Vulnerabilities > Adobe > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-06-13 CVE-2024-30299 Unspecified vulnerability in Adobe Framemaker Publishing Server 2020/2022
Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation.
network
low complexity
adobe
critical
9.8
2024-06-13 CVE-2024-30300 Unspecified vulnerability in Adobe Framemaker Publishing Server 2020/2022
Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier are affected by an Information Exposure vulnerability (CWE-200) that could lead to privilege escalation.
network
low complexity
adobe
critical
9.8
2024-06-13 CVE-2024-34107 Unspecified vulnerability in Adobe Commerce and Magento
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.
network
low complexity
adobe
critical
9.8
2024-06-13 CVE-2024-26029 Unspecified vulnerability in Adobe Experience Manager
Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.
network
low complexity
adobe
critical
9.8
2024-04-10 CVE-2024-20758 Unspecified vulnerability in Adobe Commerce and Magento
Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution on the underlying filesystem.
network
high complexity
adobe
critical
9.0
2024-02-15 CVE-2024-20719 Cross-site Scripting vulnerability in Adobe Commerce 2.4.4/2.4.5/2.4.6
Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page.
network
low complexity
adobe CWE-79
critical
9.1
2023-07-12 CVE-2023-29300 Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 2018/2021/2023
Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution.
network
low complexity
adobe CWE-502
critical
9.8
2023-04-06 CVE-2023-28500 Deserialization of Untrusted Data vulnerability in Adobe Livecycle ES4
A Java insecure deserialization vulnerability in Adobe LiveCycle ES4 version 11.0 and earlier allows unauthenticated remote attackers to gain operating system code execution by submitting specially crafted Java serialized objects to a specific URL.
network
low complexity
adobe CWE-502
critical
9.8
2023-03-23 CVE-2023-26359 Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 2018/2021
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user.
network
low complexity
adobe CWE-502
critical
9.8
2022-10-14 CVE-2022-35690 Out-of-bounds Write vulnerability in Adobe Coldfusion 2018/2021
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
network
low complexity
adobe CWE-787
critical
9.8