Vulnerabilities > Adobe > Coldfusion > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-04-08 | CVE-2025-30282 | Unspecified vulnerability in Adobe Coldfusion 2021/2023/2025 ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in arbitrary code execution in the context of the current user. | 9.1 |
| 2025-04-08 | CVE-2025-24447 | Unspecified vulnerability in Adobe Coldfusion 2021/2023/2025 ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user resulting in a High impact to Confidentiality and Integrity. | 9.1 |
| 2025-04-08 | CVE-2025-24446 | Unspecified vulnerability in Adobe Coldfusion 2021/2023/2025 ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution. | 9.1 |
| 2024-09-13 | CVE-2024-41874 | Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 2021/2023 ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. | 9.8 |
| 2023-07-12 | CVE-2023-29300 | Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 2018/2021/2023 Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. | 9.8 |
| 2023-03-23 | CVE-2023-26359 | Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 2018/2021 Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. | 9.8 |
| 2022-10-14 | CVE-2022-35690 | Out-of-bounds Write vulnerability in Adobe Coldfusion 2018/2021 Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 9.8 |
| 2020-03-25 | CVE-2020-3794 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Adobe Coldfusion 2016/2018 ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file inclusion vulnerability. | 9.8 |
| 2019-12-19 | CVE-2019-8256 | Incorrect Permission Assignment for Critical Resource vulnerability in Adobe Coldfusion 2018 ColdFusion versions Update 6 and earlier have an insecure inherited permissions of default installation directory vulnerability. | 9.8 |
| 2019-09-27 | CVE-2019-8073 | Command Injection vulnerability in Adobe Coldfusion 2016/2018 ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection via Vulnerable component vulnerability. | 9.8 |