Show filters
55 Total Results
Displaying 51-55 of 55
Sort by:
Attacker Value
Unknown
CVE-2023-29288
Disclosure Date: June 13, 2023 (last updated September 17, 2024)
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacker could leverage this vulnerability to modify a minor functionality of another user's data. Exploitation of this issue does not require user interaction.
0
Attacker Value
Unknown
CVE-2021-24867
Disclosure Date: February 21, 2022 (last updated February 23, 2025)
Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to avoid any confusion
0
Attacker Value
Unknown
CVE-2021-37136
Disclosure Date: October 19, 2021 (last updated February 23, 2025)
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack
0
Attacker Value
Unknown
CVE-2021-21012
Disclosure Date: January 12, 2021 (last updated February 22, 2025)
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the checkout module. Successful exploitation could lead to sensitive information disclosure.
0
Attacker Value
Unknown
CVE-2020-27193
Disclosure Date: November 12, 2020 (last updated February 22, 2025)
A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs.
0