304 matches found
APSB25-27 : Security update available for Adobe Experience Manager Forms
Adobe has released security updates for AEM Forms on JEE versions for a dependency on vulnerable Third-Party Component . This dependency update resolves an important vulnerability that could lead to path traversal and case sensitive match exception...
MAL-2025-2835 Malicious code in aem-generated-project (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in aem-headless-advanced-tutorial-wknd-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1fb0b752510b8d479c92185f2871183cd1bbd1ef4d7507d43ccd130c3fd24e1c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in aem-maven-archetype (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ccc92d5c4e3257cf07baae14d4ebf9e7b16276a8433cfff70bc323d41aad2f4a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2066 Malicious code in aem-maven-archetype (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ccc92d5c4e3257cf07baae14d4ebf9e7b16276a8433cfff70bc323d41aad2f4a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in aem-spa-page-model-manager (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f616d81322d87ec1a782a237c4b35c53512cc3e470b9fddd65db49c0c14d1425 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-270 Malicious code in aem-spa-component-mapping (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 96b1b3d4405a0ea27ac00cb9f96e4e70aa642f96018fa9b52508da4e98f1a6cc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in aem-react-editable-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6fdeb2ad3adadbbe85aa33bbaa3ed1728c9019c415d8c1e218db5f1f72661482 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in aem-angular-editable-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fca4a582054bbff21e69768e3b5934e358df88c79f61073e65cf4272a8510544 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-268 Malicious code in aem-angular-editable-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fca4a582054bbff21e69768e3b5934e358df88c79f61073e65cf4272a8510544 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-269 Malicious code in aem-react-editable-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6fdeb2ad3adadbbe85aa33bbaa3ed1728c9019c415d8c1e218db5f1f72661482 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in aem-guides-wknd-app (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=-...
Malicious code in aem-react-spa (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 54bb39f84add565409123e2afb033f2b001ab42f9fde0cdb31e4927d222e1419 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-12133 Malicious code in aem-react-spa (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 54bb39f84add565409123e2afb033f2b001ab42f9fde0cdb31e4927d222e1419 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in aem-core-react-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 95d42e3a74bd354e1f4c9ce919082af4d0f85a5bbb6cbd5f32eab262ba83cd6c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-41876 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)
Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browse...
CVE-2024-41839 Adobe Experience Manager | Improper Input Validation (CWE-20)
Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could lead to a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation ...
Malicious code in aem_deploy (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5da90a5b6e3d6918ba4e47751ceb886166fced30c053fbc96a1bedda3e899623 --- Credit: OpenSSF source...
MAL-2024-6526 Malicious code in aem_deploy (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5da90a5b6e3d6918ba4e47751ceb886166fced30c053fbc96a1bedda3e899623 --- Credit: OpenSSF source...
CVE-2024-36235 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires us...