Michele

**Name of the Vulnerable Software and Affected Versions** Adobe Commerce versions prior to 2.4.9-beta1 **Description** An improper authorization issue allows an attacker to bypass security features and obtain unauthorized write access. Exploitation requires user interaction, such as visiting a maliciously crafted URL or interacting with a compromised web page. **Recommendations** Update to a version newer than 2.4.9-beta1.

**Name of the Vulnerable Software and Affected Versions** Adobe Commerce versions prior to 2.4.9-beta1 **Description** An incorrect authorization issue allows an attacker to bypass security features and gain unauthorized write access. This exploitation does not require any user interaction. **Recommendations** Update to a version newer than 2.4.9-beta1.

**Name of the Vulnerable Software and Affected Versions** Adobe Commerce versions prior to 2.4.9-beta1 **Description** An uncontrolled resource consumption issue exists that could lead to an application denial-of-service. An attacker can exploit this to exhaust system resources, causing the application to become unavailable. This exploitation does not require user interaction. **Recommendations** Update to a version newer than 2.4.9-beta1.

**Name of the Vulnerable Software and Affected Versions** Adobe Commerce versions prior to 2.4.9-beta1 **Description** A dependency on a vulnerable third-party component could result in an application denial-of-service. An attacker could exploit this issue to crash the application without requiring any user interaction. **Recommendations** Update to a version newer than 2.4.9-beta1.

**Name of the Vulnerable Software and Affected Versions** Adobe Commerce versions prior to 2.4.9-beta1 **Description** A stored Cross-Site Scripting (XSS) issue allows a high-privileged attacker to inject malicious scripts into vulnerable form fields. These scripts execute in the browser of a victim who visits the page containing the affected field. **Recommendations** Update to a version newer than 2.4.9-beta1.

**Name of the Vulnerable Software and Affected Versions** Adobe Commerce versions prior to 2.4.9-beta1 **Description** A stored Cross-Site Scripting (XSS) issue allows a high-privileged attacker to inject malicious scripts into vulnerable form fields. These scripts execute in the browser of a victim who visits the page containing the affected field. **Recommendations** Update to a version newer than 2.4.9-beta1.

**Name of the Vulnerable Software and Affected Versions** Adobe Commerce versions 2.4.4-p16 through 2.4.9-alpha3 **Description** The software contains an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') condition. This could allow a high-privileged attacker to bypass security features and access unauthorized files or directories outside the intended restricted path. Exploitation of this issue does not require user interaction. **Recommendations** Adobe Commerce versions prior to 2.4.4-p16 should be updated.

**Name of the Vulnerable Software and Affected Versions** Adobe Commerce versions 2.4.4 through 2.4.9-alpha3 **Description** An Incorrect Authorization issue exists in Adobe Commerce that could lead to a Security feature bypass. A low-privileged attacker may be able to bypass security measures and gain limited unauthorized access to a feature. Exploitation of this issue does not require user interaction. **Recommendations** Update Adobe Commerce to a version later than 2.4.9-alpha3. Update Adobe Commerce to a version later than 2.4.8-p3. Update Adobe Commerce to a version later than 2.4.7-p8. Update Adobe Commerce to a version later than 2.4.6-p13. Update Adobe Commerce to a version later than 2.4.5-p15. Update Adobe Commerce to a version later than 2.4.4-p16.

**Name of the Vulnerable Software and Affected Versions** Adobe Commerce versions 2.4.4-p16 and earlier Adobe Commerce versions 2.4.5-p15 Adobe Commerce versions 2.4.6-p13 Adobe Commerce versions 2.4.7-p8 Adobe Commerce versions 2.4.8-p3 Adobe Commerce versions 2.4.9-alpha3 **Description** The software is susceptible to a stored Cross-Site Scripting (XSS) issue. A low-privileged attacker could inject malicious scripts into vulnerable form fields. Exploitation requires user interaction, specifically a victim browsing to a page containing the vulnerable field. **Recommendations** Update Adobe Commerce versions prior to 2.4.4-p16. Update Adobe Commerce versions prior to 2.4.5-p15. Update Adobe Commerce versions prior to 2.4.6-p13. Update Adobe Commerce versions prior to 2.4.7-p8. Update Adobe Commerce versions prior to 2.4.8-p3. Update Adobe Commerce versions prior to 2.4.9-alpha3.

**Name of the Vulnerable Software and Affected Versions** Adobe Commerce versions 2.4.4-p16 and earlier Adobe Commerce versions 2.4.5-p15 Adobe Commerce versions 2.4.6-p13 Adobe Commerce versions 2.4.7-p8 Adobe Commerce versions 2.4.8-p3 Adobe Commerce versions 2.4.9-alpha3 **Description** The software is affected by a Server-Side Request Forgery (SSRF) issue that could lead to a security feature bypass. A high-privileged attacker could exploit this to manipulate server-side requests and access unauthorized resources. Exploitation does not require user interaction. **Recommendations** Update Adobe Commerce to a version later than 2.4.4-p16. Update Adobe Commerce to a version later than 2.4.5-p15. Update Adobe Commerce to a version later than 2.4.6-p13. Update Adobe Commerce to a version later than 2.4.7-p8. Update Adobe Commerce to a version later than 2.4.8-p3. Update Adobe Commerce to a version later than 2.4.9-alpha3.

**Name of the Vulnerable Software and Affected Versions** Adobe Commerce versions 2.4.4 through 2.4.9-alpha3 **Description** Adobe Commerce is affected by an Incorrect Authorization issue that could lead to a Security feature bypass. A low-privileged attacker may be able to bypass security measures and gain limited unauthorized view access to data. Exploitation of this issue does not require user interaction. **Recommendations** Update Adobe Commerce to a version later than 2.4.9-alpha3. Update Adobe Commerce to a version later than 2.4.8-p3. Update Adobe Commerce to a version later than 2.4.7-p8. Update Adobe Commerce to a version later than 2.4.6-p13. Update Adobe Commerce to a version later than 2.4.5-p15. Update Adobe Commerce to a version later than 2.4.4-p16.

**Name of the Vulnerable Software and Affected Versions** UniFi Protect Application versions 6.1.79 and earlier **Description** A malicious actor with access to the adjacent network could cause the UniFi Protect Application discovery protocol to overflow, leading to a restart of the application. **Recommendations** Update your UniFi Protect Application to version 6.2.72 or later.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A flaw exists in the Linux kernel’s SCSI target iSCSI implementation within the `iscsit dec conn usage count()` function. The function calls `complete()` while holding the `conn->conn usage lock`. This can lead to a use-after-free condition if a waiter frees the `iscsit conn` structure before the current thread releases the spinlock. Specifically, the function attempts to release a lock within the already-freed connection structure, resulting in a kernel memory corruption issue. The vulnerable function is `iscsit dec conn usage count()`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.