Show filters
55 Total Results
Displaying 51-55 of 55
Sort by:
Attacker Value
Unknown

CVE-2023-29288

Disclosure Date: June 13, 2023 (last updated September 17, 2024)
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacker could leverage this vulnerability to modify a minor functionality of another user's data. Exploitation of this issue does not require user interaction.
Attacker Value
Unknown

CVE-2021-24867

Disclosure Date: February 21, 2022 (last updated February 23, 2025)
Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to avoid any confusion
Attacker Value
Unknown

CVE-2021-37136

Disclosure Date: October 19, 2021 (last updated February 23, 2025)
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack
Attacker Value
Unknown

CVE-2021-21012

Disclosure Date: January 12, 2021 (last updated February 22, 2025)
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the checkout module. Successful exploitation could lead to sensitive information disclosure.
0
Attacker Value
Unknown

CVE-2020-27193

Disclosure Date: November 12, 2020 (last updated February 22, 2025)
A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs.