111 matches found
CVE-2025-54236
CVE-2025-54236 affects Adobe Commerce and Magento Open Source: Improper Input Validation could allow an attacker to take over customer sessions (high confidentiality/integrity impact) with network-level, no-interaction exploit. Affected: Adobe Commerce 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12,...
CVE-2025-24434
Adobe Commerce (Magento) is affected by an Incorrect/Improper Authorization vulnerability (CVE-2025-24434) impacting versions including 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. The issue allows privilege escalation and session takeover without user interaction. Root caus...
CVE-2025-24406
CVE-2025-24406 concerns Adobe Commerce; multiple historical releases (2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier) are affected by an improper pathname limitation vulnerability (Path Traversal). An unauthenticated attacker could bypass a security feature and modify files sto...
CVE-2024-45119
CVE-2024-45119 affects Adobe Commerce (Magento) versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier, exposing a server-side request forgery (SSRF) that can lead to arbitrary file system reads. An admin-privileged, authenticated attacker can induce the application to make arbitrary HTTP r...
CVE-2024-45116
CVE-2024-45116 is an XSS flaw in Adobe Commerce (Magento Open Source) affecting versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. An attacker can lure an admin or user to click a crafted link or submit a form, causing arbitrary script execution in the victim’s browser with high impact...
CVE-2024-45127
CVE-2024-45127 is cited for Adobe Commerce (Magento) in multiple documents as a stored Cross-Site Scripting (XSS) vulnerability. Affected versions include 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. The vulnerability allows an admin attacker to inject malicious scripts into vulnerable fo...
CVE-2024-45117
CVE-2024-45117 affects Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. The vulnerability is an Improper Input Validation that could allow an admin attacker to read files outside of permitted directories via the PHP filter chain, with a low-availability impact on the s...
CVE-2025-47110
CVE-2025-47110 is a stored XSS vulnerability in Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier. The issue allows a high-privileged attacker to inject malicious scripts into vulnerable form fields, with JavaScript execution in users’ browsers when visiting the...
CVE-2025-24438
Summary (validated from connected documents): CVE-2025-24438 affects Adobe Commerce and Magento variants, specifically Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. It is a stored Cross-Site Scripting (XSS) vulnerability that could allow a low-privileg...
CVE-2025-24410
Adobe Commerce (Magento) stores XSS in forms across versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. The underlying issue allows low-privilege attackers to inject malicious scripts, potentially leading to session takeover and compromising confidentiality and integrity. ...
CVE-2025-43585
Adobe Commerce (Magento) CVE-2025-43585 affects multiple 2.x releases (2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier). The issue is an Improper Authorization vulnerability that can bypass security features, granting unauthorized access with a limited confidentiality impact but high...
CVE-2025-24437
CVE-2025-24437 affects Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier. Description: Incorrect Authorization could allow a low-privileged attacker to view or modify select information without user interaction, constituting a security feature bypass. CVSSv...
CVE-2024-45124
CVE-2024-45124 affects Adobe Commerce (2.4.x: 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier) with an Improper Access Control vulnerability that could bypass security features and impact integrity at a low level. Exploitation does not require user interaction. The Connected documents corrobo...
CVE-2024-45130
Summary: CVE-2024-45130 affects Adobe Commerce/Magento Open Source and Adobe Commerce B2B products in multiple documents, with an Improper Access Control vulnerability that can enable a security feature bypass. The affected versions include Adobe Commerce 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 a...
CVE-2024-45121
CVE-2024-45121 affects Adobe Commerce (Magento) versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. It is an Improper Access Control (CWE-284) vulnerability that could allow a low-privileged attacker to bypass security measures, with a low impact on integrity and no required user intera...
CVE-2025-24412
CVE-2025-24412 affects Adobe Commerce and Magento Open Source, with stored XSS in vulnerable form fields across multiple 2.4.x releases (e.g., 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier). The underlying issue is a stored XSS that an attacker with low privileges can abuse to...
