cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-53961,https://securityvulnerability.io/vulnerability/CVE-2024-53961,Path Traversal Vulnerability in ColdFusion by Adobe,"Adobe ColdFusion versions 2023.11, 2021.17, and earlier are affected by a vulnerability that allows attackers to bypass restrictions on directory access. This path traversal vulnerability could enable unauthorized users to read files from the file system, potentially compromising sensitive data and allowing manipulation of system information. It poses a significant risk, as attackers may exploit this weakness to navigate outside the limited directories defined by the application, thus accessing and disclosing confidential files.",Adobe,Coldfusion,7.4,HIGH,0.000910000002477318,false,,true,false,true,2024-12-23T00:00:00.000Z,,false,false,,2024-12-23T20:11:38.875Z,1754
CVE-2024-34102,https://securityvulnerability.io/vulnerability/CVE-2024-34102,Adobe Commerce Vulnerable to Arbitrary Code Execution via XML External Entity Reference,"The vulnerability identified as CVE-2024-34102 affects Adobe Commerce and Magento Open Source, posing a serious security threat. The vulnerability allows attackers to read sensitive files containing passwords and execute remote code, potentially gaining full control over the affected e-commerce platform. This can lead to widespread attacks, with an estimated 75% of e-commerce websites being at risk. The slow adoption of software updates has been attributed to the introduction of security features such as Content Security Policy and Subresource Integrity in the new software versions, which can interfere with the normal operation of checkout processes. There is a warning that attackers may exploit this vulnerability in conjunction with another vulnerability, CVE-2024-2961, to cause significant harm. Despite a patch being released, there is still a risk of attackers accessing administrator APIs in environments where the iconv vulnerability has been patched.",Adobe,Adobe Commerce,9.8,CRITICAL,0.12695999443531036,true,2024-07-17T00:00:00.000Z,true,true,true,2024-06-29T18:42:48.000Z,true,false,false,,2024-06-13T09:04:56.093Z,0
CVE-2024-20720,https://securityvulnerability.io/vulnerability/CVE-2024-20720,Adobe Commerce Vulnerable to OS Command Injection Attacks,"Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6, and earlier are susceptible to an OS Command Injection vulnerability. This issue arises from improper neutralization of special elements used in OS commands, enabling attackers to execute arbitrary code without requiring any user interaction. As a result, unauthorized access could be gained to sensitive data or administrative functionalities. It is crucial for users of affected versions to apply available security patches to mitigate risks associated with this vulnerability.",Adobe,Adobe Commerce,9.1,CRITICAL,0.0005000000237487257,false,,true,true,true,2024-04-05T20:41:18.000Z,true,true,false,,2024-02-15T13:39:37.766Z,3952
CVE-2024-20767,https://securityvulnerability.io/vulnerability/CVE-2024-20767,Adobe ColdFusion Vulnerable to Improper Access Control,"An improper access control vulnerability in Adobe ColdFusion versions 2023.6, 2021.12, and earlier allows attackers to perform arbitrary file system reads. This security flaw can be exploited without requiring user interaction, provided the admin panel is exposed to the internet. Attackers leveraging this vulnerability can access or modify restricted files, posing a significant risk to data integrity and confidentiality.",Adobe,Coldfusion,7.4,HIGH,0.9653300046920776,true,2024-12-16T00:00:00.000Z,true,true,true,2024-03-27T16:31:41.000Z,true,true,false,,2024-03-18T11:43:28.473Z,3978
CVE-2024-20719,https://securityvulnerability.io/vulnerability/CVE-2024-20719,Adobe Commerce Vulnerable to Stored XSS Attacks,"Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6, and earlier versions are impacted by a stored Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers with administrative privileges to inject malicious JavaScript into any admin page. When a victim accesses a compromised page, this injected script can run in their browser, posing serious security risks including the potential for unauthorized admin access and manipulation of site content. Organizations using affected versions are urged to apply the necessary patches to safeguard their systems against this vulnerability.",Adobe,Adobe Commerce,9.1,CRITICAL,0.0006099999882280827,false,,true,false,true,2024-02-22T10:22:12.000Z,,false,false,,2024-02-15T13:39:38.538Z,0