2025-04-09 | CVE-2025-3100 | The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.22 due to insufficient input sanitization and output escaping in tasks discussion. | 6.4 |
2025-04-08 | CVE-2025-27189 | Cross-Site Request Forgery (CSRF) vulnerability in Adobe Commerce B2B Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could be exploited to cause a denial-of-service condition. | 4.3 |
2025-04-08 | CVE-2025-27190 | Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. | 5.3 |
2025-04-08 | CVE-2025-27191 | Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. | 5.3 |
2025-04-08 | CVE-2025-27192 | Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. | 2.7 |
2025-04-08 | CVE-2025-24446 | Unspecified vulnerability in Adobe Coldfusion 2021/2023/2025 ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution. network low complexity adobe critical | 9.1 |
2025-04-08 | CVE-2025-24447 | Unspecified vulnerability in Adobe Coldfusion 2021/2023/2025 ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user resulting in a High impact to Confidentiality and Integrity. network low complexity adobe critical | 9.1 |
2025-04-08 | CVE-2025-30281 | ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. network low complexity CWE-284 critical | 9.1 |
2025-04-08 | CVE-2025-30282 | Unspecified vulnerability in Adobe Coldfusion 2021/2023/2025 ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in arbitrary code execution in the context of the current user. network low complexity adobe critical | 9.1 |
2025-04-08 | CVE-2025-30284 | Unspecified vulnerability in Adobe Coldfusion 2021/2023/2025 ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. network low complexity adobe | 8.4 |