What you observe is in fact the expected behaviour. By default, when a form is posted, all input form-fields of type 'hidden' are submitted.
My suggestions are as follows:
1) Use cfselect. It fits the situation you describe much better.
2) Give each submit field a name.
3) Avoid the duplication in posting qGetFacultyCV.faculty_id as a URL variable in the form's action and as a hidden form field. I would post it as just a hidden field. This has the advantage of being more secure.
4) It appears that addPub is a struct. If so, then replace ADDPUB.nextval with #ADDPUB.nextval# as the value of the form field.
5) Use cfqueryparam.
When you put it all together, the result will be somelike
<form name="sort_serialized" method="post" id="frm-sort">
<cfselect name="citation" query="qGetFacultyCV" display="full_citation" value="full_citation" />
<input type="text" name="added_id" value="#ADDPUB.nextval#" style="display:none">
<input type="submit" name="delete" id="deleteBtn" value="Delete Publication" OnClick="document.forms['sort_serialized'].action = 'delaction.cfm'">
<input type="submit" name="saveBtn" id="saveBtn" value="Save" style="display:none" OnClick="document.forms['sort_serialized'].action = 'addaction.cfm'" >
<input type="submit" name="editBtn" id="editBtn" value="Save" style="display:none" OnClick="document.forms['sort_serialized'].action = 'updateaction.cfm'">
<input type="submit" name="sortBtn" id="sortBtn" value="Save" style="display:none" OnClick="document.forms['sort_serialized'].action = 'update-sort.cfm'" >
<input type="hidden" name="faculty_id" id="faculty_id" value="#qGetFacultyCV.faculty_id#" />
</form>
and on the action page
<cfquery name="addpubnumber" datasource="db_cie">
INSERT INTO PUBLICATIONS (id, full_citation, faculty_id)
VALUES (<cfqueryparam cfsqltype="cf_sql_integer" value="#form.added_id#">,
<cfqueryparam cfsqltype="cf_sql_varchar" value="#form.citation#">,
<cfqueryparam cfsqltype="cf_sql_varchar" value="#form.faculty_id#">)
</cfquery>