CVE-2025-24414
CVE-2025-24414 affects Adobe Commerce prior to some 2.4.x releases (2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier). It is a stored Cross-Site Scripting (XSS) vulnerability that a low-privileged attacker can exploit via vulnerable form fields to inject JavaScript, potentially e...
CVE-2025-27206
Adobe Commerce (versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier) is impacted by an Improper Access Control vulnerability that could bypass security features and grant limited write access. The issue enables a security feature bypass without user interaction. Multiple connect...
CVE-2025-24436
CVE-2025-24436 affects Adobe Commerce: an Incorrect Authorization vulnerability that could allow a low-privileged, remote attacker to view select information without user interaction. Affected versions include 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier. Impact: security fea...
CVE-2025-27188
Adobe Commerce (Magento) is affected by CVE-2025-27188: an Improper Authorization vulnerability that could allow Privilege Escalation in versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier. Root cause is improper authorization; exploitation does not require user interaction...
CVE-2025-24411
CVE-2025-24411 affects Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier, with an Improper Access Control that could bypass security measures and compromise Confidentiality and Integrity. The attack path is credential-insufficient: a low-privileged attacker...
CVE-2025-24417
Adobe Commerce CVE-2025-24417 affects multiple 2.4.x releases (2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier) with a stored XSS vulnerability that a low-privilege attacker can abuse to inject malicious scripts into vulnerable form fields. Malicious JavaScript may execute in vi...
CVE-2025-24409
CVE-2025-24409 affects Adobe Commerce: versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect/Improper Authorization vulnerability that can bypass security features and grant unauthorized access without user interaction. The impact is described as ...
CVE-2025-24427
CVE-2025-24427 affects Adobe Commerce: vulnerable in 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. The issue is Improper Access Control allowing a low-privilege attacker to bypass security measures and gain unauthorized write access without user interaction. Connected sources...
CVE-2024-45122
Adobe Commerce/Open Source Magento Open Source CVE-2024-45122 describes an Improper Access Control vulnerability that could allow a low-privileged attacker to bypass security measures with low confidentiality impact and without user interaction. Affected versions include Adobe Commerce 2.4.7-p2, ...
CVE-2025-24430
CVE-2025-24430 affects Adobe Commerce (and Magento-related builds) up to versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. It describes a Time-of-check Time-of-use (TOCTOU) race condition in the security feature logic that could be exploited to bypass certain protections...
CVE-2025-24421
CVE-2025-24421 affects Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier, due to an Incorrect Authorization flaw that could allow a low-privilege attacker to read select data with no user interaction. The issue enables a security feature bypass. Adobe and r...
CVE-2025-24429
CVE-2025-24429 affects Adobe Commerce (versions including 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier) and is an Improper Access Control vulnerability that can bypass security features and grant read-only access to an attacker with low privileges. Exploitation, per the NVD e...
CVE-2024-45148
CVE-2024-45148 affects Adobe Commerce/Magento Open Source: versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could bypass security features. A low-privileged attacker could gain unauthorized access without credentials, and e...
CVE-2025-24408
Adobe Commerce CVE-2025-24408 describes an Information Exposure vulnerability affecting multiple 2.x releases (2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier). The issue could allow a low-privileged, remote attacker to access sensitive information without user interaction, with...
CVE-2025-24424
CVE-2025-24424 affects Adobe Commerce: multiple 2.x releases (2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier) are vulnerable to an Improper Access Control that could allow a low-privileged attacker to bypass security controls and read restricted data without user interaction. T...
CVE-2025-24415
Adobe Commerce and Magento Open Source are affected by a stored XSS vulnerability in vulnerable form fields across versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. A low-privileged attacker can inject malicious scripts, which may execute in a victim’s browser and could ...
CVE-2025-24426
CVE-2025-24426 concerns Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier, with an Improper Access Control vulnerability that could bypass security features and permit unauthorized read access. The NVD entry mirrors the same affected versions and impact (co...
