Lucene search
+L
AdobeCommerce

198 matches found

CVE
CVE
added 2022/08/16 7:45 p.m.106 views

CVE-2022-34255

Adobe Commerce and Magento Open Source are affected by CVE-2022-34255 (Improper Access Control) allowing privilege escalation and potential account takeover with no user interaction. Affected versions include Adobe Commerce 2.4.3-p2 and earlier, 2.3.7-p3 and earlier, and 2.4.4 and earlier. Root c...

8.8CVSS8.6AI score0.0174EPSS
CVE
CVE
added 2024/08/14 11:57 a.m.105 views

CVE-2024-39418

Adobe Commerce/CMS: CVE-2024-39418 is an Improper Authorization flaw (CWE-285) affecting 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. The issue allows a low-privileged attacker to bypass security and view/edit low-sensitivity data without user interaction. The Nessus adapter references APS...

5.4CVSS5.4AI score0.00385EPSS
CVE
CVE
added 2023/10/13 6:15 a.m.104 views

CVE-2023-38221

CVE-2023-38221 concerns Adobe Commerce/Magento with an SQL Injection in versions up to 2.4.7-beta1 and earlier. The root cause is improper neutralization of special elements in an SQL command. The impact is potential arbitrary code execution by an attacker with admin privileges (no user interacti...

8CVSS7.6AI score0.00829EPSS
CVE
CVE
added 2023/06/15 12:0 a.m.103 views

CVE-2023-29289

Adobe Commerce and Magento are affected by CVE-2023-29289 (XML Injection) in versions 2.4.6 and earlier, 2.4.5-p2 and earlier, and 2.4.4-p3 and earlier. The issue enables a low-privilege attacker to trigger a crafted script that bypasses a security feature, with exploitation not requiring user in...

6.5CVSS6.4AI score0.00793EPSS
CVE
CVE
added 2024/10/10 9:58 a.m.103 views

CVE-2024-45124

CVE-2024-45124 affects Adobe Commerce (2.4.x: 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier) with an Improper Access Control vulnerability that could bypass security features and impact integrity at a low level. Exploitation does not require user interaction. The Connected documents corrobo...

5.3CVSS5.1AI score0.00605EPSS
CVE
CVE
added 2023/10/13 6:15 a.m.102 views

CVE-2023-38250

CVE-2023-38250 affects Adobe Commerce (Magento) platforms: versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier, 2.4.4-p5 and earlier are vulnerable to SQL Injection that enables arbitrary code execution when exploited by an admin-privileged authenticated attacker. The iss...

8CVSS7.2AI score0.00829EPSS
CVE
CVE
added 2024/10/10 9:57 a.m.102 views

CVE-2024-45130

Summary: CVE-2024-45130 affects Adobe Commerce/Magento Open Source and Adobe Commerce B2B products in multiple documents, with an Improper Access Control vulnerability that can enable a security feature bypass. The affected versions include Adobe Commerce 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 a...

4.3CVSS4.8AI score0.00535EPSS
CVE
CVE
added 2022/08/16 7:44 p.m.101 views

CVE-2022-34254

Adobe Commerce (Magento) versions 2.4.3-p2 and earlier, 2.3.7-p3 and earlier, and 2.4.4 and earlier are affected by a Path Traversal vulnerability (improper limitation of a pathname to a restricted directory) that could be abused by a low-privilege attacker to read local files and perform Stored ...

8.8CVSS8AI score0.01976EPSS
CVE
CVE
added 2024/08/14 11:57 a.m.101 views

CVE-2024-39414

CVE-2024-39414 affects Adobe Commerce/Magento Open Source versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. Root cause: Improper Authorization that allows a low-privileged attacker to bypass security controls and disclose minor information without user interaction. Exploitation is netw...

4.3CVSS4.5AI score0.00442EPSS
CVE
CVE
added 2024/10/10 9:58 a.m.100 views

CVE-2024-45121

CVE-2024-45121 affects Adobe Commerce (Magento) versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. It is an Improper Access Control (CWE-284) vulnerability that could allow a low-privileged attacker to bypass security measures, with a low impact on integrity and no required user intera...

4.3CVSS4.8AI score0.00535EPSS
CVE
CVE
added 2022/08/16 7:43 p.m.99 views

CVE-2022-34256

Adobe Commerce (Magento) vulnerable in versions 2.4.3-p2 and earlier, 2.3.7-p3 and earlier, and 2.4.4 and earlier due to an Improper Authorization issue that could lead to privilege escalation and access to other users’ data. Exploitation does not require user interaction. The issue is documented...

9.8CVSS8.4AI score0.01877EPSS
CVE
CVE
added 2024/08/14 11:57 a.m.99 views

CVE-2024-39419

Adobe Commerce (Magento) is affected by CVE-2024-39419: an Improper Authorization vulnerability that allows a low-privileged attacker to bypass security measures and modify minor information without user interaction. Affected versions include 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. Th...

