Adobe Coldfusion
168 CVEs affecting Adobe Coldfusion. Latest disclosed: 2026-04-14. Critical: 32, High: 40.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-54261 | Critical | 10.0 | 2025-09-09 | ColdFusion versions 2025.3, 2023.15, 2021.21 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vuln… |
CVE-2024-41874 | Critical | 9.8 | 2024-09-13 | ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution… |
CVE-2023-44351 | Critical | 9.8 | 2023-11-17 | Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result i… |
CVE-2023-44353 | Critical | 9.8 | 2023-11-17 | Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result i… |
CVE-2023-44350 | Critical | 9.8 | 2023-11-17 | Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result i… |
CVE-2023-38204 | Critical | 9.8 | 2023-09-14 | Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by a Deserialization of Untrusted Data vulnerabilit… |
CVE-2023-38203 | Critical | 9.8 | 2023-07-20 | Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerabilit… |
CVE-2023-29300 | Critical | 9.8 | 2023-07-12 | Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by a Deserialization of Untrusted Data vul… |
CVE-2023-26359 | Critical | 9.8 | 2023-03-23 | Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that c… |
CVE-2022-35711 | Critical | 9.8 | 2022-10-14 | Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in ar… |
CVE-2022-35690 | Critical | 9.8 | 2022-10-14 | Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in a… |
CVE-2022-35712 | Critical | 9.8 | 2022-10-14 | Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in ar… |
CVE-2022-35710 | Critical | 9.8 | 2022-10-14 | Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in a… |
CVE-2022-38418 | Critical | 9.8 | 2022-10-14 | Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('P… |
CVE-2017-11284 | Critical | 9.8 | 2017-12-01 | Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier… |
CVE-2017-11283 | Critical | 9.8 | 2017-12-01 | Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier… |
CVE-2016-1114 | Critical | 9.8 | 2016-05-11 | Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote attackers to execute arbitrary commands via a crafted serializ… |
CVE-2026-27304 | Critical | 9.3 | 2026-04-14 | ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the… |
CVE-2025-49535 | Critical | 9.3 | 2025-07-08 | ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that co… |
CVE-2025-61808 | Critical | 9.1 | 2025-12-09 | ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could lead to ar… |