Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2025-02-11 CVE-2025-24435 Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation.
network
low complexity
CWE-284
4.3
4.3
2025-02-11 CVE-2025-24436 Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation.
network
low complexity
CWE-284
4.3
4.3
2025-02-11 CVE-2025-24437 Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation.
network
low complexity
CWE-284
5.4
5.4
2025-02-11 CVE-2025-21124 InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
local
low complexity
CWE-125
5.5
5.5
2025-02-11 CVE-2025-21125 InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service.
local
low complexity
CWE-476
5.5
5.5
2025-02-11 CVE-2025-21126 InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service condition.
local
low complexity
CWE-20
5.5
5.5
2025-02-11 CVE-2024-13830 Cross-site Scripting vulnerability in Ivanti Connect Secure 22.7/7.1/7.4
Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges.
network
low complexity
ivanti CWE-79
6.1
6.1
2025-02-11 CVE-2024-13842 Use of Hard-coded Cryptographic Key vulnerability in Ivanti Connect Secure 22.7/7.1/7.4
A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.
local
low complexity
ivanti CWE-321
4.4
4.4
2025-02-11 CVE-2024-13843 Cleartext Storage of Sensitive Information vulnerability in Ivanti Connect Secure 22.7/7.1/7.4
Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.
local
low complexity
ivanti CWE-312
4.4
4.4
2025-02-11 CVE-2023-37482 The login functionality of the web server in affected devices does not normalize the response times of login attempts.
network
low complexity
CWE-203
5.3
5.3