cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-20767,https://securityvulnerability.io/vulnerability/CVE-2024-20767,Adobe ColdFusion Vulnerable to Improper Access Control,"An improper access control vulnerability in Adobe ColdFusion versions 2023.6, 2021.12, and earlier allows attackers to perform arbitrary file system reads. This security flaw can be exploited without requiring user interaction, provided the admin panel is exposed to the internet. Attackers leveraging this vulnerability can access or modify restricted files, posing a significant risk to data integrity and confidentiality.",Adobe,Coldfusion,7.4,HIGH,0.9653300046920776,true,2024-12-16T00:00:00.000Z,true,true,true,2024-03-27T16:31:41.000Z,true,true,false,,2024-03-18T11:43:28.473Z,3978
CVE-2024-34102,https://securityvulnerability.io/vulnerability/CVE-2024-34102,Adobe Commerce Vulnerable to Arbitrary Code Execution via XML External Entity Reference,"The vulnerability identified as CVE-2024-34102 affects Adobe Commerce and Magento Open Source, posing a serious security threat. The vulnerability allows attackers to read sensitive files containing passwords and execute remote code, potentially gaining full control over the affected e-commerce platform. This can lead to widespread attacks, with an estimated 75% of e-commerce websites being at risk. The slow adoption of software updates has been attributed to the introduction of security features such as Content Security Policy and Subresource Integrity in the new software versions, which can interfere with the normal operation of checkout processes. There is a warning that attackers may exploit this vulnerability in conjunction with another vulnerability, CVE-2024-2961, to cause significant harm. Despite a patch being released, there is still a risk of attackers accessing administrator APIs in environments where the iconv vulnerability has been patched.",Adobe,Adobe Commerce,9.8,CRITICAL,0.12695999443531036,true,2024-07-17T00:00:00.000Z,true,true,true,2024-06-29T18:42:48.000Z,true,false,false,,2024-06-13T09:04:56.093Z,0
CVE-2024-39397,https://securityvulnerability.io/vulnerability/CVE-2024-39397,Adobe Commerce Unrestricted Upload Vulnerability Could Lead to Arbitrary Code Execution,"The vulnerability in Adobe Commerce relates to an unrestricted upload of files with dangerous types, allowing unauthorized actors to upload malicious files. This creates a significant risk as attackers can execute arbitrary code on the server hosting affected versions. The attack can be initiated without user interaction, although the complexity of the exploit is high. This vulnerability affects multiple versions of Adobe Commerce, highlighting the importance of prompt updates and security measures to protect against such exploits.",Adobe,Adobe Commerce,9,CRITICAL,0.04893000051379204,false,,false,false,false,,,false,false,,2024-08-14T11:57:14.067Z,0
CVE-2024-45136,https://securityvulnerability.io/vulnerability/CVE-2024-45136,Unrestricted File Upload Vulnerability in Adobe InCopy,"Adobe InCopy versions 19.4 and 18.5.3 and earlier are susceptible to an unrestricted file upload vulnerability that can lead to arbitrary code execution. This security flaw allows an attacker to upload a malicious file to the server, contingent upon user interaction. Successfully exploiting this vulnerability poses significant risks to data integrity and system safety, necessitating immediate attention from users and administrators to mitigate potential threats.",Adobe,Incopy,7.8,HIGH,0.023520000278949738,false,,false,false,false,,,false,false,,2024-10-09T15:15:00.000Z,0
CVE-2024-45137,https://securityvulnerability.io/vulnerability/CVE-2024-45137,Unrestricted File Upload Vulnerability in Adobe InDesign Desktop,"Adobe InDesign Desktop is affected by a vulnerability that allows an unrestricted upload of files with dangerous types, potentially leading to arbitrary code execution on the server where the application is running. Attackers can exploit this flaw by tricking users into uploading malicious files that, when executed, may run arbitrary code in the server's context. This exploit requires user interaction, heightening the importance of user awareness and security measures to mitigate potential risks. Users of affected versions are encouraged to follow security guidelines as outlined by Adobe to enhance their protection against such vulnerabilities.",Adobe,Indesign,7.8,HIGH,0.023520000278949738,false,,false,false,false,,,false,false,,2024-10-09T15:15:00.000Z,0
CVE-2024-47423,https://securityvulnerability.io/vulnerability/CVE-2024-47423,Unrestricted File Upload Vulnerability in Adobe Framemaker by Adobe,"The vulnerability in Adobe Framemaker allows an unrestricted upload of files with dangerous types, posing a significant security risk. Versions 2020.6, 2022.4 and earlier are susceptible to exploitation, as an attacker could upload a malicious file capable of executing arbitrary code on the system. Successful exploitation requires user interaction and can lead to unauthorized access to sensitive data or control over the affected system.",Adobe,Framemaker,7.8,HIGH,0.023520000278949738,false,,false,false,false,,,false,false,,2024-10-09T15:15:00.000Z,0