Lucene search
K
AdobeCommerce B2b

111 matches found

CVE
CVE
added 2025/09/09 1:20 p.m.504 views

CVE-2025-54236

CVE-2025-54236 affects Adobe Commerce and Magento Open Source: Improper Input Validation could allow an attacker to take over customer sessions (high confidentiality/integrity impact) with network-level, no-interaction exploit. Affected: Adobe Commerce 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12,...

9.1CVSS6.2AI score0.96742EPSS
In wildWeb
CVE
CVE
added 2025/02/11 5:37 p.m.312 views

CVE-2025-24434

Adobe Commerce (Magento) is affected by an Incorrect/Improper Authorization vulnerability (CVE-2025-24434) impacting versions including 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. The issue allows privilege escalation and session takeover without user interaction. Root caus...

9.1CVSS9.2AI score0.15857EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.148 views

CVE-2025-24406

CVE-2025-24406 concerns Adobe Commerce; multiple historical releases (2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier) are affected by an improper pathname limitation vulnerability (Path Traversal). An unauthenticated attacker could bypass a security feature and modify files sto...

7.5CVSS6.1AI score0.01278EPSS
CVE
CVE
added 2024/10/10 9:57 a.m.121 views

CVE-2024-45119

CVE-2024-45119 affects Adobe Commerce (Magento) versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier, exposing a server-side request forgery (SSRF) that can lead to arbitrary file system reads. An admin-privileged, authenticated attacker can induce the application to make arbitrary HTTP r...

4.9CVSS5AI score0.00761EPSS
CVE
CVE
added 2024/10/10 9:57 a.m.120 views

CVE-2024-45116

CVE-2024-45116 is an XSS flaw in Adobe Commerce (Magento Open Source) affecting versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. An attacker can lure an admin or user to click a crafted link or submit a form, causing arbitrary script execution in the victim’s browser with high impact...

8.1CVSS7.2AI score0.00916EPSS
CVE
CVE
added 2024/10/10 9:58 a.m.114 views

CVE-2024-45127

CVE-2024-45127 is cited for Adobe Commerce (Magento) in multiple documents as a stored Cross-Site Scripting (XSS) vulnerability. Affected versions include 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. The vulnerability allows an admin attacker to inject malicious scripts into vulnerable fo...

4.8CVSS4.6AI score0.00438EPSS
CVE
CVE
added 2024/10/10 9:58 a.m.113 views

CVE-2024-45117

CVE-2024-45117 affects Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. The vulnerability is an Improper Input Validation that could allow an admin attacker to read files outside of permitted directories via the PHP filter chain, with a low-availability impact on the s...

7.6CVSS7.4AI score0.00852EPSS
CVE
CVE
added 2025/06/10 4:8 p.m.113 views

CVE-2025-47110

CVE-2025-47110 is a stored XSS vulnerability in Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier. The issue allows a high-privileged attacker to inject malicious scripts into vulnerable form fields, with JavaScript execution in users’ browsers when visiting the...

8.4CVSS8.2AI score0.007EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.112 views

CVE-2025-24438

Summary (validated from connected documents): CVE-2025-24438 affects Adobe Commerce and Magento variants, specifically Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. It is a stored Cross-Site Scripting (XSS) vulnerability that could allow a low-privileg...

8.7CVSS7.5AI score0.00736EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.111 views

CVE-2025-24410

Adobe Commerce (Magento) stores XSS in forms across versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. The underlying issue allows low-privilege attackers to inject malicious scripts, potentially leading to session takeover and compromising confidentiality and integrity. ...

8.7CVSS7.5AI score0.00656EPSS
CVE
CVE
added 2025/06/10 4:8 p.m.111 views

CVE-2025-43585

Adobe Commerce (Magento) CVE-2025-43585 affects multiple 2.x releases (2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier). The issue is an Improper Authorization vulnerability that can bypass security features, granting unauthorized access with a limited confidentiality impact but high...

8.2CVSS8.2AI score0.00429EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.109 views

CVE-2025-24437

CVE-2025-24437 affects Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier. Description: Incorrect Authorization could allow a low-privileged attacker to view or modify select information without user interaction, constituting a security feature bypass. CVSSv...