4.3CVSS4.5AI score0.00429EPSS
CVE
CVE
added 2022/10/20 4:28 p.m.98 views

CVE-2022-42344

CVE-2022-42344 affects Adobe Commerce versions 2.4.3-p2 and earlier, 2.3.7-p3 and earlier, and 2.4.4 and earlier. The issue is described as an Incorrect Authorization/ improper input validation vulnerability that allows an authenticated attacker to cause information exposure and privilege escalat...

8.8CVSS8.3AI score0.02242EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.98 views

CVE-2025-24412

CVE-2025-24412 affects Adobe Commerce and Magento Open Source, with stored XSS in vulnerable form fields across multiple 2.4.x releases (e.g., 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier). The underlying issue is a stored XSS that an attacker with low privileges can abuse to...

8.7CVSS7.5AI score0.00684EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.98 views

CVE-2025-24414

CVE-2025-24414 affects Adobe Commerce prior to some 2.4.x releases (2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier). It is a stored Cross-Site Scripting (XSS) vulnerability that a low-privileged attacker can exploit via vulnerable form fields to inject JavaScript, potentially e...

8.7CVSS7.5AI score0.00684EPSS
CVE
CVE
added 2023/10/13 6:15 a.m.96 views

CVE-2023-38219

CVE-2023-38219 describes a stored XSS in Adobe Commerce/Magento Open Source prior to versions affected in the description. The root cause is insufficient filtering/escaping of user-supplied data, with the payload stored in an admin area and executed in a victim’s browser when visiting vulnerable ...

8.7CVSS7.4AI score0.00623EPSS
CVE
CVE
added 2024/04/10 11:49 a.m.96 views

CVE-2024-20759

CVE-2024-20759 affects Adobe Commerce (Magento) Open/Commerce platforms: versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier. The issue is a stored Cross‑Site Scripting (XSS) vulnerability in vulnerable form fields that could be exploited by a high‑privileged attacker to inject malicio...

8.1CVSS6.8AI score0.01028EPSS
CVE
CVE
added 2022/08/19 10:49 p.m.95 views

CVE-2022-35692

Adobe Commerce/Open Source Magento 2.x versions 2.4.3-p2 and earlier, 2.3.7-p3 and earlier, and 2.4.4 and earlier are affected by an Improper Access Control vulnerability that could bypass security features and allow leakage of minor information from another user’s account. Exploitation does not ...

5.3CVSS4.9AI score0.00696EPSS
CVE
CVE
added 2023/10/13 6:15 a.m.95 views

CVE-2023-38251

Adobe Commerce is affected by an Uncontrolled Resource Consumption vulnerability (CVE-2023-38251) that can cause a minor denial-of-service without user interaction. Affected: Adobe Commerce versions up to 2.4.7-beta1, 2.4.6-p2, 2.4.5-p4, and 2.4.4-p5 (and earlier). The root cause is Uncontrolled ...

5.3CVSS5.1AI score0.00671EPSS
CVE
CVE
added 2024/06/13 9:5 a.m.94 views

CVE-2024-34103

CVE-2024-34103 affects Adobe Commerce/Magento Open Source: versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier; described as Improper Authentication leading to privilege escalation. Exploitation requires no user interaction but has high attack complexity. Connected sources reference an accou...

8.1CVSS8.2AI score0.00781EPSS
CVE
CVE
added 2025/06/10 4:8 p.m.94 views

CVE-2025-27206

Adobe Commerce (versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier) is impacted by an Improper Access Control vulnerability that could bypass security features and grant limited write access. The issue enables a security feature bypass without user interaction. Multiple connect...

5.3CVSS5.3AI score0.00394EPSS
CVE
CVE
added 2023/06/15 12:0 a.m.93 views

CVE-2023-22248

CVE-2023-22248 affects Adobe Commerce 2.4.x (2.4.6 and earlier, 2.4.5-p2, 2.4.4-p3 and earlier). It is an Incorrect Authorization vulnerability that could bypass a security feature and leak another user’s data. Exploitation does not require user interaction. Documents note that Adobe has released...

7.5CVSS7.3AI score0.00918EPSS
CVE
CVE
added 2025/04/08 8:17 p.m.93 views

CVE-2025-27188

Adobe Commerce (Magento) is affected by CVE-2025-27188: an Improper Authorization vulnerability that could allow Privilege Escalation in versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier. Root cause is improper authorization; exploitation does not require user interaction...

4.3CVSS7.2AI score0.00549EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.92 views

CVE-2025-24409

CVE-2025-24409 affects Adobe Commerce: versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect/Improper Authorization vulnerability that can bypass security features and grant unauthorized access without user interaction. The impact is described as ...

