6.8
CVE-2024-39406 - Adobe Commerce | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWβ¦
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to gain accessβ¦
8.1
CVE-2024-39400 - DOM XSS through integrations can impact other admins
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an admin attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session. Exploitβ¦
4.3
CVE-2024-39404 - A user without Shop Policy Parameters section privilege can alter the shop policy parameters section
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exβ¦
4.3
CVE-2024-39415 - An unauthorized user can export the Tax Sales Report
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. β¦
4.3
CVE-2024-39405 - Adobe Commerce | Improper Authorization (CWE-285)
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exβ¦
6.4
CVE-2024-6532 - Sheet to Table Live Sync for Google Sheet <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Siteβ¦
The Sheet to Table Live Sync for Google Sheet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's STWT_Sheet_Table shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes β¦
5.8
CVE-2024-38483 -
Dell BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
8.8
CVE-2024-4389 - Slider & Popup Builder by Depicter β Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Moβ¦
The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadFile function in all versions up to, and including, 3.1.1. This makes it possible for authenticated attackers, with contributor access or higher, β¦
7.8
CVE-2024-41864 - Adobe Substance 3D Designer ICO Parsing Out-Of-Bounds Write Vulnerability
Substance3D - Designer versions 13.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
5.5
CVE-2024-41862 - Adobe Substance 3D Sampler Memory Corruption Out-of-Bounds-READ Vulnerability II, when parsing PSD β¦
Substance3D - Sampler versions 4.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victβ¦