cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-24414,https://securityvulnerability.io/vulnerability/CVE-2025-24414,Stored XSS Vulnerability in Adobe Commerce Products,"Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are susceptible to a stored Cross-Site Scripting (XSS) vulnerability. This flaw allows low-privileged attackers to inject malicious scripts into form fields that remain persistent on the server. As a result, when victims visit the affected pages, they may execute arbitrary JavaScript within their browsers. This exploitation potentially leads to session takeover and threatens both confidentiality and integrity of user data.",Adobe,Adobe Commerce,8.7,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:37:55.122Z,0
CVE-2025-24434,https://securityvulnerability.io/vulnerability/CVE-2025-24434,Improper Authorization Flaw in Adobe Commerce Products,"Adobe Commerce versions are susceptible to an improper authorization vulnerability, allowing attackers to bypass security controls and escalate privileges without user interaction. This flaw could lead to unauthorized access and potential session takeover, posing risks to the confidentiality and integrity of sensitive data. Organizations using affected versions should prioritize patches and updates to mitigate the risk of exploitation.",Adobe,Adobe Commerce,9.1,CRITICAL,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:37:53.501Z,0
CVE-2025-24415,https://securityvulnerability.io/vulnerability/CVE-2025-24415,Stored Cross-Site Scripting Vulnerability in Adobe Commerce,"Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, and earlier are vulnerable to a stored Cross-Site Scripting (XSS) flaw. This security issue permits low-privileged attackers to inject harmful scripts into unprotected form fields, which may lead to the execution of malicious JavaScript in a user's browser. If exploited, this vulnerability allows an attacker to hijack user sessions, consequently jeopardizing sensitive data and undermining system integrity.",Adobe,Adobe Commerce,8.7,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:37:52.600Z,0
CVE-2025-24411,https://securityvulnerability.io/vulnerability/CVE-2025-24411,Improper Access Control in Adobe Commerce Products,"Adobe Commerce versions are susceptible to an improper access control vulnerability, allowing low-privileged attackers to exploit security feature bypasses without user interaction. This can lead to unauthorized access to sensitive areas of the application, highlighting the necessity for timely updates and security measures to safeguard user data.",Adobe,Adobe Commerce,8.1,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:37:51.772Z,0
CVE-2025-24416,https://securityvulnerability.io/vulnerability/CVE-2025-24416,Stored Cross-Site Scripting Vulnerability in Adobe Commerce,"Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, and earlier versions are susceptible to a stored Cross-Site Scripting (XSS) vulnerability. A low-privileged attacker can exploit this flaw by injecting malicious scripts into vulnerable form fields, which may then execute in a victim's browser when they access the affected page. This exploitation could lead to session takeover and compromise the confidentiality and integrity of user data.",Adobe,Adobe Commerce,8.7,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:37:50.979Z,0
CVE-2025-24413,https://securityvulnerability.io/vulnerability/CVE-2025-24413,Stored Cross-Site Scripting Vulnerability in Adobe Commerce Products,"Adobe Commerce is vulnerable to a stored Cross-Site Scripting (XSS) issue that allows low-privileged attackers to inject malicious scripts into form fields. When users interact with affected pages, these scripts may execute in the context of their browser, potentially leading to session hijacking and compromising user data. This underscores the importance of timely updates and best practices in web security.",Adobe,Adobe Commerce,8.7,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:37:49.367Z,0
CVE-2025-24407,https://securityvulnerability.io/vulnerability/CVE-2025-24407,Incorrect Authorization Vulnerability in Adobe Commerce,"The Incorrect Authorization vulnerability in Adobe Commerce allows attackers to bypass security features, leading to unauthorized actions without requiring user interaction. This flaw affects multiple versions, including the beta and patches of 2.4.7, and may expose sensitive functionalities, risking the integrity and confidentiality of user data. Organizations using affected versions should prioritize applying security updates.",Adobe,Adobe Commerce,7.1,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:37:43.703Z,0
CVE-2025-24438,https://securityvulnerability.io/vulnerability/CVE-2025-24438,Stored Cross-Site Scripting Vulnerability in Adobe Commerce by Adobe,"Adobe Commerce is susceptible to a stored Cross-Site Scripting (XSS) vulnerability that allows low-privileged attackers to inject harmful scripts into susceptible form fields. When users visit a page containing the compromised field, malicious JavaScript may execute in their browsers, leading to potential session hijacking and undermining the integrity and confidentiality of user data. This vulnerability emphasizes the necessity for prompt updates and robust security practices to protect against such exploits.",Adobe,Adobe Commerce,8.7,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:37:42.877Z,0
