Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
coldfusion vulnerabilities and exploits
(subscribe to this query)
4.9
CVSSv3
CVE-2022-38423
Adobe ColdFusion versions Update 14 (and previous versions) and Update 4 (and previous versions) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in information disclosure. Exploitation of ...
Adobe Coldfusion 2018
Adobe Coldfusion 2021
4.3
CVSSv3
CVE-2023-44355
Adobe ColdFusion versions 2023.5 (and previous versions) and 2021.11 (and previous versions) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to impact a minor ...
Adobe Coldfusion 2021
Adobe Coldfusion 2023
Adobe Coldfusion
NA
CVE-2015-5255
Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x prior to 3.0.0.354175, 3.1.x prior to 3.1.0.354180, 4.5.x prior to 4.5.1.354177, 4.6.2.x prior to 4.6.2.354178, and 4.7.x prior to 4.7.0.354178, allows remote malicio...
Hp Xp7 Command View Advanced Edition -
Hp Xp P9000 Command View Advanced Edition -
Adobe Coldfusion
Adobe Livecycle Data Services 4.6
Adobe Livecycle Data Services 4.7
Adobe Livecycle Data Services 3.0
Adobe Livecycle Data Services 4.5
NA
CVE-2015-8052
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 18 and 11 before Update 7 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-8053.
Adobe Coldfusion
NA
CVE-2015-8053
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 18 and 11 before Update 7 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-8052.
Adobe Coldfusion
NA
CVE-2015-3269
Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x prior to 3.0.0.354170, 4.5 prior to 4.5.1.354169, 4.6.2 prior to 4.6.2.354169, and 4.7 prior to 4.7.0.354169 and other products, allows remote malicious users to read arbitrary f...
Hp Business Service Management
Adobe Livecycle Data Services 3.0
Adobe Livecycle Data Services 4.5
Adobe Livecycle Data Services 4.6
Adobe Livecycle Data Services 4.7
3 Articles
NA
CVE-2015-0345
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 16 and 11 before Update 5 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Adobe Coldfusion
1 Github repository
NA
CVE-2014-9166
Adobe ColdFusion 10 before Update 15 and 11 before Update 3 allows malicious users to cause a denial of service (resource consumption) via unspecified vectors.
Adobe Coldfusion 10.0
Adobe Coldfusion 11.0
NA
CVE-2014-0570
Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows remote malicious users to hijack the authentication of unspecified victims via unknown vecto...
Adobe Coldfusion 9.0.1
Adobe Coldfusion 9.0
Adobe Coldfusion 10.0
Adobe Coldfusion 9.0.2
Adobe Coldfusion 11.0
NA
CVE-2014-0571
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Adobe Coldfusion 9.0
Adobe Coldfusion 9.0.2
Adobe Coldfusion 10.0
Adobe Coldfusion 11.0
Adobe Coldfusion 9.0.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »