Lucene search
K

23 matches found

Cvelist
Cvelist
added 2025/10/14 8:27 p.m.17 views

CVE-2025-54263 Adobe Commerce | Incorrect Authorization (CWE-863)

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-privileged attacker could leverage this vulnerability to bypass security measures and maintain unauthorized access. Exploitation of...

8.1CVSS0.00502EPSS
Exploits0References1
Snyk
Snyk
added 2025/09/04 2:52 p.m.5 views

Improper Input Validation

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Improper Input Validation. An attacker could cause the application to crash or become unresponsive by providing specially crafted input. Remediation Upgrade...

8.7CVSS6.8AI score0.00541EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.6 views

Malicious code in p12_front-end-with-react (npm)

The package p12front-end-with-react was found to contain malicious code...

7AI score
Exploits0
Snyk
Snyk
added 2025/08/12 3:22 p.m.3 views

Path Traversal

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Path Traversal resulting in a security feature bypass. An attacker could leverage this vulnerability to modify limited data. Remediation Upgrade magento/community-edition t...

6.9CVSS6.8AI score0.00632EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/12 3:4 p.m.1 views

Cross-Site Request Forgery (CSRF)

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Cross-Site Request Forgery CSRF. A high-privileged attacker could trick a victim into executing unintended actions on a web application where the victim is authenticated,...

8.2CVSS6.7AI score0.0085EPSS
Exploits0References2
OSV
OSV
added 2025/06/26 9:31 p.m.3 views

GHSA-8HCX-XVWW-6C6H Magento Security feature bypass

Magento versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized access...

4.3CVSS6.7AI score0.0031EPSS
Exploits0References3
OSV
OSV
added 2025/06/10 4:15 p.m.3 views

CVE-2025-27207

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized re...

6.5CVSS5.8AI score0.00442EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/10 12:0 a.m.9 views

Adobe Commerce 访问控制错误漏洞

Adobe Commerce is a leading global digital commerce solution for merchants and brands from Adobe USA. An access control error vulnerability exists in Adobe Commerce that stems from an improper access control issue that could result in elevation of privilege. The following versions are affected:...

8.1CVSS6.4AI score0.0048EPSS
Exploits0References2
Snyk
Snyk
added 2025/02/11 6:31 p.m.4 views

Improper Authorization

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Improper Authorization. An attacker can bypass security measures and gain unauthorized access by exploiting this vulnerability. Remediation Upgrade magento/community-editio...

9.3CVSS7AI score0.16505EPSS
Exploits0References2
Snyk
Snyk
added 2025/02/11 6:31 p.m.2 views

Access Control Bypass

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Access Control Bypass that could allow a privileged attacker to escalate privileges. Remediation Upgrade magento/community-edition to version 2.4.4-p12, 2.4.5-p11, 2.4.6-p9...

5.1CVSS6.9AI score0.00512EPSS
Exploits0References2
Snyk
Snyk
added 2025/02/11 6:31 p.m.2 views

Access Control Bypass

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Access Control Bypass that could enable a privileged attacker to escalate privileges. Remediation Upgrade magento/community-edition to version 2.4.4-p12, 2.4.5-p11, 2.4.6-p...

5.1CVSS6.9AI score0.00527EPSS
Exploits0References2
Snyk
Snyk
added 2025/02/11 6:31 p.m.2 views

Access Control Bypass

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Access Control Bypass that could allow a privileged attacker to escalate privileges. Remediation Upgrade magento/community-edition to version 2.4.4-p12, 2.4.5-p11, 2.4.6-p9...

5.4CVSS6.9AI score0.00433EPSS
Exploits0References2
Snyk
Snyk
added 2025/02/11 6:31 p.m.1 views

Access Control Bypass

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Access Control Bypass enabling bypass of a security feature. Remediation Upgrade magento/community-edition to version 2.4.4-p12, 2.4.5-p11, 2.4.6-p9, 2.4.7-p4, 2.4.8-beta2 ...

5.1CVSS6.9AI score0.00486EPSS
Exploits0References2
Snyk
Snyk
added 2025/02/11 6:31 p.m.2 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition enabling the bypass of a security feature. Remediation Upgrade magento/community-edition to version 2.4.4-p12, 2.4.5-p11,...

6.3CVSS6.9AI score0.00385EPSS
Exploits0References2
Snyk
Snyk
added 2025/02/11 6:31 p.m.1 views

Information Exposure

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Information Exposure which could allow a privileged attacker to escalate privileges. Remediation Upgrade magento/community-edition to version 2.4.4-p12, 2.4.5-p11, 2.4.6-p9...

7CVSS6.9AI score0.00977EPSS
Exploits0References2
Snyk
Snyk
added 2025/02/11 6:31 p.m.4 views

Incorrect Authorization

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Incorrect Authorization enabling the bypass of a security feature. Remediation Upgrade magento/community-edition to version 2.4.4-p12, 2.4.5-p11, 2.4.6-p9, 2.4.7-p4,...

5.1CVSS6.9AI score0.00527EPSS
Exploits0References2
Snyk
Snyk
added 2025/02/11 6:31 p.m.1 views

Access Control Bypass

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Access Control Bypass enabling bypass of a security feature. Remediation Upgrade magento/community-edition to version 2.4.4-p12, 2.4.5-p11, 2.4.6-p9, 2.4.7-p4, 2.4.8-beta2 ...

8.6CVSS6.9AI score0.00888EPSS
Exploits0References2
Snyk
Snyk
added 2025/02/11 6:31 p.m.1 views

Improper Authorization

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Improper Authorization enabling bypass of a security feature. Remediation Upgrade magento/community-edition to version 2.4.4-p12, 2.4.5-p11, 2.4.6-p9, 2.4.7-p4, 2.4.8-beta2...

8.2CVSS6.9AI score0.00654EPSS
Exploits0References2
Openbugbounty
Openbugbounty
added 2024/01/24 11:24 p.m.13 views

p12.nysed.gov Cross Site Scripting vulnerability OBB-3842852

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
GithubExploit
GithubExploit
added 2022/04/21 4:4 a.m.660 views

Exploit for Infinite Loop in Openssl

CVE-2022-0778 Description We refer to the concept of dra...

7.5CVSS8.3AI score0.70561EPSS
Exploits2
Rows per page
Query Builder