Medium - CVE-2025-49539 - ColdFusion versions 2025.2, 2023.14, 2021.20...
ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in a security...
Medium - CVE-2025-49540 - ColdFusion versions 2025.2, 2023.14, 2021.20...
ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious...
Medium - CVE-2025-49541 - ColdFusion versions 2025.2, 2023.14, 2021.20...
ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious...
Medium - CVE-2025-49542 - ColdFusion versions 2025.2, 2023.14, 2021.20...
ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a...
Medium - CVE-2025-49543 - ColdFusion versions 2025.2, 2023.14, 2021.20...
ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious...
Medium - CVE-2025-49544 - ColdFusion versions 2025.2, 2023.14, 2021.20...
ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in a Security...
Medium - CVE-2025-49545 - ColdFusion versions 2025.2, 2023.14, 2021.20...
ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privilege...
ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Access Control vulnerability that could lead to application denial-of-service. A high-privileged attacker could...
High - CVE-2025-49551 - ColdFusion versions 2025.2, 2023.14, 2021.20...
ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a Use of Hard-coded Credentials vulnerability that could result in privilege escalation. An attacker could leverage this...