CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/05/12 9:31 p.m.•9 views

EUVD-2026-29766

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may...

4.8CVSS5.8AI score0.00021EPSS

EUVD•added 2026/05/12 9:31 p.m.•9 views

EUVD-2026-29757

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources,...

7.5CVSS5.8AI score0.00031EPSS

EUVD•added 2026/05/12 9:31 p.m.•7 views

EUVD-2026-29756

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain...

7.4CVSS5.8AI score0.00109EPSS

Snyk•added 2026/05/12 9:20 p.m.•6 views

Incorrect Authorization

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Incorrect Authorization in the authorization process. An attacker can gain unauthorized write access by bypassing security measures. Remediation Upgrade...

8.7CVSS5.8AI score0.00093EPSS

Snyk•added 2026/05/12 9:20 p.m.•6 views

Incorrect Authorization

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Incorrect Authorization via the authorization process. An attacker can gain unauthorized write access by bypassing security measures. Remediation Upgrade...

8.7CVSS5.8AI score0.00093EPSS

NVD•added 2026/05/12 8:16 p.m.•6 views

CVE-2026-34650

7.5CVSS0.0002EPSS

NVD•added 2026/05/12 8:16 p.m.•3 views

CVE-2026-34646

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain...

7.5CVSS0.00093EPSS

Vulnrichment•added 2026/05/12 7:50 p.m.•6 views

CVE-2026-34658 Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may...

4.8CVSS5.8AI score0.00021EPSS

ATTACKERKB•added 2026/05/12 7:50 p.m.•5 views

CVE-2026-34650

7.5CVSS5.8AI score0.0002EPSS

Vulnrichment•added 2026/05/12 7:50 p.m.•8 views

CVE-2026-34650 Adobe Commerce | Uncontrolled Resource Consumption (CWE-400)

7.5CVSS5.8AI score0.0002EPSS

Cvelist•added 2026/05/12 7:50 p.m.•28 views

CVE-2026-34650 Adobe Commerce | Uncontrolled Resource Consumption (CWE-400)

7.5CVSS0.0002EPSS

Cvelist•added 2026/05/12 7:50 p.m.•27 views

CVE-2026-34685 Adobe Commerce | Improper Input Validation (CWE-20)

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier NEEDS REVIEW: impact mismatch — ticket says 'Arbitrary file system write', CIA triad derives 'Security Feature Bypass'. Verify CVSS vector before publishing. are affected by an Improper Input...

3.4CVSS0.00059EPSS

Vulnrichment•added 2026/05/12 7:50 p.m.•7 views

CVE-2026-34645 Adobe Commerce | Incorrect Authorization (CWE-863)

7.5CVSS5.8AI score0.00093EPSS

CVE•added 2026/05/12 7:50 p.m.•9 views

CVE-2026-34648

Adobe Commerce CVE-2026-34648 affects versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier with an Uncontrolled Resource Consumption flaw that can cause application denial-of-service by exhausting system resources. Exploitation requires no user interaction and is ...

7.5CVSS5.8AI score0.00031EPSS

CVE•added 2026/05/12 7:50 p.m.•9 views

CVE-2026-34649

CVE-2026-34649 affects Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier. The issue is an Uncontrolled Resource Consumption vulnerability that can cause an application denial-of-service by exhausting system resources. Exploitation does not requir...

7.5CVSS5.8AI score0.00058EPSS

ATTACKERKB•added 2026/05/12 7:50 p.m.•3 views

CVE-2026-34655

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may...

4.8CVSS5.8AI score0.00021EPSS

CVE•added 2026/05/12 7:50 p.m.•7 views

CVE-2026-34651

Adobe Commerce is affected by CVE-2026-34651 across versions 2.4.4-p17 and earlier up to 2.4.9-beta1, with an Uncontrolled Resource Consumption issue that can cause application denial-of-service. The vulnerability enables resource exhaustion without user interaction (attack vector: network; compl...

7.5CVSS5.8AI score0.00058EPSS

CVE•added 2026/05/12 7:50 p.m.•8 views

CVE-2026-34646

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could bypass security features and grant unauthorized write access. The CVSS v3.1 metrics indicate a Network attack vector, no privile...

7.5CVSS5.8AI score0.00093EPSS