Lucene search
K

231 matches found

OSV
OSV
added 2024/10/10 12:31 p.m.7 views

GHSA-C89G-GQ5R-2XW2 Magento Open Source stored Cross-Site Scripting (XSS) vulnerability

Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s...

4.8CVSS4.8AI score0.00438EPSS
Exploits0References3
OSV
OSV
added 2024/10/10 12:31 p.m.8 views

GHSA-46FM-X82M-5F74 Magento Open Source Improper Access Control vulnerability

Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact o...

5.3CVSS4.7AI score0.00536EPSS
Exploits0References3
OSV
OSV
added 2024/10/10 12:31 p.m.9 views

GHSA-2QHQ-FW98-H6WG Magento Open Source Improper Access Control vulnerability

Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact o...

5.3CVSS4.7AI score0.00521EPSS
Exploits0References3
OSV
OSV
added 2024/10/10 12:31 p.m.22 views

GHSA-3FR3-GCQH-3M2G Magento Open Source Improper Input Validation vulnerability

Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to read files from the system outside of the intended...

7.6CVSS7.6AI score0.00852EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/10/10 12:31 p.m.24 views

Magento Open Source Improper Access Control vulnerability

Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact o...

4.3CVSS6.6AI score0.00536EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/10/10 12:31 p.m.16 views

Magento Open Source reflected Cross-Site Scripting (XSS) vulnerability

Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the...

6.1CVSS5.7AI score0.00426EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/10/10 12:31 p.m.15 views

Magento Open Source Improper Access Control vulnerability

Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on...

4.3CVSS6.7AI score0.00521EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/10/10 12:31 p.m.17 views

Magento Open Source Improper Access Control vulnerability

Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have high impact on...

6.5CVSS6.6AI score0.00626EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/10/10 12:31 p.m.17 views

Magento Open Source Incorrect Authorization vulnerability

Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to have a low impact on integrity. Exploitation of...

4.3CVSS6.7AI score0.00521EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/10/10 12:31 p.m.19 views

Magento Open Source Improper Input Validation vulnerability

Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to read files from the system outside of the intended...

7.6CVSS6.7AI score0.00852EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/10/10 12:31 p.m.17 views

Magento Open Source Cross-Site Scripting (XSS) vulnerability

Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Cross-Site Scripting XSS vulnerability that could be exploited to execute arbitrary code. If an admin attacker can trick a user into clicking a specially crafted link or submitting a form, malicious...

8.1CVSS5.9AI score0.00916EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/10/10 12:31 p.m.11 views

GHSA-W3P2-PC3H-69WV Magento Open Source Improper Access Control vulnerability

Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity...

6.9CVSS5.5AI score0.00589EPSS
Exploits0References3
NVD
NVD
added 2024/10/10 10:15 a.m.26 views

CVE-2024-45117

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to read files from the system outside of the intended directorie...

7.6CVSS0.00852EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/10 9:58 a.m.44 views

CVE-2024-45127 Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser...

4.8CVSS0.00438EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/10 9:57 a.m.32 views

CVE-2024-45119 Adobe Commerce | Server-Side Request Forgery (SSRF) (CWE-918)

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection ...

4.9CVSS0.00761EPSS
Exploits0References1
OSV
OSV
added 2024/10/10 9:57 a.m.14 views

CVE-2024-45120 Adobe Commerce | Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Time-of-check Time-of-use TOCTOU Race Condition vulnerability that could lead to a security feature bypass. An attacker could exploit this vulnerability to alter a condition between the check and the use...

3.1CVSS6AI score0.00361EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/10/08 12:0 a.m.3 views

PT-2024-6961 · Adobe · Commerce +1

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7-p2 through 2.4.4-p10 and earlier Magento Open Source versions 2.4.7-p2 through 2.4.4-p10 and earlier Description: The issue is related to an Improper Authorization vulnerability that could result in a Security...

5.5CVSS7.1AI score0.00568EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2024/10/08 12:0 a.m.3 views

PT-2024-6960 · Adobe · Commerce +1

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier Description: The issue is related to insufficient access control in Adobe Commerce,...

6.9CVSS7.3AI score0.00589EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2024/10/08 12:0 a.m.2 views

PT-2024-6962 · Adobe · Commerce +1

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier Description: The issue is related to an Improper Access Control vulnerability that...

7.1CVSS6.9AI score0.00626EPSS
Exploits0References12
NVD
NVD
added 2024/10/02 9:15 p.m.26 views

CVE-2024-24117

Insecure Permissions vulnerability in Ruijie RG-NBS2009G-P RGOS v.10.41P2 Release 9736 allows a remote attacker to gain privileges via the login check state component...

9.8CVSS0.00657EPSS
Exploits1References2
Rows per page
Query Builder