Vulnerabilities > Adobe > Coldfusion > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-26 | CVE-2020-3768 | Untrusted Search Path vulnerability in Adobe Coldfusion 2016/2018 ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a dll search-order hijacking vulnerability. | 7.8 |
| 2020-03-25 | CVE-2020-3761 | Unspecified vulnerability in Adobe Coldfusion 2016/2018 ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote file read vulnerability. | 7.5 |
| 2019-09-27 | CVE-2019-8072 | Unspecified vulnerability in Adobe Coldfusion 2016/2018 ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security bypass vulnerability. | 7.5 |
| 2018-09-25 | CVE-2018-15964 | Information Exposure vulnerability in Adobe Coldfusion 11.0/2016/2018 Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. | 7.5 |
| 2018-09-25 | CVE-2018-15960 | Improper Input Validation vulnerability in Adobe Coldfusion 11.0/2016/2018 Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. | 7.5 |
| 2018-05-19 | CVE-2018-4942 | XXE vulnerability in Adobe Coldfusion 11.0/2016 Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Unsafe XML External Entity Processing vulnerability. | 7.5 |
| 2018-05-19 | CVE-2018-4938 | Uncontrolled Search Path Element vulnerability in Adobe Coldfusion 11.0/2016 Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Insecure Library Loading vulnerability. | 7.8 |
| 2017-12-01 | CVE-2017-11286 | XXE vulnerability in Adobe Coldfusion 11.0/2016 Adobe ColdFusion has an XML external entity (XXE) injection vulnerability. | 7.5 |
| 2016-09-01 | CVE-2016-4264 | XXE vulnerability in Adobe Coldfusion 10.0/11.0 The Office Open XML (OOXML) feature in Adobe ColdFusion 10 before Update 21 and 11 before Update 10 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via a crafted OOXML spreadsheet containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 8.6 |
| 2013-01-09 | CVE-2013-0631 | Unspecified vulnerability in Adobe Coldfusion 9.0/9.0.1/9.0.2 Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecified vectors, as exploited in the wild in January 2013. | 7.5 |