{ "version": "https://jsonfeed.org/version/1", "title": "Adobe Digest", "icon": "https://avatars.micro.blog/avatars/2025/42/1836278.jpg", "home_page_url": "https://adobedigest.com/", "feed_url": "https://adobedigest.com/feed.json", "items": [ { "id": "http://adobedigest.micro.blog/2026/03/11/cve-high-cvss.html", "title": "CVE-2026-21361 (HIGH) CVSS 8.1", "content_html": "

๐ŸŸ  Severity: HIGH (CVSS 8.1)

\n

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vvulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victimโ€™s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field.

\n

Published: 2026-03-11

\n

References:

\n\n
\n

View Full CVE Details on NIST NVD โ†’

\n", "date_published": "2026-03-11T04:15:56-04:00", "url": "https://adobedigest.com/2026/03/11/cve-high-cvss.html" }, { "id": "http://adobedigest.micro.blog/2026/03/11/031555.html", "title": "CVE-2026-21309 (HIGH) CVSS 7.5", "content_html": "

๐ŸŸ  Severity: HIGH (CVSS 7.5)

\n

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized view access of data. Exploitation of this issue does not require user interaction.

\n

Published: 2026-03-11

\n

References:

\n\n
\n

View Full CVE Details on NIST NVD โ†’

\n", "date_published": "2026-03-11T04:15:55-04:00", "url": "https://adobedigest.com/2026/03/11/031555.html" }, { "id": "http://adobedigest.micro.blog/2026/03/11/ea88c3.html", "title": "CVE-2026-21310 (MEDIUM) CVSS 5.3", "content_html": "

๐ŸŸก Severity: MEDIUM (CVSS 5.3)

\n

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass, with limited impact to integrity. Exploitation of this issue does not require user interaction.

\n

Published: 2026-03-11

\n

References:

\n\n
\n

View Full CVE Details on NIST NVD โ†’

\n", "date_published": "2026-03-11T04:15:55-04:00", "url": "https://adobedigest.com/2026/03/11/ea88c3.html" }, { "id": "http://adobedigest.micro.blog/2026/03/11/0c1b98.html", "title": "CVE-2026-21311 (HIGH) CVSS 8.0", "content_html": "

๐ŸŸ  Severity: HIGH (CVSS 8.0)

\n

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victimโ€™s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field.

\n

Published: 2026-03-11

\n

References:

\n\n
\n

View Full CVE Details on NIST NVD โ†’

\n", "date_published": "2026-03-11T04:15:55-04:00", "url": "https://adobedigest.com/2026/03/11/0c1b98.html" }, { "id": "http://adobedigest.micro.blog/2026/03/11/6a3941.html", "title": "CVE-2026-21359 (MEDIUM) CVSS 4.7", "content_html": "

๐ŸŸก Severity: MEDIUM (CVSS 4.7)

\n

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and have limited impact to the integrity and availability of data. The exploit depends on conditions beyond the attacker’s control. Exploitation of this issue does not require user interaction.

\n

Published: 2026-03-11

\n

References:

\n\n
\n

View Full CVE Details on NIST NVD โ†’

\n", "date_published": "2026-03-11T04:15:55-04:00", "url": "https://adobedigest.com/2026/03/11/6a3941.html" }, { "id": "http://adobedigest.micro.blog/2026/03/11/f65542.html", "title": "CVE-2026-21360 (MEDIUM) CVSS 6.8", "content_html": "

๐ŸŸก Severity: MEDIUM (CVSS 6.8)

\n

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability that could result in a security feature bypass. A high-privileged attacker could leverage this vulnerability to access unauthorized files or directories outside the intended restricted path. Exploitation of this issue does not require user interaction.

\n

Published: 2026-03-11

\n

References:

\n\n
\n

View Full CVE Details on NIST NVD โ†’

\n", "date_published": "2026-03-11T04:15:55-04:00", "url": "https://adobedigest.com/2026/03/11/f65542.html" }, { "id": "http://adobedigest.micro.blog/2026/03/11/ee7a4f.html", "title": "CVE-2026-21292 (MEDIUM) CVSS 5.4", "content_html": "

๐ŸŸก Severity: MEDIUM (CVSS 5.4)

\n

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker attacker to inject malicious scripts into vulnerable form fields. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field.

\n

Published: 2026-03-11

\n

References:

\n\n
\n

View Full CVE Details on NIST NVD โ†’

\n", "date_published": "2026-03-11T04:15:54-04:00", "url": "https://adobedigest.com/2026/03/11/ee7a4f.html" }, { "id": "http://adobedigest.micro.blog/2026/03/11/031554.html", "title": "CVE-2026-21293 (MEDIUM) CVSS 5.5", "content_html": "

๐ŸŸก Severity: MEDIUM (CVSS 5.5)

\n

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass. A high-privileged attacker could exploit this vulnerability to manipulate server-side requests and access unauthorized resources. Exploitation of this issue does not require user interaction.

\n

Published: 2026-03-11

\n

References:

\n\n
\n

View Full CVE Details on NIST NVD โ†’

\n", "date_published": "2026-03-11T04:15:54-04:00", "url": "https://adobedigest.com/2026/03/11/031554.html" }, { "id": "http://adobedigest.micro.blog/2026/03/11/591792.html", "title": "CVE-2026-21296 (MEDIUM) CVSS 4.3", "content_html": "

๐ŸŸก Severity: MEDIUM (CVSS 4.3)

\n

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized view access of data. Exploitation of this issue does not require user interaction.

\n

Published: 2026-03-11

\n

References:

\n\n
\n

View Full CVE Details on NIST NVD โ†’

\n", "date_published": "2026-03-11T04:15:54-04:00", "url": "https://adobedigest.com/2026/03/11/591792.html" }, { "id": "http://adobedigest.micro.blog/2026/03/11/c097c7.html", "title": "CVE-2026-21297 (MEDIUM) CVSS 4.3", "content_html": "

๐ŸŸก Severity: MEDIUM (CVSS 4.3)

\n

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized access to a feature. Exploitation of this issue does not require user interaction.

\n

Published: 2026-03-11

\n

References:

\n\n
\n

View Full CVE Details on NIST NVD โ†’

\n", "date_published": "2026-03-11T04:15:54-04:00", "url": "https://adobedigest.com/2026/03/11/c097c7.html" }, { "id": "http://adobedigest.micro.blog/2026/03/11/f112e5.html", "title": "CVE-2026-27262 (MEDIUM) CVSS 5.4", "content_html": "

๐ŸŸก Severity: MEDIUM (CVSS 5.4)

\n

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victimโ€™s browser when they browse to the page containing the vulnerable field.

\n

Published: 2026-03-11

\n

References:

\n\n
\n

View Full CVE Details on NIST NVD โ†’

\n", "date_published": "2026-03-11T02:16:57-04:00", "url": "https://adobedigest.com/2026/03/11/f112e5.html" }, { "id": "http://adobedigest.micro.blog/2026/03/11/2ee892.html", "title": "CVE-2026-27263 (MEDIUM) CVSS 5.4", "content_html": "

๐ŸŸก Severity: MEDIUM (CVSS 5.4)

\n

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victimโ€™s browser when they browse to the page containing the vulnerable field.

\n

Published: 2026-03-11

\n

References:

\n\n
\n

View Full CVE Details on NIST NVD โ†’

\n", "date_published": "2026-03-11T02:16:57-04:00", "url": "https://adobedigest.com/2026/03/11/2ee892.html" }, { "id": "http://adobedigest.micro.blog/2026/03/11/011657.html", "title": "CVE-2026-27264 (MEDIUM) CVSS 5.4", "content_html": "

๐ŸŸก Severity: MEDIUM (CVSS 5.4)

\n

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victimโ€™s browser when they browse to the page containing the vulnerable field.

\n

Published: 2026-03-11

\n

References:

\n\n
\n

View Full CVE Details on NIST NVD โ†’

\n", "date_published": "2026-03-11T02:16:57-04:00", "url": "https://adobedigest.com/2026/03/11/011657.html" }, { "id": "http://adobedigest.micro.blog/2026/03/11/cve-medium-cvss.html", "title": "CVE-2026-27265 (MEDIUM) CVSS 5.4", "content_html": "

๐ŸŸก Severity: MEDIUM (CVSS 5.4)

\n

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victimโ€™s browser when they browse to the page containing the vulnerable field.

\n

Published: 2026-03-11

\n

References:

\n\n
\n

View Full CVE Details on NIST NVD โ†’

\n", "date_published": "2026-03-11T02:16:57-04:00", "url": "https://adobedigest.com/2026/03/11/cve-medium-cvss.html" }, { "id": "http://adobedigest.micro.blog/2026/03/11/48dd01.html", "title": "CVE-2026-27266 (MEDIUM) CVSS 5.4", "content_html": "

๐ŸŸก Severity: MEDIUM (CVSS 5.4)

\n

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victimโ€™s browser when they browse to the page containing the vulnerable field.

\n

Published: 2026-03-11

\n

References:

\n\n
\n

View Full CVE Details on NIST NVD โ†’

\n", "date_published": "2026-03-11T02:16:57-04:00", "url": "https://adobedigest.com/2026/03/11/48dd01.html" }, { "id": "http://adobedigest.micro.blog/2026/03/10/000000.html", "title": "APSB26-05 - APSB26-05: Security update available for Adobe Commerce Security Update", "content_html": "

Bulletin Information

\n\n

Affected Versions

\n\n

Vulnerability Details

\n

Total Vulnerabilities: 19

\n

Severity Breakdown:

\n\n

Key Vulnerabilities:

\n

1. CVE-2026-21361

\n\n

2. CVE-2026-21284

\n\n

3. CVE-2026-21289

\n\n

…and 16 more vulnerabilities

\n

CVE Identifiers

\n

CVE-2026-21285, CVE-2026-21310, CVE-2026-21311, CVE-2026-21286, CVE-2026-21294, CVE-2026-21292, CVE-2026-21293, CVE-2026-21289, CVE-2026-21360, CVE-2026-21282, CVE-2026-21291, CVE-2026-21309, CVE-2026-21290, CVE-2026-21296, CVE-2026-21361, CVE-2026-21297, CVE-2026-21359, CVE-2026-21284, CVE-2026-21295

\n
\n

Read Full Bulletin on Adobe Security Portal โ†’

\n", "date_published": "2026-03-10T01:00:00-04:00", "url": "https://adobedigest.com/2026/03/10/000000.html" }, { "id": "http://adobedigest.micro.blog/2026/03/10/apsb-apsb-security-update-available.html", "title": "APSB26-24 - APSB26-24: Security update available for Adobe Experience Manager Security Update", "content_html": "

Bulletin Information

\n\n

Affected Versions

\n\n
\n

Read Full Bulletin on Adobe Security Portal โ†’

\n", "date_published": "2026-03-10T01:00:00-04:00", "url": "https://adobedigest.com/2026/03/10/apsb-apsb-security-update-available.html" }, { "id": "http://adobedigest.micro.blog/2026/02/20/digital-skimmer-hits-global-supermarket.html", "title": "Digital skimmer hits global supermarket chain", "content_html": "

The affected company, with about โ‚ฌ100 billion in annual revenue and over 10,000 stores across 25 countries, runs some of its ecommerce operations on the PrestaShop platform. As of publication, the …

\n
\n

Read Full Article on Sansec.io โ†’

\n", "date_published": "2026-02-20T01:00:00-04:00", "url": "https://adobedigest.com/2026/02/20/digital-skimmer-hits-global-supermarket.html" }, { "id": "http://adobedigest.micro.blog/2026/02/18/building-a-faster-yara-engine.html", "title": "Building a faster YARA engine in pure Go", "content_html": "

YARA is the industry standard for pattern matching in malware detection. Maintained by VirusTotal, it powers threat detection at nearly every security vendor. At Sansec, we rely on YARA for eComsca…

