|
312181
|
7.5 |
HIGH
Network
|
ruby-lang
|
rexml
|
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. The REXM…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2024-41123
|
2024-10-10 21:56 |
2024-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312182
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit …
|
-
|
CVE-2024-45123
|
2024-10-10 21:51 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312183
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged a…
|
CWE-284
Improper Access Control
|
CVE-2024-45122
|
2024-10-10 21:51 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312184
|
- |
|
-
|
-
|
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged a…
|
CWE-284
Improper Access Control
|
CVE-2024-45121
|
2024-10-10 21:51 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312185
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to a security feature byp…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2024-45120
|
2024-10-10 21:51 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312186
|
5.5 |
MEDIUM
Network
|
-
|
-
|
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-pri…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-45119
|
2024-10-10 21:51 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312187
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged a…
|
CWE-284
Improper Access Control
|
CVE-2024-45118
|
2024-10-10 21:51 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312188
|
7.6 |
HIGH
Network
|
-
|
-
|
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker…
|
CWE-20
Improper Input Validation
|
CVE-2024-45117
|
2024-10-10 21:51 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312189
|
8.1 |
HIGH
Network
|
-
|
-
|
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code. If an admin a…
|
CWE-79
Cross-site Scripting
|
CVE-2024-45116
|
2024-10-10 21:51 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312190
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could explo…
|
CWE-287
Improper Authentication
|
CVE-2024-45115
|
2024-10-10 21:51 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
