5.3
CVE-2025-27191 - Adobe Commerce | Improper Access Control (CWE-284)
Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. β¦
2.7
CVE-2025-27192 - Adobe Commerce | Insufficiently Protected Credentials (CWE-522)
Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to gain unauthorized access to prβ¦
4.3
CVE-2025-27188 - Adobe Commerce | Incorrect Authorization (CWE-863)
Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploiβ¦
4.3
CVE-2025-27189 - Adobe Commerce | Cross-Site Request Forgery (CSRF) (CWE-352)
Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could be exploited to cause a denial-of-service condition. An attacker could trick a logged-in user into submitting a forged request to thβ¦
9.1
CVE-2025-22871 - Request smuggling due to acceptance of invalid chunked data in net/http
The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.
8.7
CVE-2024-12556 - Kibana Prototype Pollution can lead to code injection
Prototype Pollution in Kibana can lead to code injection via unrestricted file upload combined with path traversal.
8.2
CVE-2025-30287 - ColdFusion | Improper Authentication (CWE-287)
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in arbitrary code execution in the context of the current user. A low privileged attacker with local access could leverage this vulnerability to bypass security protecβ¦
6.8
CVE-2025-30293 - ColdFusion | Improper Input Validation (CWE-20)
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security protections and gain unauthorized write access. Exploitβ¦
6.1
CVE-2025-30292 - ColdFusion | Cross-site Scripting (Reflected XSS) (CWE-79)
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's brβ¦
8.7
CVE-2025-30290 - ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to bypass security proteβ¦