\n
\n

Read Full Article on Sansec.io โ†’

\n", "date_published": "2026-02-18T01:00:00-04:00", "url": "https://adobedigest.com/2026/02/18/building-a-faster-yara-engine.html" }, { "id": "http://adobedigest.micro.blog/2026/02/04/cve-medium-cvss.html", "title": "CVE-2026-25523 (MEDIUM) CVSS 5.3", "content_html": "

๐ŸŸก Severity: MEDIUM (CVSS 5.3)

\n

Magento-lts is a long-term support alternative to Magento Community Edition (CE). Prior to version 20.16.1, the admin url can be discovered without prior knowledge of it’s location by exploiting the X-Original-Url header on some configurations. This issue has been patched in version 20.16.1.

\n

Published: 2026-02-04

\n

References:

\n\n
\n

View Full CVE Details on NIST NVD โ†’

\n", "date_published": "2026-02-04T23:15:59-04:00", "url": "https://adobedigest.com/2026/02/04/cve-medium-cvss.html" }, { "id": "http://adobedigest.micro.blog/2026/01/22/claude-finds-zerodays-on-packagist.html", "title": "Claude finds 353 zero-days on Packagist", "content_html": "

Open source ecosystems have a long tail security problem. Python, Ruby, Javascript, PHP: these ecosystems have millions of packages. The top 100 packages get scrutinized. The next 5,000, not so muc…

\n
\n

Read Full Article on Sansec.io โ†’

\n", "date_published": "2026-01-22T00:00:00-05:00", "url": "https://adobedigest.com/2026/01/22/claude-finds-zerodays-on-packagist.html" }, { "id": "http://adobedigest.micro.blog/2026/01/16/the-billiondollar-securitytxt-problem.html", "title": "The billion-dollar security.txt problem", "content_html": "

Yesterday, Sansec discovered an active keylogger at an external site of one of America’s largest banks. The malware was harvesting private information from over 200,000 potential victims. We detect…

\n
\n

Read Full Article on Sansec.io โ†’

\n", "date_published": "2026-01-16T00:00:00-05:00", "url": "https://adobedigest.com/2026/01/16/the-billiondollar-securitytxt-problem.html" }, { "id": "http://adobedigest.micro.blog/2026/01/15/keylogger-targets-employees-at-major.html", "title": "Keylogger targets 200,000+ employees at major US bank", "content_html": "

Update Jan 15th: the malware appears to have been removed. It was live for about 18 hoursSansec detected a keylogger on the employee store of one of America’s largest banks. The site serves over 2…

\n
\n

Read Full Article on Sansec.io โ†’

\n", "date_published": "2026-01-15T00:00:00-05:00", "url": "https://adobedigest.com/2026/01/15/keylogger-targets-employees-at-major.html" }, { "id": "http://adobedigest.micro.blog/2026/01/12/connectpos-leaked-github-secrets-for.html", "title": "ConnectPOS leaked Github secrets for years", "content_html": "

Sansec researchers discovered that ConnectPOS, a popular Point of Sale solution, had been exposing a GitHub Personal Access Token (PAT) in their public installation instructions for over four years…

\n
\n

Read Full Article on Sansec.io โ†’

\n", "date_published": "2026-01-12T00:00:00-05:00", "url": "https://adobedigest.com/2026/01/12/connectpos-leaked-github-secrets-for.html" }, { "id": "http://adobedigest.micro.blog/2025/12/15/critical-backdoor-found-in-mgt.html", "title": "Critical backdoor found in MGT Varnish extension", "content_html": "

NameMgt_VarnishVulnerable1.0.10 and earlierFixed in1.1.0Sansec researchers discovered a critical vulnerability in the popular Varnish module for Magento. This module, develope…

\n
\n

Read Full Article on Sansec.io โ†’

\n", "date_published": "2025-12-15T00:00:00-05:00", "url": "https://adobedigest.com/2025/12/15/critical-backdoor-found-in-mgt.html" } ] }