Coldfusion
This hub aggregates every CVE we track for Coldfusion, a product in the consumer software space. Use it to gauge the current risk picture and drill into individual advisories.
241
CVEs tracked
57
Critical
73
High
16
In CISA KEV
Severity distribution
MEDIUM100HIGH73CRITICAL57LOW11
Monthly trend
0
0
2
0
0
1
0
0
0
15
8
0
13
1
1
0
0
11
0
0
0
7
0
7
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Coldfusion.
- CVE-2026-47929ColdFusion | Incorrect Authorization (CWE-863)8.4
- CVE-2026-47932ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)8.8
- CVE-2026-47960ColdFusion | Improper Restriction of XML External Entity Reference ('XXE') (CWE-611)7.4
- CVE-2026-47928ColdFusion | Improper Input Validation (CWE-20)9.6
- CVE-2026-47931ColdFusion | Improper Input Validation (CWE-20)8.4
- CVE-2026-47930ColdFusion | Improper Input Validation (CWE-20)8.1
- CVE-2026-47933ColdFusion | Cross-site Scripting (Stored XSS) (CWE-79)4.8
- CVE-2026-34619ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)7.7
- CVE-2026-27308ColdFusion | Uncontrolled Resource Consumption (CWE-400)2.4
- CVE-2026-27282ColdFusion | Improper Input Validation (CWE-20)7.5
- CVE-2026-27305ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)8.6
- CVE-2026-27304ColdFusion | Improper Input Validation (CWE-20)9.3
- CVE-2026-27306ColdFusion | Improper Input Validation (CWE-20)8.4
- CVE-2026-27307ColdFusion | Uncontrolled Resource Consumption (CWE-400)2.4
- CVE-2025-61808ColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434)9.1
Product normalization is registry-driven with AI assist and human review. How it works