8.2CVSS8.8AI score0.00654EPSS
CVE
CVE
added 2023/03/27 12:0 a.m.91 views

CVE-2023-22251

CVE-2023-22251 describes an Incorrect Authorization flaw impacting Adobe Commerce / Magento Open Source (notably versions 2.4.4-p2 and earlier, 2.4.5-p1 and earlier). The issue allows a low-privileged authenticated attacker to cause a minor information disclosure . Core details across connected d...

4.3CVSS4.5AI score0.00563EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.90 views

CVE-2025-24436

CVE-2025-24436 affects Adobe Commerce: an Incorrect Authorization vulnerability that could allow a low-privileged, remote attacker to view select information without user interaction. Affected versions include 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier. Impact: security fea...

4.3CVSS6.2AI score0.00527EPSS
CVE
CVE
added 2024/10/10 9:57 a.m.89 views

CVE-2024-45122

Adobe Commerce/Open Source Magento Open Source CVE-2024-45122 describes an Improper Access Control vulnerability that could allow a low-privileged attacker to bypass security measures with low confidentiality impact and without user interaction. Affected versions include Adobe Commerce 2.4.7-p2, ...

4.3CVSS4.4AI score0.00551EPSS
CVE
CVE
added 2023/10/13 6:15 a.m.88 views

CVE-2023-26366

CVE-2023-26366 affects Adobe Commerce/Magento Open Source in versions 2.4.4-p5 through 2.4.7-beta1 and earlier. The issue is Server-Side Request Forgery (SSRF) that lets an authenticated, high-privilege attacker cause the application to read arbitrary files by injecting arbitrary URLs; exploitati...

6.8CVSS6.5AI score0.00639EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.88 views

CVE-2025-24411

CVE-2025-24411 affects Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier, with an Improper Access Control that could bypass security measures and compromise Confidentiality and Integrity. The attack path is credential-insufficient: a low-privileged attacker...

8.1CVSS8.4AI score0.00888EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.88 views

CVE-2025-24417

Adobe Commerce CVE-2025-24417 affects multiple 2.4.x releases (2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier) with a stored XSS vulnerability that a low-privilege attacker can abuse to inject malicious scripts into vulnerable form fields. Malicious JavaScript may execute in vi...

8.7CVSS7.5AI score0.00684EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.87 views

CVE-2025-24430

CVE-2025-24430 affects Adobe Commerce (and Magento-related builds) up to versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. It describes a Time-of-check Time-of-use (TOCTOU) race condition in the security feature logic that could be exploited to bypass certain protections...

3.7CVSS4.5AI score0.00385EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.86 views

CVE-2025-24427

CVE-2025-24427 affects Adobe Commerce: vulnerable in 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. The issue is Improper Access Control allowing a low-privilege attacker to bypass security measures and gain unauthorized write access without user interaction. Connected sources...

6.5CVSS7.1AI score0.00609EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.86 views

CVE-2025-24429

CVE-2025-24429 affects Adobe Commerce (versions including 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier) and is an Improper Access Control vulnerability that can bypass security features and grant read-only access to an attacker with low privileges. Exploitation, per the NVD e...

3.5CVSS4.9AI score0.00486EPSS
CVE
CVE
added 2023/08/09 7:41 a.m.84 views

CVE-2023-38209

Adobe Commerce/Open Source Magento versions 2.4.4-p4–2.4.6-p1 (and earlier) are affected by an Incorrect Authorization vulnerability that permits a low-privileged attacker to access other users’ data without user interaction. The issue stems from improper access control and has a high confidentia...

6.5CVSS6.3AI score0.00747EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.84 views

CVE-2025-24408

Adobe Commerce CVE-2025-24408 describes an Information Exposure vulnerability affecting multiple 2.x releases (2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier). The issue could allow a low-privileged, remote attacker to access sensitive information without user interaction, with...

6.5CVSS6.8AI score0.00977EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.84 views

CVE-2025-24421

CVE-2025-24421 affects Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier, due to an Incorrect Authorization flaw that could allow a low-privilege attacker to read select data with no user interaction. The issue enables a security feature bypass. Adobe and r...

4.3CVSS5AI score0.00527EPSS
CVE
CVE
added 2023/06/15 12:0 a.m.83 views

CVE-2023-29288

Adobe Commerce (Magento) 2.x up to 2.4.6 (and earlier 2.4.5-p2, 2.4.4-p3) is affected by an Incorrect Authorization vulnerability (CWE-863) that could bypass a security feature and allow a privileged attacker to modify a minor portion of another user’s data. Exploitation does not require user int...

