Lucene search
K

137 matches found

OSV
OSV
added 2024/08/14 11:57 a.m.12 views

CVE-2024-39406 Adobe Commerce | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to gain access...

6.8CVSS6.1AI score0.00872EPSS
Exploits0References3
Adobe
Adobe
added 2024/08/13 12:0 a.m.35 views

APSB24-61 : Security update available for Adobe Commerce

Adobe has released a security update for Adobe Commerce and Magento Open Source. This update resolves critical, important and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution, arbitrary file system read, security feature bypass and privilege escalation...

8.2AI score
Exploits0Affected Software2
NVD
NVD
added 2024/07/31 1:15 p.m.38 views

CVE-2024-39379

Acrobat for Edge versions 126.0.2592.81 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that...

5.5CVSS0.003EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/07/23 12:0 a.m.7 views

The vulnerability of the Experimental Permission Model component in the Node.js software platform allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Experimental Permission Model component in the Node.js software platform is related to errors in permission handling when the --allow-fs-read flag is used. Exploiting this vulnerability can allow a perpetrator to gain unauthorized access to protected information...

2.9CVSS6.3AI score0.00458EPSS
Exploits0References9Affected Software2
NVD
NVD
added 2024/06/13 12:15 p.m.24 views

CVE-2024-34112

ColdFusion versions 2023u7, 2021u13 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could exploit this vulnerability to gain unauthorized access to sensitive files or data. Exploitation of this issue does not requir...

7.5CVSS0.237EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/13 11:27 a.m.28 views

CVE-2024-34112 ColdFusion CFDOCUMENT file retrieval / access control bypass

ColdFusion versions 2023u7, 2021u13 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could exploit this vulnerability to gain unauthorized access to sensitive files or data. Exploitation of this issue does not requir...

7.5CVSS0.237EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/06/13 12:0 a.m.21 views

Adobe ColdFusion < 2021.x < 2021u14 / 2023.x < 2023u8 Multiple Vulnerabilities (APSB24-41)

The version of Adobe ColdFusion installed on the remote Windows host is prior to 2021.x update 14 or 2023.x update 8. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB24-41 advisory. - Improper Access Control CWE-284 potentially leading to Arbitrary file system read...

7.5CVSS5.8AI score0.237EPSS
Exploits0References3
Adobe
Adobe
added 2024/06/11 12:0 a.m.86 views

APSB24-28 : Security update available for Adobe Experience Manager

Adobe has released updates for Adobe Experience Manager AEM. These updates resolve vulnerabilities rated critical, important and moderate. Successful exploitation of these vulnerabilities could result in arbitrary code execution, arbitrary file system read and security feature bypass...

10AI score
Exploits0Affected Software1
GithubExploit
GithubExploit
added 2024/03/26 6:51 a.m.559 views

Exploit for Improper Access Control in Adobe Coldfusion

CVE-2024-20767 CVE-2024-20767https://nvd.nist.gov/vuln...

7.4CVSS7.5AI score0.98514EPSS
Exploits7
CVE
CVE
added 2024/03/18 11:43 a.m.355 views

CVE-2024-20767

CVE-2024-20767 affects Adobe ColdFusion 2023 (Update 6 and earlier) and 2021 (Update 12 and earlier) due to an Improper Access Control weakness that allows an attacker to perform an arbitrary file system read when the admin panel is internet-exposed. Multiple sources confirm public exploitation a...

7.4CVSS7.6AI score0.98514EPSS
In wildExploits7References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/03/14 12:0 a.m.39 views

Adobe ColdFusion < 2021.x < 2021u13 / 2023.x < 2023u7 Vulnerability (APSB24-14)

The version of Adobe ColdFusion installed on the remote Windows host is prior to 2021.x update 13 or 2023.x update 7. It is, therefore, affected by a vulnerability as referenced in the APSB24-14 advisory. - Improper Access Control CWE-284 potentially leading to Arbitrary file system read...

7.4CVSS7.4AI score0.98514EPSS
Exploits7References2
OSV
OSV
added 2023/10/13 9:30 a.m.7 views

GHSA-9MX6-4GG4-85XJ Magento Open Source has Improper Input Validation Vulnerability

Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker. Exploitation of this issue do...

6.9CVSS4.9AI score0.00675EPSS
Exploits0References3
NVD
NVD
added 2023/10/13 7:15 a.m.24 views

CVE-2023-26367

Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker. Exploitation of this issue do...

4.9CVSS4.9AI score0.00675EPSS
Exploits0References1
NVD
NVD
added 2023/10/13 7:15 a.m.24 views

CVE-2023-26366

Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. A high-privileged authenticated attacker can force the application t...

6.8CVSS6.5AI score0.00639EPSS
Exploits0References1
Prion
Prion
added 2023/10/13 7:15 a.m.31 views

Input validation

Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker. Exploitation of this issue do...

3.3CVSS5.8AI score0.00675EPSS
Exploits0References1Affected Software2
OSV
OSV
added 2023/10/13 6:15 a.m.27 views

CVE-2023-26367 Error based file extraction via PHP filter chains during product bulk import logic

Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker. Exploitation of this issue do...

4.9CVSS6.7AI score0.00675EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/10/13 6:15 a.m.28 views

CVE-2023-26366 Validate Your Inputs | Server-Side Request Forgery (SSRF) (CWE-918)

Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. A high-privileged authenticated attacker can force the application t...

6.8CVSS6.7AI score0.00639EPSS
Exploits0References1
OSV
OSV
added 2023/10/13 6:15 a.m.21 views

CVE-2023-26366 Validate Your Inputs | Server-Side Request Forgery (SSRF) (CWE-918)

Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. A high-privileged authenticated attacker can force the application t...

6.8CVSS6.8AI score0.00639EPSS
Exploits0References3
Adobe
Adobe
added 2023/10/10 12:0 a.m.97 views

APSB23-50 : Security update available for Adobe Commerce

Adobe has released a security update for Adobe Commerce and Magento Open Source. This update resolves critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution, privilege escalation, arbitrary file system read, security feature bypass and application...

6.9AI score
Exploits0Affected Software2
NVD
NVD
added 2023/08/09 8:15 a.m.31 views

CVE-2023-38207

Adobe Commerce versions 2.4.6-p1 and earlier, 2.4.5-p3 and earlier and 2.4.4-p4 and earlier are affected by a XML Injection aka Blind XPath Injection vulnerability that could lead in minor arbitrary file system read. Exploitation of this issue does not require user interaction...

7.5CVSS7.6AI score0.00828EPSS
Exploits0References1
Rows per page
Query Builder