CVE-2025-24418,https://securityvulnerability.io/vulnerability/CVE-2025-24418,Improper Authorization Vulnerability in Adobe Commerce by Adobe,"Adobe Commerce is affected by an improper authorization vulnerability that may lead to privilege escalation. This issue allows a low-privileged attacker to bypass established security measures, thereby gaining unauthorized access to restricted functionalities. The exploitation of this vulnerability does not require any user interaction, making it a potential risk for organizations using the impacted versions.",Adobe,Adobe Commerce,8.1,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:37:41.236Z,0
CVE-2025-24406,https://securityvulnerability.io/vulnerability/CVE-2025-24406,Path Traversal Vulnerability in Adobe Commerce Products,"An improper limitation of a pathname to a restricted directory vulnerability exists in Adobe Commerce, allowing attackers to bypass security features. Malicious actors can exploit this flaw to alter files located outside the intended restricted directories without any user interaction. This vulnerability affects multiple versions of Adobe Commerce, highlighting the need for immediate assessment and remediation to protect sensitive data.",Adobe,Adobe Commerce,7.5,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:37:40.430Z,0
CVE-2025-24417,https://securityvulnerability.io/vulnerability/CVE-2025-24417,Stored Cross-Site Scripting Vulnerability in Adobe Commerce,"Adobe Commerce is susceptible to a stored Cross-Site Scripting (XSS) vulnerability that allows low-privileged attackers to inject malicious scripts into form fields. If exploited, this vulnerability can result in malicious JavaScript being executed in the browser of users who visit a page containing the compromised field. The implications include potential session hijacking, posing serious risks to the confidentiality and integrity of user data.",Adobe,Adobe Commerce,8.7,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:37:39.575Z,0
CVE-2025-24409,https://securityvulnerability.io/vulnerability/CVE-2025-24409,Improper Authorization Vulnerability in Adobe Commerce,"Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, and 2.4.4-p11, along with earlier versions, are susceptible to a vulnerability that enables attackers to bypass security measures due to improper authorization controls. This flaw could potentially allow unauthorized access, posing risks to both confidentiality and data integrity. Importantly, exploiting this vulnerability does not necessitate any user interaction, thereby increasing the threat profile for affected systems.",Adobe,Adobe Commerce,8.2,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:37:38.725Z,0
CVE-2025-24412,https://securityvulnerability.io/vulnerability/CVE-2025-24412,Stored Cross-Site Scripting Vulnerability in Adobe Commerce Product,"A stored Cross-Site Scripting vulnerability in Adobe Commerce allows attackers with low privileges to inject malicious scripts into vulnerable form fields. When users access pages containing these fields, the injected JavaScript executes in their browsers. This can potentially lead to session hijacking, compromising user confidentiality and integrity.",Adobe,Adobe Commerce,8.7,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:37:36.216Z,0
CVE-2025-24410,https://securityvulnerability.io/vulnerability/CVE-2025-24410,Stored Cross-Site Scripting Vulnerability in Adobe Commerce,"Adobe Commerce is affected by a stored Cross-Site Scripting vulnerability that allows low-privileged attackers to inject harmful scripts into vulnerable form fields. When users interact with these compromised fields, malicious JavaScript can execute in their browsers, potentially leading to session takeover. This vulnerability poses significant risks to user confidentiality and data integrity, emphasizing the need for prompt attention and resolution.",Adobe,Adobe Commerce,8.7,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:37:33.017Z,0
CVE-2025-21161,https://securityvulnerability.io/vulnerability/CVE-2025-21161,Out-of-Bounds Write Vulnerability in Substance3D Designer from Adobe,"Adobe Substance3D Designer versions 14.0.2 and earlier have a vulnerability that allows for out-of-bounds write operations, potentially leading to arbitrary code execution within the context of the current user. Exploiting this vulnerability requires user interaction, as a victim must open a specially crafted malicious file.",Adobe,Substance3d - Designer,7.8,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:31:44.620Z,0
CVE-2025-21160,https://securityvulnerability.io/vulnerability/CVE-2025-21160,Integer Underflow Vulnerability in Adobe Illustrator,"Adobe Illustrator versions 29.1, 28.7.3, and earlier are susceptible to an Integer Underflow vulnerability that could allow for arbitrary code execution by an attacker. To exploit this flaw, a victim must open a specially crafted malicious file, leading to potential unauthorized actions within the context of the user's session. Users are encouraged to remain vigilant and ensure they are using the latest software versions to mitigate this risk.",Adobe,Illustrator,7.8,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:27:41.155Z,0
CVE-2025-21163,https://securityvulnerability.io/vulnerability/CVE-2025-21163,Buffer Overflow Vulnerability in Adobe Illustrator Affects Multiple Versions,"Adobe Illustrator versions 29.1 and 28.7.3, along with earlier releases, are susceptible to a stack-based buffer overflow vulnerability. This issue allows for potential arbitrary code execution within the context of the current user, necessitating user interaction to exploit the flaw by opening a specially crafted malicious file.",Adobe,Illustrator,7.8,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:27:40.356Z,0