5.4CVSS6.8AI score0.00415EPSS
CVE
CVE
added 2024/10/10 9:58 a.m.102 views

CVE-2024-45124

CVE-2024-45124 affects Adobe Commerce (2.4.x: 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier) with an Improper Access Control vulnerability that could bypass security features and impact integrity at a low level. Exploitation does not require user interaction. The Connected documents corrobo...

5.3CVSS5.1AI score0.00589EPSS
CVE
CVE
added 2024/10/10 9:57 a.m.101 views

CVE-2024-45130

Summary: CVE-2024-45130 affects Adobe Commerce/Magento Open Source and Adobe Commerce B2B products in multiple documents, with an Improper Access Control vulnerability that can enable a security feature bypass. The affected versions include Adobe Commerce 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 a...

4.3CVSS4.8AI score0.00521EPSS
CVE
CVE
added 2024/10/10 9:58 a.m.99 views

CVE-2024-45121

CVE-2024-45121 affects Adobe Commerce (Magento) versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. It is an Improper Access Control (CWE-284) vulnerability that could allow a low-privileged attacker to bypass security measures, with a low impact on integrity and no required user intera...

4.3CVSS4.8AI score0.00521EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.96 views

CVE-2025-24412

CVE-2025-24412 affects Adobe Commerce and Magento Open Source, with stored XSS in vulnerable form fields across multiple 2.4.x releases (e.g., 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier). The underlying issue is a stored XSS that an attacker with low privileges can abuse to...

8.7CVSS7.5AI score0.00656EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.96 views

CVE-2025-24414

CVE-2025-24414 affects Adobe Commerce prior to some 2.4.x releases (2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier). It is a stored Cross-Site Scripting (XSS) vulnerability that a low-privileged attacker can exploit via vulnerable form fields to inject JavaScript, potentially e...

8.7CVSS7.5AI score0.00656EPSS
CVE
CVE
added 2025/06/10 4:8 p.m.92 views

CVE-2025-27206

Adobe Commerce (versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier) is impacted by an Improper Access Control vulnerability that could bypass security features and grant limited write access. The issue enables a security feature bypass without user interaction. Multiple connect...

5.3CVSS5.3AI score0.00394EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.89 views

CVE-2025-24436

CVE-2025-24436 affects Adobe Commerce: an Incorrect Authorization vulnerability that could allow a low-privileged, remote attacker to view select information without user interaction. Affected versions include 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier. Impact: security fea...

4.3CVSS6.2AI score0.00505EPSS
CVE
CVE
added 2025/04/08 8:17 p.m.88 views

CVE-2025-27188

Adobe Commerce (Magento) is affected by CVE-2025-27188: an Improper Authorization vulnerability that could allow Privilege Escalation in versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier. Root cause is improper authorization; exploitation does not require user interaction...

4.3CVSS7.2AI score0.00498EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.87 views

CVE-2025-24411

CVE-2025-24411 affects Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier, with an Improper Access Control that could bypass security measures and compromise Confidentiality and Integrity. The attack path is credential-insufficient: a low-privileged attacker...

8.1CVSS8.4AI score0.00851EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.87 views

CVE-2025-24417

Adobe Commerce CVE-2025-24417 affects multiple 2.4.x releases (2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier) with a stored XSS vulnerability that a low-privilege attacker can abuse to inject malicious scripts into vulnerable form fields. Malicious JavaScript may execute in vi...

8.7CVSS7.5AI score0.00656EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.86 views

CVE-2025-24409

CVE-2025-24409 affects Adobe Commerce: versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect/Improper Authorization vulnerability that can bypass security features and grant unauthorized access without user interaction. The impact is described as ...

8.2CVSS8.8AI score0.00627EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.86 views

CVE-2025-24427

CVE-2025-24427 affects Adobe Commerce: vulnerable in 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. The issue is Improper Access Control allowing a low-privilege attacker to bypass security measures and gain unauthorized write access without user interaction. Connected sources...

