Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Adobe | Adobe Commerce | 0 ~ 2.4.9, 2.4.8-p5, 2.4.7-p10, 2.4.6-p15, 2.4.5-p17, 2.4.4-p18 | - | |
| Adobe | Adobe Commerce B2B | 0 ~ 1.5.3, 1.5.2-p5, 1.4.2-p10, 1.3.4-p17, 1.3.3-p18 | - | |
| Adobe | Magento Open Source | 0 ~ 2.4.9, 2.4.8-p5, 2.4.7-p10, 2.4.6-p15 | - | |
| Adobe | Adobe Commerce Webhooks Plugin | 0 ~ 1.20.0 | - |
| # | POC Description | Source Link | Shenlong Link |
|---|
No public POC found.
Login to generate AI POC| CVE-2026-48318 | 9.9 CRITICAL | ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' |
| CVE-2026-48284 | 9.6 CRITICAL | ColdFusion | Improper Input Validation (CWE-20) |
| CVE-2026-48322 | 9.6 CRITICAL | ColdFusion | Improper Control of Generation of Code ('Code Injection') (CWE-94) |
| CVE-2026-48356 | 9.6 CRITICAL | Adobe Commerce | Unrestricted Upload of File with Dangerous Type (CWE-434) |
| CVE-2026-48359 | 9.6 CRITICAL | Adobe Experience Manager | Improper Restriction of XML External Entity Reference ('XXE') ( |
| CVE-2026-48259 | 9.6 CRITICAL | Adobe Experience Manager | Server-Side Request Forgery (SSRF) (CWE-918) |
| CVE-2026-48334 | 9.3 CRITICAL | Illustrator | Improper Input Validation (CWE-20) |
| CVE-2026-48321 | 9.3 CRITICAL | ColdFusion | Incorrect Authorization (CWE-863) |
| CVE-2026-48325 | 9.3 CRITICAL | ColdFusion | Missing Authentication for Critical Function (CWE-306) |
| CVE-2026-48324 | 9.1 CRITICAL | ColdFusion | Improper Neutralization of Special Elements used in an SQL Command ('SQL Inje |
| CVE-2026-48319 | 9.1 CRITICAL | ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' |
| CVE-2026-48358 | 9.1 CRITICAL | Adobe Commerce | Improper Encoding or Escaping of Output (CWE-116) |
| CVE-2026-48327 | 9.0 CRITICAL | ColdFusion | Incorrect Authorization (CWE-863) |
| CVE-2026-47994 | 8.7 HIGH | Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2026-48310 | 8.6 HIGH | Adobe Experience Manager | Improper Limitation of a Pathname to a Restricted Directory ('P |
| CVE-2026-48350 | 8.6 HIGH | Animate | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') ( |
| CVE-2026-47988 | 8.6 HIGH | Adobe Commerce | Incorrect Authorization (CWE-863) |
| CVE-2026-48252 | 8.6 HIGH | Adobe Experience Manager | Missing Authentication for Critical Function (CWE-306) |
| CVE-2026-48275 | 8.6 HIGH | Illustrator | Untrusted Search Path (CWE-426) |
| CVE-2026-48320 | 8.5 HIGH | ColdFusion | Cross-site Scripting (Reflected XSS) (CWE-79) |
Showing top 20 of 88 CVEs. View all on vendor page → →
No comments yet