Vulnerabilities > Adobe > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-02-15 CVE-2024-20716 Resource Exhaustion vulnerability in Adobe Commerce 2.4.4/2.4.5/2.4.6
Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to an application denial-of-service.
network
low complexity
adobe CWE-400
4.9
2024-02-15 CVE-2024-20717 Cross-site Scripting vulnerability in Adobe Commerce 2.4.4/2.4.5/2.4.6
Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.
network
low complexity
adobe CWE-79
5.4
2024-02-15 CVE-2024-20718 Cross-Site Request Forgery (CSRF) vulnerability in Adobe Commerce 2.4.4/2.4.5/2.4.6
Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in a Security feature bypass.
network
low complexity
adobe CWE-352
6.5
2024-02-15 CVE-2024-20722 Out-of-bounds Read vulnerability in Adobe Substance 3D Painter
Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
local
low complexity
adobe CWE-125
5.5
2024-02-15 CVE-2024-20724 Out-of-bounds Read vulnerability in Adobe Substance 3D Painter
Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
local
low complexity
adobe CWE-125
5.5
2024-02-15 CVE-2024-20725 Out-of-bounds Read vulnerability in Adobe Substance 3D Painter
Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
local
low complexity
adobe CWE-125
5.5
2024-01-18 CVE-2023-51463 Cross-site Scripting vulnerability in Adobe Experience Manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.
network
low complexity
adobe CWE-79
5.4
2024-01-18 CVE-2023-51464 Cross-site Scripting vulnerability in Adobe Experience Manager
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.
network
low complexity
adobe CWE-79
5.4
2024-01-15 CVE-2024-20709 Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability.
local
low complexity
microsoft adobe
5.5
2024-01-15 CVE-2024-20721 Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability.
local
low complexity
microsoft adobe
5.5