6.5CVSS7.1AI score0.00584EPSS
CVE
CVE
added 2024/10/10 9:57 a.m.85 views

CVE-2024-45122

Adobe Commerce/Open Source Magento Open Source CVE-2024-45122 describes an Improper Access Control vulnerability that could allow a low-privileged attacker to bypass security measures with low confidentiality impact and without user interaction. Affected versions include Adobe Commerce 2.4.7-p2, ...

4.3CVSS4.4AI score0.00536EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.85 views

CVE-2025-24430

CVE-2025-24430 affects Adobe Commerce (and Magento-related builds) up to versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. It describes a Time-of-check Time-of-use (TOCTOU) race condition in the security feature logic that could be exploited to bypass certain protections...

3.7CVSS4.5AI score0.00369EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.83 views

CVE-2025-24421

CVE-2025-24421 affects Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier, due to an Incorrect Authorization flaw that could allow a low-privilege attacker to read select data with no user interaction. The issue enables a security feature bypass. Adobe and r...

4.3CVSS5AI score0.00505EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.83 views

CVE-2025-24429

CVE-2025-24429 affects Adobe Commerce (versions including 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier) and is an Improper Access Control vulnerability that can bypass security features and grant read-only access to an attacker with low privileges. Exploitation, per the NVD e...

3.5CVSS4.9AI score0.00466EPSS
CVE
CVE
added 2024/10/10 9:57 a.m.81 views

CVE-2024-45148

CVE-2024-45148 affects Adobe Commerce/Magento Open Source: versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could bypass security features. A low-privileged attacker could gain unauthorized access without credentials, and e...

8.8CVSS8.8AI score0.0073EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.81 views

CVE-2025-24408

Adobe Commerce CVE-2025-24408 describes an Information Exposure vulnerability affecting multiple 2.x releases (2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier). The issue could allow a low-privileged, remote attacker to access sensitive information without user interaction, with...

6.5CVSS6.8AI score0.00936EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.81 views

CVE-2025-24424

CVE-2025-24424 affects Adobe Commerce: multiple 2.x releases (2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier) are vulnerable to an Improper Access Control that could allow a low-privileged attacker to bypass security controls and read restricted data without user interaction. T...

6.5CVSS7AI score0.00708EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.80 views

CVE-2025-24415

Adobe Commerce and Magento Open Source are affected by a stored XSS vulnerability in vulnerable form fields across versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. A low-privileged attacker can inject malicious scripts, which may execute in a victim’s browser and could ...

8.7CVSS7.5AI score0.00656EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.80 views

CVE-2025-24426

CVE-2025-24426 concerns Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier, with an Improper Access Control vulnerability that could bypass security features and permit unauthorized read access. The NVD entry mirrors the same affected versions and impact (co...

6.5CVSS7.1AI score0.00708EPSS
CVE
CVE
added 2024/10/10 9:58 a.m.78 views

CVE-2024-45123

Adobe Commerce (Magento Open Source) CVE-2024-45123 is a reflected Cross-Site Scripting (XSS) vulnerability affecting versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. An attacker who can entice a user to visit a specially crafted URL can cause malicious JavaScript to execute in the v...

6.1CVSS5.8AI score0.00426EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.78 views

CVE-2025-24407

CVE-2025-24407 affects Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier with an Incorrect Authorization vulnerability that could bypass security features, enabling actions with ungranted permissions. Impact reported as high confidentiality, low integrity; ...

7.1CVSS7.4AI score0.00726EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.78 views

CVE-2025-24413

CVE-2025-24413 is a stored XSS vulnerability in Adobe Commerce affecting versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. The flaw allows a low-privileged attacker to inject malicious scripts into vulnerable form fields, which execute in a victim’s browser when viewing ...

8.7CVSS7.5AI score0.00656EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.77 views

CVE-2025-24432

CVE-2025-24432 affects Adobe Commerce: TOCTOU race condition in multiple 2.4.x releases (2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier) that could bypass a security feature by altering a checked condition before use, potentially bypassing rate limiting. Exploitation is describ...

