Coldfusion
This hub aggregates every CVE we track for Coldfusion, a product in the consumer software space. Use it to gauge the current risk picture and drill into individual advisories.
267
CVEs tracked
73
Critical
80
High
17
In CISA KEV
Severity distribution
MEDIUM102HIGH80CRITICAL73LOW12
Monthly trend
0
2
0
0
1
0
0
0
15
8
0
13
1
1
0
0
11
0
0
0
7
0
17
16
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Coldfusion.
- CVE-2026-48320ColdFusion | Cross-site Scripting (Reflected XSS) (CWE-79)8.5
- CVE-2026-48324ColdFusion | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)9.1
- CVE-2026-48332ColdFusion | Server-Side Request Forgery (SSRF) (CWE-918)7.7
- CVE-2026-48318ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)9.9
- CVE-2026-48327ColdFusion | Incorrect Authorization (CWE-863)9.0
- CVE-2026-48338ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)6.8
- CVE-2026-48329ColdFusion | Insufficient Session Expiration (CWE-613)2.7
- CVE-2026-48319ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)9.1
- CVE-2026-48321ColdFusion | Incorrect Authorization (CWE-863)9.3
- CVE-2026-48284ColdFusion | Improper Input Validation (CWE-20)9.6
- CVE-2026-48322ColdFusion | Improper Control of Generation of Code ('Code Injection') (CWE-94)9.6
- CVE-2026-48328ColdFusion | Improper Input Validation (CWE-20)7.7
- CVE-2026-48325ColdFusion | Missing Authentication for Critical Function (CWE-306)9.3
- CVE-2026-48363ColdFusion | Uncontrolled Search Path Element (CWE-427)8.2
- CVE-2026-48364ColdFusion | Uncontrolled Search Path Element (CWE-427)8.2
Product normalization is registry-driven with AI assist and human review. How it works