CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24426 – Adobe Commerce | Improper Access Control (CWE-284)
https://notcve.org/view.php?id=CVE-2025-24426
11 Feb 2025 — Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vuln... • https://helpx.adobe.com/security/products/magento/apsb25-08.html • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24428 – Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)
https://notcve.org/view.php?id=CVE-2025-24428
11 Feb 2025 — Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Sc... • https://helpx.adobe.com/security/products/magento/apsb25-08.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24410 – Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)
https://notcve.org/view.php?id=CVE-2025-24410
11 Feb 2025 — Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. A... • https://helpx.adobe.com/security/products/magento/apsb25-08.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24408 – Adobe Commerce | Information Exposure (CWE-200)
https://notcve.org/view.php?id=CVE-2025-24408
11 Feb 2025 — Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Information Exposure vulnerability that could result in privilege escalation. A low-privileged attacker could gain unauthorized access to sensitive information. Exploitation of this issue does not require user interaction. Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Information Exposure vulnerability that could result in privilege escal... • https://helpx.adobe.com/security/products/magento/apsb25-08.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24435 – Adobe Commerce | Improper Access Control (CWE-284)
https://notcve.org/view.php?id=CVE-2025-24435
11 Feb 2025 — Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to modify limited fields. Exploitation of this issue does not require user interaction. Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper... • https://helpx.adobe.com/security/products/magento/apsb25-08.html • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21162 – Photoshop Elements | Creation of Temporary File in Directory with Incorrect Permissions (CWE-379)
https://notcve.org/view.php?id=CVE-2025-21162
11 Feb 2025 — Photoshop Elements versions 2025.0 and earlier are affected by a Creation of Temporary File in Directory with Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. • https://helpx.adobe.com/security/products/photoshop_elements/apsb25-13.html • CWE-379: Creation of Temporary File in Directory with Insecure Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21161 – Substance3D - Designer | Out-of-bounds Write (CWE-787)
https://notcve.org/view.php?id=CVE-2025-21161
11 Feb 2025 — Substance3D - Designer versions 14.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. • https://helpx.adobe.com/security/products/substance3d_designer/apsb25-12.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21160 – Illustrator | Integer Underflow (Wrap or Wraparound) (CWE-191)
https://notcve.org/view.php?id=CVE-2025-21160
11 Feb 2025 — Illustrator versions 29.1, 28.7.3 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. • https://helpx.adobe.com/security/products/illustrator/apsb25-11.html • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21163 – Illustrator | Stack-based Buffer Overflow (CWE-121)
https://notcve.org/view.php?id=CVE-2025-21163
11 Feb 2025 — Illustrator versions 29.1, 28.7.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. • https://helpx.adobe.com/security/products/illustrator/apsb25-11.html • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21159 – Illustrator | Use After Free (CWE-416)
https://notcve.org/view.php?id=CVE-2025-21159
11 Feb 2025 — Illustrator versions 29.1, 28.7.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. • https://helpx.adobe.com/security/products/illustrator/apsb25-11.html • CWE-416: Use After Free •