CVE-2025-21159,https://securityvulnerability.io/vulnerability/CVE-2025-21159,Use After Free Vulnerability in Adobe Illustrator,"Adobe Illustrator is impacted by a Use After Free vulnerability, affecting versions 29.1, 28.7.3 and earlier. This flaw could allow an attacker to execute arbitrary code within the context of the user when they open a specially crafted malicious file. User interaction is required for exploitation, emphasizing the need for vigilance when managing files from unknown sources.",Adobe,Illustrator,7.8,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:27:39.557Z,0
CVE-2025-21156,https://securityvulnerability.io/vulnerability/CVE-2025-21156,Integer Underflow Vulnerability in Adobe InCopy Software,"Adobe InCopy is susceptible to an Integer Underflow vulnerability that could allow arbitrary code execution in the context of the user. This issue arises from malicious files that require user interaction to exploit, specifically when a victim opens such a file. Affected versions include InCopy 20.0 and 19.5.1, along with prior releases. Users are advised to exercise caution and ensure they are using updated software to mitigate potential risks.",Adobe,Incopy,7.8,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:21:25.696Z,0
CVE-2025-21158,https://securityvulnerability.io/vulnerability/CVE-2025-21158,Integer Underflow Vulnerability in Adobe InDesign Desktop,"Adobe InDesign Desktop versions ID20.0, ID19.5.1, and earlier have a vulnerability associated with integer underflow. This flaw may permit malicious actors to execute arbitrary code in the context of the current user. The exploitation requires user interaction, whereby the victim must open a specially crafted file designed to trigger the vulnerability.",Adobe,Indesign Desktop,7.8,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:10:47.804Z,0
CVE-2025-21123,https://securityvulnerability.io/vulnerability/CVE-2025-21123,Heap-based Buffer Overflow in Adobe InDesign Desktop,"Adobe InDesign Desktop versions ID20.0 and ID19.5.1, along with earlier versions, are vulnerable to a heap-based buffer overflow. This critical vulnerability could enable an attacker to execute arbitrary code within the context of a user who interacts with a maliciously crafted file. Successful exploitation requires the victim to open such a file, thus highlighting the importance of user awareness and security practices to mitigate potential risks.",Adobe,Indesign Desktop,7.8,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:10:46.191Z,0
CVE-2025-21157,https://securityvulnerability.io/vulnerability/CVE-2025-21157,Out-of-Bounds Write Vulnerability in Adobe InDesign Desktop,"Adobe InDesign Desktop is susceptible to an out-of-bounds write vulnerability, which may allow an attacker to execute arbitrary code within the context of the user. The exploitation of this vulnerability necessitates user interaction; a victim must open a specially crafted file. Users are advised to be cautious and ensure they only open files from trusted sources.",Adobe,Indesign Desktop,7.8,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:10:45.344Z,0
CVE-2025-21121,https://securityvulnerability.io/vulnerability/CVE-2025-21121,Out-of-Bounds Write Vulnerability in Adobe InDesign Desktop,"An out-of-bounds write vulnerability in Adobe InDesign Desktop versions ID20.0 and ID19.5.1 and earlier can lead to arbitrary code execution if a malicious file is opened by the user. Successful exploitation requires user interaction, posing a risk particularly in environments where users are susceptible to opening unverified documents. This vulnerability underscores the importance of maintaining up-to-date software and exercising caution when handling files from unknown sources.",Adobe,Indesign Desktop,7.8,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:10:44.481Z,0
CVE-2025-21139,https://securityvulnerability.io/vulnerability/CVE-2025-21139,Heap-based Buffer Overflow in Substance3D Designer from Adobe,"Substance3D Designer, developed by Adobe, experiences a Heap-based Buffer Overflow vulnerability in versions 14.0 and earlier. This flaw potentially allows arbitrary code execution within the context of the logged-in user. To exploit this vulnerability, an attacker must induce a user to open a specially crafted malicious file, triggering the overflow and leading to unauthorized actions on the affected system.",Adobe,Substance 3d Designer,7.8,HIGH,0.0010300000431016088,false,,false,false,false,,false,false,false,,2025-01-14T20:15:00.000Z,0
CVE-2025-21137,https://securityvulnerability.io/vulnerability/CVE-2025-21137,Heap-based Buffer Overflow in Substance3D Designer by Adobe,"Substance3D Designer versions 14.0 and prior are vulnerable to a Heap-based Buffer Overflow, potentially allowing arbitrary code execution within the context of the user running the application. Successful exploitation requires the user to open a specially crafted file. This vulnerability highlights the importance of exercising caution when handling files from untrusted sources, as it could lead to unauthorized actions on the affected system.",Adobe,Substance 3d Designer,7.8,HIGH,0.0010300000431016088,false,,false,false,false,,false,false,false,,2025-01-14T20:15:00.000Z,0