CVE-2024-45123
Adobe Commerce (Magento Open Source) CVE-2024-45123 is a reflected Cross-Site Scripting (XSS) vulnerability affecting versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. An attacker who can entice a user to visit a specially crafted URL can cause malicious JavaScript to execute in the v...
CVE-2025-24407
CVE-2025-24407 affects Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier with an Incorrect Authorization vulnerability that could bypass security features, enabling actions with ungranted permissions. Impact reported as high confidentiality, low integrity; ...
CVE-2025-24413
CVE-2025-24413 is a stored XSS vulnerability in Adobe Commerce affecting versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. The flaw allows a low-privileged attacker to inject malicious scripts into vulnerable form fields, which execute in a victim’s browser when viewing ...
CVE-2025-24432
CVE-2025-24432 affects Adobe Commerce: TOCTOU race condition in multiple 2.4.x releases (2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier) that could bypass a security feature by altering a checked condition before use, potentially bypassing rate limiting. Exploitation is describ...
CVE-2025-24422
CVE-2025-24422 affects Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. It is an Improper Access Control (CWE-284) vulnerability that could allow a low-privileged attacker to bypass security measures and gain unauthorized read access without user interact...
CVE-2025-24435
CVE-2025-24435 affects Adobe Commerce and Magento Open Source with an Improper Access Control vulnerability enabling a low-privilege attacker to escalate privileges and modify limited fields without user interaction. Affected versions include 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 ...
CVE-2025-24423
CVE-2025-24423 affects Adobe Commerce; versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are vulnerable to Improper Access Control enabling privilege escalation. An attacker with low privileges can modify select data without user interaction. The issue is documented acros...
CVE-2025-24416
CVE-2025-24416 affects Adobe Commerce. The vulnerability is a stored XSS in vulnerable form fields that could allow a low-privilege attacker to execute malicious JavaScript in a victim’s browser, with potential session takeover and impact on confidentiality and integrity (CVE details list affecte...
CVE-2025-24428
CVE-2025-24428 concerns a stored Cross-Site Scripting (XSS) vulnerability in Adobe Commerce. Affected are Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. The flaw allows a low-privileged attacker to inject malicious scripts into vulnerable form fields, w...
CVE-2025-27190
Summary (CVE-2025-27190) : Adobe Commerce (Magento) versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could bypass security features and grant unauthorized access. The issue, exploitable without user interactio...
CVE-2025-24419
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could bypass a security feature and allow a low-privileged attacker to modify select data without user interaction. The CVE (CVE-2025-24419) is d...
CVE-2025-24420
Adobe Commerce (Magento) exposes CVE-2025-24420: an Incorrect Authorization bypass affecting versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. A low-privileged remote attacker could modify select data without user interaction. The CVSSv3.1 base score is 4.3 (Medium) with...
CVE-2025-24418
Adobe Commerce (CVE-2025-24418) is affected across multiple 2.4.x releases (2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier) by an Improper Authorization vulnerability that can lead to privilege escalation. A low-privileged, unauthenticated attacker could bypass security measure...
CVE-2025-24425
The CVE-2025-24425 entry concerns Adobe Commerce with a Business Logic Error that can bypass security features and allow limited data modification without user interaction. Affected versions include 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. The underlying issue is a logic...
CVE-2024-45131
Adobe Commerce (Magento Open Source) vulnerability CVE-2024-45131 affects versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. The issue is an Improper Authorization that could allow a low-privileged attacker to bypass security features with low impact on confidentiality and integrity; e...
CVE-2025-27192
CVE-2025-27192 affects Adobe Commerce/Magento: versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier. Root cause: Insufficiently Protected Credentials that could allow an attacker with elevated privileges to obtain sensitive credential information and bypass security features...
CVE-2024-45120
CVE-2024-45120 affects Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. The issue is a Time-of-check Time-of-use (TOCTOU) race condition that can bypass a security feature by altering a condition between the check and the resource use. The impact is described as low fo...