137 matches found
CVE-2024-39406 Adobe Commerce | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to gain access...
APSB24-61 : Security update available for Adobe Commerce
Adobe has released a security update for Adobe Commerce and Magento Open Source. This update resolves critical, important and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution, arbitrary file system read, security feature bypass and privilege escalation...
CVE-2024-39379
Acrobat for Edge versions 126.0.2592.81 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that...
The vulnerability of the Experimental Permission Model component in the Node.js software platform allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Experimental Permission Model component in the Node.js software platform is related to errors in permission handling when the --allow-fs-read flag is used. Exploiting this vulnerability can allow a perpetrator to gain unauthorized access to protected information...
CVE-2024-34112
ColdFusion versions 2023u7, 2021u13 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could exploit this vulnerability to gain unauthorized access to sensitive files or data. Exploitation of this issue does not requir...
CVE-2024-34112 ColdFusion CFDOCUMENT file retrieval / access control bypass
ColdFusion versions 2023u7, 2021u13 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could exploit this vulnerability to gain unauthorized access to sensitive files or data. Exploitation of this issue does not requir...
Adobe ColdFusion < 2021.x < 2021u14 / 2023.x < 2023u8 Multiple Vulnerabilities (APSB24-41)
The version of Adobe ColdFusion installed on the remote Windows host is prior to 2021.x update 14 or 2023.x update 8. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB24-41 advisory. - Improper Access Control CWE-284 potentially leading to Arbitrary file system read...
APSB24-28 : Security update available for Adobe Experience Manager
Adobe has released updates for Adobe Experience Manager AEM. These updates resolve vulnerabilities rated critical, important and moderate. Successful exploitation of these vulnerabilities could result in arbitrary code execution, arbitrary file system read and security feature bypass...
Exploit for Improper Access Control in Adobe Coldfusion
CVE-2024-20767 CVE-2024-20767https://nvd.nist.gov/vuln...
CVE-2024-20767
CVE-2024-20767 affects Adobe ColdFusion 2023 (Update 6 and earlier) and 2021 (Update 12 and earlier) due to an Improper Access Control weakness that allows an attacker to perform an arbitrary file system read when the admin panel is internet-exposed. Multiple sources confirm public exploitation a...
Adobe ColdFusion < 2021.x < 2021u13 / 2023.x < 2023u7 Vulnerability (APSB24-14)
The version of Adobe ColdFusion installed on the remote Windows host is prior to 2021.x update 13 or 2023.x update 7. It is, therefore, affected by a vulnerability as referenced in the APSB24-14 advisory. - Improper Access Control CWE-284 potentially leading to Arbitrary file system read...
GHSA-9MX6-4GG4-85XJ Magento Open Source has Improper Input Validation Vulnerability
Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker. Exploitation of this issue do...
CVE-2023-26367
Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker. Exploitation of this issue do...
CVE-2023-26366
Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. A high-privileged authenticated attacker can force the application t...
Input validation
Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker. Exploitation of this issue do...
CVE-2023-26367 Error based file extraction via PHP filter chains during product bulk import logic
Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker. Exploitation of this issue do...
CVE-2023-26366 Validate Your Inputs | Server-Side Request Forgery (SSRF) (CWE-918)
Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. A high-privileged authenticated attacker can force the application t...
CVE-2023-26366 Validate Your Inputs | Server-Side Request Forgery (SSRF) (CWE-918)
Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. A high-privileged authenticated attacker can force the application t...
APSB23-50 : Security update available for Adobe Commerce
Adobe has released a security update for Adobe Commerce and Magento Open Source. This update resolves critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution, privilege escalation, arbitrary file system read, security feature bypass and application...
CVE-2023-38207
Adobe Commerce versions 2.4.6-p1 and earlier, 2.4.5-p3 and earlier and 2.4.4-p4 and earlier are affected by a XML Injection aka Blind XPath Injection vulnerability that could lead in minor arbitrary file system read. Exploitation of this issue does not require user interaction...