Vulnerabilities > Adobe > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-10 | CVE-2024-45115 | Unspecified vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. | 9.8 |
| 2024-09-13 | CVE-2024-41874 | Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 2021/2023 ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. | 9.8 |
| 2024-08-14 | CVE-2024-39397 | Unrestricted Upload of File with Dangerous Type vulnerability in Adobe Commerce Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution by an attacker. | 9.0 |
| 2024-06-13 | CVE-2024-30299 | Improper Authentication vulnerability in Adobe Framemaker Publishing Server 2020/2022 Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. | 9.8 |
| 2024-06-13 | CVE-2024-30300 | Information Exposure vulnerability in Adobe Framemaker Publishing Server 2020/2022 Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier are affected by an Information Exposure vulnerability (CWE-200) that could lead to privilege escalation. | 9.8 |
| 2024-06-13 | CVE-2024-34102 | XXE vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. | 9.8 |
| 2024-06-13 | CVE-2024-34107 | Improper Access Control vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. | 9.8 |
| 2024-06-13 | CVE-2024-26029 | Improper Access Control vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. | 9.8 |
| 2024-02-15 | CVE-2024-20719 | Cross-site Scripting vulnerability in Adobe Commerce 2.4.4/2.4.5/2.4.6 Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page. | 9.1 |
| 2024-02-15 | CVE-2024-20720 | OS Command Injection vulnerability in Adobe Commerce 2.4.4/2.4.5/2.4.6 Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. | 9.1 |