3.7CVSS4.5AI score0.00369EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.76 views

CVE-2025-24422

CVE-2025-24422 affects Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. It is an Improper Access Control (CWE-284) vulnerability that could allow a low-privileged attacker to bypass security measures and gain unauthorized read access without user interact...

6.5CVSS7.1AI score0.00708EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.76 views

CVE-2025-24435

CVE-2025-24435 affects Adobe Commerce and Magento Open Source with an Improper Access Control vulnerability enabling a low-privilege attacker to escalate privileges and modify limited fields without user interaction. Affected versions include 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 ...

4.3CVSS5.1AI score0.00491EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.74 views

CVE-2025-24423

CVE-2025-24423 affects Adobe Commerce; versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are vulnerable to Improper Access Control enabling privilege escalation. An attacker with low privileges can modify select data without user interaction. The issue is documented acros...

4.3CVSS5.9AI score0.00481EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.73 views

CVE-2025-24416

CVE-2025-24416 affects Adobe Commerce. The vulnerability is a stored XSS in vulnerable form fields that could allow a low-privilege attacker to execute malicious JavaScript in a victim’s browser, with potential session takeover and impact on confidentiality and integrity (CVE details list affecte...

8.7CVSS7.5AI score0.00656EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.73 views

CVE-2025-24428

CVE-2025-24428 concerns a stored Cross-Site Scripting (XSS) vulnerability in Adobe Commerce. Affected are Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. The flaw allows a low-privileged attacker to inject malicious scripts into vulnerable form fields, w...

5.4CVSS5.3AI score0.0038EPSS
CVE
CVE
added 2025/04/08 8:17 p.m.73 views

CVE-2025-27190

Summary (CVE-2025-27190) : Adobe Commerce (Magento) versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could bypass security features and grant unauthorized access. The issue, exploitable without user interactio...

5.3CVSS7.1AI score0.00425EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.72 views

CVE-2025-24419

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could bypass a security feature and allow a low-privileged attacker to modify select data without user interaction. The CVE (CVE-2025-24419) is d...

4.3CVSS5.2AI score0.00514EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.72 views

CVE-2025-24420

Adobe Commerce (Magento) exposes CVE-2025-24420: an Incorrect Authorization bypass affecting versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. A low-privileged remote attacker could modify select data without user interaction. The CVSSv3.1 base score is 4.3 (Medium) with...

4.3CVSS5.2AI score0.00514EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.71 views

CVE-2025-24418

Adobe Commerce (CVE-2025-24418) is affected across multiple 2.4.x releases (2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier) by an Improper Authorization vulnerability that can lead to privilege escalation. A low-privileged, unauthenticated attacker could bypass security measure...

8.1CVSS8.2AI score0.00892EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.71 views

CVE-2025-24425

The CVE-2025-24425 entry concerns Adobe Commerce with a Business Logic Error that can bypass security features and allow limited data modification without user interaction. Affected versions include 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. The underlying issue is a logic...

5.3CVSS5.6AI score0.00585EPSS
CVE
CVE
added 2024/10/10 9:57 a.m.70 views

CVE-2024-45131

Adobe Commerce (Magento Open Source) vulnerability CVE-2024-45131 affects versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. The issue is an Improper Authorization that could allow a low-privileged attacker to bypass security features with low impact on confidentiality and integrity; e...

5.4CVSS5.3AI score0.0044EPSS
CVE
CVE
added 2025/04/08 8:17 p.m.70 views

CVE-2025-27192

CVE-2025-27192 affects Adobe Commerce/Magento: versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier. Root cause: Insufficiently Protected Credentials that could allow an attacker with elevated privileges to obtain sensitive credential information and bypass security features...

2.7CVSS6.9AI score0.00419EPSS
CVE
CVE
added 2024/10/10 9:57 a.m.68 views

CVE-2024-45120

CVE-2024-45120 affects Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. The issue is a Time-of-check Time-of-use (TOCTOU) race condition that can bypass a security feature by altering a condition between the check and the resource use. The impact is described as low fo...

3.1CVSS4.5AI score0.00361EPSS
Total number of security vulnerabilities111