improper Access Control •