Vulnerabilities > Adobe > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-09-13 CVE-2024-41874 Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 2021/2023
ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user.
network
low complexity
adobe CWE-502
critical
9.8
2024-08-14 CVE-2024-39397 Unrestricted Upload of File with Dangerous Type vulnerability in Adobe Commerce
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution by an attacker.
network
high complexity
adobe CWE-434
critical
9.0
2024-06-13 CVE-2024-30299 Improper Authentication vulnerability in Adobe Framemaker Publishing Server 2020/2022
Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation.
network
low complexity
adobe CWE-287
critical
9.8
2024-06-13 CVE-2024-30300 Information Exposure vulnerability in Adobe Framemaker Publishing Server 2020/2022
Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier are affected by an Information Exposure vulnerability (CWE-200) that could lead to privilege escalation.
network
low complexity
adobe CWE-200
critical
9.8
2024-06-13 CVE-2024-34102 XXE vulnerability in Adobe Commerce and Magento
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution.
network
low complexity
adobe CWE-611
critical
9.8
2024-06-13 CVE-2024-34107 Improper Access Control vulnerability in Adobe Commerce and Magento
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.
network
low complexity
adobe CWE-284
critical
9.8
2024-06-13 CVE-2024-26029 Improper Access Control vulnerability in Adobe Experience Manager
Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.
network
low complexity
adobe CWE-284
critical
9.8
2024-02-15 CVE-2024-20719 Cross-site Scripting vulnerability in Adobe Commerce 2.4.4/2.4.5/2.4.6
Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page.
network
low complexity
adobe CWE-79
critical
9.1
2024-02-15 CVE-2024-20720 OS Command Injection vulnerability in Adobe Commerce 2.4.4/2.4.5/2.4.6
Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker.
network
low complexity
adobe CWE-78
critical
9.1
2024-02-15 CVE-2024-20738 Improper Authentication vulnerability in Adobe Framemaker Publishing Server 2020/2022
Adobe FrameMaker Publishing Server versions 2022.1 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass.
network
low complexity
adobe CWE-287
critical
9.8