4.3CVSS4.3AI score0.00585EPSS
CVE
CVE
added 2023/06/15 12:0 a.m.83 views

CVE-2023-29293

Adobe Commerce (Magento) Open Source/Commerce: Vulnerable in 2.4.4-p3 and earlier up to 2.4.6 and earlier. An Improper Input Validation vulnerability could allow an admin-privileged attacker to bypass a security feature and affect the availability of a user’s minor feature without user interactio...

2.7CVSS3.9AI score0.00914EPSS
CVE
CVE
added 2023/06/15 12:0 a.m.82 views

CVE-2023-29287

Adobe Commerce/Magento suffers an Information Disclosure vulnerability that can bypass a security feature and leak minor user data without user interaction. Affects: Adobe Commerce/Magento 2.4.6 and earlier (including 2.4.5-p2, 2.4.4-p3). Root cause: Information exposure enabling limited data lea...

5.3CVSS5.3AI score0.0064EPSS
CVE
CVE
added 2023/08/09 7:41 a.m.82 views

CVE-2023-38207

Summary: CVE-2023-38207 affects Adobe Commerce (Magento) across multiple 2.4.x releases due to an XML Injection (Blind XPath Injection) flaw that can allow reading of minor arbitrary files from the filesystem without user interaction. Affected: 2.4.6-p1 and earlier, 2.4.5-p3 and earlier, 2.4.4-p4...

7.5CVSS7.6AI score0.00828EPSS
CVE
CVE
added 2024/10/10 9:57 a.m.82 views

CVE-2024-45148

CVE-2024-45148 affects Adobe Commerce/Magento Open Source: versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could bypass security features. A low-privileged attacker could gain unauthorized access without credentials, and e...

8.8CVSS8.8AI score0.00725EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.81 views

CVE-2025-24415

Adobe Commerce and Magento Open Source are affected by a stored XSS vulnerability in vulnerable form fields across versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. A low-privileged attacker can inject malicious scripts, which may execute in a victim’s browser and could ...

8.7CVSS7.5AI score0.00684EPSS
CVE
CVE
added 2023/06/15 12:0 a.m.80 views

CVE-2023-29291

Adobe Commerce (Magento) is affected by CVE-2023-29291: SSRF that can lead to arbitrary file-system reads. Affected versions include 2.4.6 and earlier, 2.4.5-p2 and earlier, 2.4.4-p3 and earlier. An admin-privilege authenticated attacker can force the application to make arbitrary requests via in...

4.9CVSS5.1AI score0.00986EPSS
CVE
CVE
added 2024/10/10 9:58 a.m.80 views

CVE-2024-45123

Adobe Commerce (Magento Open Source) CVE-2024-45123 is a reflected Cross-Site Scripting (XSS) vulnerability affecting versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. An attacker who can entice a user to visit a specially crafted URL can cause malicious JavaScript to execute in the v...

6.1CVSS5.8AI score0.00437EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.79 views

CVE-2025-24413

CVE-2025-24413 is a stored XSS vulnerability in Adobe Commerce affecting versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. The flaw allows a low-privileged attacker to inject malicious scripts into vulnerable form fields, which execute in a victim’s browser when viewing ...

8.7CVSS7.5AI score0.00684EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.78 views

CVE-2025-24432

CVE-2025-24432 affects Adobe Commerce: TOCTOU race condition in multiple 2.4.x releases (2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier) that could bypass a security feature by altering a checked condition before use, potentially bypassing rate limiting. Exploitation is describ...

3.7CVSS4.5AI score0.00385EPSS
CVE
CVE
added 2024/08/14 11:57 a.m.76 views

CVE-2024-39415

CVE-2024-39415 affects Adobe Commerce and Magento Open Source installations running 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier with an Improper Authorization vulnerability that can bypass security measures and disclose minor information without user interaction. Connected sources indicate...

4.3CVSS4.5AI score0.00442EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.76 views

CVE-2025-24435

CVE-2025-24435 affects Adobe Commerce and Magento Open Source with an Improper Access Control vulnerability enabling a low-privilege attacker to escalate privileges and modify limited fields without user interaction. Affected versions include 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 ...

4.3CVSS5.1AI score0.00512EPSS
CVE
CVE
added 2024/06/13 9:4 a.m.75 views

CVE-2024-34107

Adobe Commerce/Open Source Magento is affected by CVE-2024-34107 (Improper Access Control). Affected versions include 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier. The vulnerability allows bypassing security controls to view minor unauthorized information, with exploitation not requiring user ...

9.8CVSS7.2AI score0.01134EPSS
CVE
CVE
added 2024/08/14 11:57 a.m.75 views

CVE-2024-39401

CVE-2024-39401 affects Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. Root cause is Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) that could lead to arbitrary code execution by an admin attacker; exploitation requires user in...

8.4CVSS8.7AI score0.01529EPSS
Total number of security vulnerabilities198