Adobe today released an out-of-band security update fixing two critical issues for Cold Fusion 2018 and 2016.
The two critical-rated issues are CVE-2019-8073 and CVE-2019-8074. The former allows arbitrary code execution if exploited and the latter leads to an access control bypass.
Adobe also patched an important-rated vulnerability, CVE-2019-8072, that could lead to information disclosure if not patched.
Adobe is not aware of any exploits in the wild at this time.