15 matches found
CVE-2026-21310
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass, with limited impact to integrity. Exploitation of this issue does not require user...
CVE-2026-21291
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Exploitation of this...
PT-2026-24563
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass, with limited impact to integrity. Exploitation of this issue does not require user...
Incorrect Authorization
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Incorrect Authorization via incorrect authorization checks. An attacker can gain elevated privileges by sending specially crafted requests with low-privileged credentials...
CVE-2025-49559 Adobe Commerce | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in a security feature bypass. An attacker could leverage this...
Incorrect Authorization
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Incorrect Authorization. An attacker can gain limited unauthorized access by exploiting insufficient authorization checks with high privileges. Remediation Upgrade...
Incorrect Authorization
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Incorrect Authorization. An attacker can gain limited unauthorized access by tricking a user into interacting with a crafted request. Remediation Upgrade...
GHSA-8HCX-XVWW-6C6H Magento Security feature bypass
Magento versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized access...
Access Control Bypass
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Access Control Bypass via improper enforcement of access controls. An attacker can gain limited write access by bypassing security measures without requiring user...
CVE-2025-27207
Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized re...
Adobe Commerce 访问控制错误漏洞
Adobe Commerce is a leading global digital commerce solution for merchants and brands from Adobe USA. An access control error vulnerability exists in Adobe Commerce that stems from an improper access control issue that could result in elevation of privilege. The following versions are affected:...
Access Control Bypass
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Access Control Bypass in the authorization process. An attacker can gain limited unauthorized access by exploiting insufficient authorization checks with high privileges...
FreeBSD 11.x < 11.2-RELEASE-p13 / 11.x < 11.3-RELEASE-p2 / 12.x < 12.0-RELEASE-p9 MLDv2 Out-of-Bounds Memory Access DoS
The version of the FreeBSD kernel running on the remote host is 11.x prior to 11.2-RELEASE-p13, 11.x prior to 11.3-RELEASE-p2, or 12.x prior to 12.0-RELEASE-p9. It is, therefore, affected by an out-of-bounds memory access denial-of-service vulnerability in MLDv2. An unauthenticated attacker could...
CVE-2014-2504
EMC Documentum D2 3.1 before P20, 3.1 SP1 before P02, 4.0 before P10, 4.1 before P13, and 4.2 before P01 allows remote authenticated users to bypass intended access restrictions and execute arbitrary Documentum Query Language DQL queries by calling 1 a core method or 2 a D2FS web-service method...
phpMyAdmin < 2.6.0-p13 XSS
Binary data 2417.prm...