Coldfusion
This hub aggregates every CVE we track for Coldfusion, a product in the consumer software space. Use it to gauge the current risk picture and drill into individual advisories.
251
CVEs tracked
64
Critical
75
High
16
In CISA KEV
Severity distribution
MEDIUM101HIGH75CRITICAL64LOW11
Monthly trend
0
2
0
0
1
0
0
0
15
8
0
13
1
1
0
0
11
0
0
0
7
0
17
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Coldfusion.
- CVE-2026-48315ColdFusion | Improper Input Validation (CWE-20)9.3
- CVE-2026-48281ColdFusion | Improper Input Validation (CWE-20)10.0
- CVE-2026-48277ColdFusion | Improper Input Validation (CWE-20)10.0
- CVE-2026-48285ColdFusion | Server-Side Request Forgery (SSRF) (CWE-918)8.6
- CVE-2026-48313ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)9.3
- CVE-2026-48307ColdFusion | Cross-site Scripting (Reflected XSS) (CWE-79)8.8
- CVE-2026-48314ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)6.5
- CVE-2026-48276ColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434)10.0
- CVE-2026-48282ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)10.0
- CVE-2026-48283ColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434)10.0
- CVE-2026-47932ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)8.8
- CVE-2026-47929ColdFusion | Incorrect Authorization (CWE-863)8.4
- CVE-2026-47960ColdFusion | Improper Restriction of XML External Entity Reference ('XXE') (CWE-611)7.4
- CVE-2026-47928ColdFusion | Improper Input Validation (CWE-20)9.6
- CVE-2026-47931ColdFusion | Improper Input Validation (CWE-20)8.4
Product normalization is registry-driven with AI assist and human review. How it works