Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Snyk
Snykadded 2024/08/14 12:35 p.m.0 views

Access Control Bypass

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Access Control Bypass via improper authorization. An attacker can gain access to restricted information by bypassing security controls without requiring user interaction...

5.3CVSS6.5AI score0.0032EPSS
Exploits0References2
Github Security Blog
Github Security Blogadded 2024/08/14 12:35 p.m.16 views

Magento Open Source Cross-Site Request Forgery vulnerability

Magento Open Source versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery CSRF vulnerability that could allow an attacker to bypass security features and perform minor unauthorised actions on behalf of a user. The vulnerability could be exploited...

4.3CVSS7AI score0.00515EPSS
Exploits0References3Affected Software1
NVD
NVDadded 2024/08/14 12:15 p.m.21 views

CVE-2024-39403

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s...

7.6CVSS0.02812EPSS
Exploits0References1
CVE
CVEadded 2024/08/14 11:57 a.m.57 views

CVE-2024-39403

CVE-2024-39403 is a stored XSS vulnerability in Adobe Commerce/Magento Open Source (Magento) tied to the Webhook module public key configuration. Affected: Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. Impact per sources: attacker could inject malicious script into v...

7.6CVSS6.5AI score0.02812EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2024/08/14 11:57 a.m.17 views

CVE-2024-39408 Adobe Commerce | Cross-Site Request Forgery (CSRF) (CWE-352)

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery CSRF vulnerability that could allow an attacker to bypass security features and perform minor integrity changeson behalf of a user. The vulnerability could be exploited by...

4.3CVSS0.00515EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2024/08/13 12:0 a.m.2 views

PT-2024-6005 · Adobe · Commerce

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier Description: The issue is related to an Improper Neutralization of Special Elements used in an OS Command, also known as 'OS Command Injection', which could lead to...

9CVSS8.2AI score0.0264EPSS
Exploits0References11
Positive Technologies
Positive Technologiesadded 2024/08/13 12:0 a.m.3 views

PT-2024-6000 · Adobe · Commerce

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier Description: The issue is related to an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage...

4.3CVSS7AI score0.00306EPSS
Exploits0References8
Rows per page
Query Builder