Lucene search
+L

13503 matches found

adobe
adobe
added 2 days ago11 views

APSB26-74 : Security update available for Adobe Experience Manager

Adobe has released updates for Adobe Experience Manager AEM. This update resolves vulnerabilities rated important. Successful exploitation of these vulnerabilities could result in arbitrary code execution, security feature bypass, arbitrary file system read, and privilege escalation...

6.2AI score
Exploits0Affected Software1
nuclei
nuclei
added 3 days ago325 views

Sitecore - Remote Code Execution

Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3. id: CVE-2023-35813 info: name: Sitecore - Remote Code Execution author: DhiyaneshDk,iamnoooob severity: critical description: | Multiple Sitecore...

9.8CVSS7.2AI score0.86685EPSS
Exploits7References5
nuclei
nuclei
added 3 days ago24 views

Sitecore Experience Platform - Deserialization of Untrusted Data

Sitecore Experience Platform before 8.2 Update-7 and 9.0 before Update-2 is vulnerable to a remote code execution vulnerability CVE-2019-9874. An attacker can exploit this issue to execute arbitrary code on the affected system via a crafted request to the...

9.8CVSS7.7AI score0.83857EPSS
Exploits1References2
nuclei
nuclei
added 3 days ago246 views

Sitecore Experience Platform <= 10.4 - Arbitrary File Read

An issue was discovered in Sitecore Experience Platform XP, Experience Manager XM, and Experience Commerce XC 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files. id: CVE-2024-46938 info: name: Sitecore Experience Platform = 10.4 - Arbitrary File...

7.5CVSS6.2AI score0.46077EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/07/08 9:32 p.m.6 views

CVE-2026-55877

Symfony UX is a JavaScript ecosystem for Symfony. From 2.17.0 before 2.36.1 and from 3.0.0 before 3.2.0, the uxicon Twig function is marked issafe='html' and Icon::toHtml inlines SVG source verbatim, allowing unsanitized local SVG files or Iconify on-demand JSON body responses containing nested...

6.1CVSS5.6AI score0.00194EPSS
Exploits0References5Affected Software1
osv
osv
added 2026/07/08 5:17 p.m.4 views

DRUPAL-CONTRIB-2026-075

This module enables you to use Single Directory Components in site building views, field formatters, blocks, layouts and it improves the Developer Experience DX with SDC. The module doesn't sufficiently sanitize the markup passed to components under certain scenarios. This vulnerability is...

5.4CVSS6AI score0.00274EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.19 views

PT-2026-56664

Name of the Vulnerable Software and Affected Versions Drupal UI Patterns SDC in Drupal UI versions 2.0.0 through 2.0.17 Description An issue exists where the module does not sufficiently sanitize markup passed to components in certain scenarios, leading to Stored Cross-site Scripting XSS...

6.1AI score0.00274EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/30 12:0 a.m.5 views

PT-2026-54113

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in CSS allows a remote attacker to perform Universal Cross-Site Scripting UXSS, which is a vulnerability that enables the execution of arbitrary scripts ...

9.8CVSS6.2AI score0.00413EPSS
Exploits0References449
friendsofphp
friendsofphp
added 2026/06/19 7:21 a.m.9 views

symfony/ux-icons XSS via unsanitized SVG content in local files and Iconify on-demand responses

Description The uxicon Twig function is marked issafe='html', so Twig never escapes its output. Icon::toHtml inlines the SVG source verbatim into the page. Browsers execute elements and on event-handler attributes found inside inline SVG, making any unsanitized icon a vector for cross-site...

6.1CVSS6AI score0.00194EPSS
Exploits0Affected Software1
bdu_fstec
bdu_fstec
added 2026/06/18 12:0 a.m.4 views

The vulnerability of Adobe Experience Manager’s content and media data management system, related to insufficient validation of input data, allows attackers to bypass existing security mechanisms.

The vulnerability of the Adobe Experience Manager content and media data management system is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to bypass existing security measures remotely...

4CVSS5.7AI score0.0041EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/06/10 9:4 p.m.12 views

CVE-2026-48289

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write...

3.5CVSS5.4AI score0.00299EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/10 9:4 p.m.12 views

CVE-2026-48288

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write...

3.5CVSS5.4AI score0.0041EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/10 9:4 p.m.11 views

CVE-2026-48301

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00224EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/10 9:4 p.m.10 views

CVE-2026-48304

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00224EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/10 9:4 p.m.11 views

CVE-2026-48300

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00224EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/10 9:3 p.m.9 views

CVE-2026-48297

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00224EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/10 9:3 p.m.12 views

CVE-2026-48280

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS5.5AI score0.00283EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/10 9:3 p.m.11 views

CVE-2026-48271

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS5.5AI score0.00283EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/10 9:3 p.m.11 views

CVE-2026-48299

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00224EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/10 9:3 p.m.11 views

CVE-2026-48265

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS5.5AI score0.00283EPSS
Exploits0References1
Rows per page
Query Builder