Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-04-09 CVE-2025-3100 The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.22 due to insufficient input sanitization and output escaping in tasks discussion.
network
low complexity
CWE-79
6.4
2025-04-08 CVE-2025-27189 Cross-Site Request Forgery (CSRF) vulnerability in Adobe Commerce B2B
Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could be exploited to cause a denial-of-service condition.
network
low complexity
adobe CWE-352
4.3
2025-04-08 CVE-2025-27190 Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.
network
low complexity
CWE-284
5.3
2025-04-08 CVE-2025-27191 Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.
network
low complexity
CWE-284
5.3
2025-04-08 CVE-2025-27192 Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass.
network
low complexity
CWE-522
2.7
2025-04-08 CVE-2025-24446 Unspecified vulnerability in Adobe Coldfusion 2021/2023/2025
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution.
network
low complexity
adobe
critical
9.1
2025-04-08 CVE-2025-24447 Unspecified vulnerability in Adobe Coldfusion 2021/2023/2025
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user resulting in a High impact to Confidentiality and Integrity.
network
low complexity
adobe
critical
9.1
2025-04-08 CVE-2025-30281 ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read.
network
low complexity
CWE-284
critical
9.1
2025-04-08 CVE-2025-30282 Unspecified vulnerability in Adobe Coldfusion 2021/2023/2025
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in arbitrary code execution in the context of the current user.
network
low complexity
adobe
critical
9.1
2025-04-08 CVE-2025-30284 Unspecified vulnerability in Adobe Coldfusion 2021/2023/2025
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user.
network
low complexity
adobe
8.4