Coldfusion 2023
This hub aggregates every CVE we track for Coldfusion 2023, a product in the consumer software space. Use it to gauge the current risk picture and drill into individual advisories.
13
CVEs tracked
8
Critical
3
High
0
In CISA KEV
Severity distribution
CRITICAL8HIGH3LOW1MEDIUM1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
13
2024-082026-07
Latest CVEs
The 13 most recently published vulnerabilities affecting Coldfusion 2023.
- CVE-2026-48320ColdFusion | Cross-site Scripting (Reflected XSS) (CWE-79)8.5
- CVE-2026-48324ColdFusion | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)9.1
- CVE-2026-48332ColdFusion | Server-Side Request Forgery (SSRF) (CWE-918)7.7
- CVE-2026-48318ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)9.9
- CVE-2026-48327ColdFusion | Incorrect Authorization (CWE-863)9.0
- CVE-2026-48338ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)6.8
- CVE-2026-48329ColdFusion | Insufficient Session Expiration (CWE-613)2.7
- CVE-2026-48319ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)9.1
- CVE-2026-48321ColdFusion | Incorrect Authorization (CWE-863)9.3
- CVE-2026-48284ColdFusion | Improper Input Validation (CWE-20)9.6
- CVE-2026-48322ColdFusion | Improper Control of Generation of Code ('Code Injection') (CWE-94)9.6
- CVE-2026-48328ColdFusion | Improper Input Validation (CWE-20)7.7
- CVE-2026-48325ColdFusion | Missing Authentication for Critical Function (CWE-306)9.3
Product normalization is registry-driven with AI assist and human review. How it works