198 matches found
CVE-2022-34255
Adobe Commerce and Magento Open Source are affected by CVE-2022-34255 (Improper Access Control) allowing privilege escalation and potential account takeover with no user interaction. Affected versions include Adobe Commerce 2.4.3-p2 and earlier, 2.3.7-p3 and earlier, and 2.4.4 and earlier. Root c...
CVE-2024-39418
Adobe Commerce/CMS: CVE-2024-39418 is an Improper Authorization flaw (CWE-285) affecting 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. The issue allows a low-privileged attacker to bypass security and view/edit low-sensitivity data without user interaction. The Nessus adapter references APS...
CVE-2023-38221
CVE-2023-38221 concerns Adobe Commerce/Magento with an SQL Injection in versions up to 2.4.7-beta1 and earlier. The root cause is improper neutralization of special elements in an SQL command. The impact is potential arbitrary code execution by an attacker with admin privileges (no user interacti...
CVE-2023-29289
Adobe Commerce and Magento are affected by CVE-2023-29289 (XML Injection) in versions 2.4.6 and earlier, 2.4.5-p2 and earlier, and 2.4.4-p3 and earlier. The issue enables a low-privilege attacker to trigger a crafted script that bypasses a security feature, with exploitation not requiring user in...
CVE-2024-45124
CVE-2024-45124 affects Adobe Commerce (2.4.x: 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier) with an Improper Access Control vulnerability that could bypass security features and impact integrity at a low level. Exploitation does not require user interaction. The Connected documents corrobo...
CVE-2023-38250
CVE-2023-38250 affects Adobe Commerce (Magento) platforms: versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier, 2.4.4-p5 and earlier are vulnerable to SQL Injection that enables arbitrary code execution when exploited by an admin-privileged authenticated attacker. The iss...
CVE-2024-45130
Summary: CVE-2024-45130 affects Adobe Commerce/Magento Open Source and Adobe Commerce B2B products in multiple documents, with an Improper Access Control vulnerability that can enable a security feature bypass. The affected versions include Adobe Commerce 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 a...
CVE-2022-34254
Adobe Commerce (Magento) versions 2.4.3-p2 and earlier, 2.3.7-p3 and earlier, and 2.4.4 and earlier are affected by a Path Traversal vulnerability (improper limitation of a pathname to a restricted directory) that could be abused by a low-privilege attacker to read local files and perform Stored ...
CVE-2024-39414
CVE-2024-39414 affects Adobe Commerce/Magento Open Source versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. Root cause: Improper Authorization that allows a low-privileged attacker to bypass security controls and disclose minor information without user interaction. Exploitation is netw...
CVE-2024-45121
CVE-2024-45121 affects Adobe Commerce (Magento) versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. It is an Improper Access Control (CWE-284) vulnerability that could allow a low-privileged attacker to bypass security measures, with a low impact on integrity and no required user intera...
CVE-2022-34256
Adobe Commerce (Magento) vulnerable in versions 2.4.3-p2 and earlier, 2.3.7-p3 and earlier, and 2.4.4 and earlier due to an Improper Authorization issue that could lead to privilege escalation and access to other users’ data. Exploitation does not require user interaction. The issue is documented...
CVE-2024-39419
Adobe Commerce (Magento) is affected by CVE-2024-39419: an Improper Authorization vulnerability that allows a low-privileged attacker to bypass security measures and modify minor information without user interaction. Affected versions include 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. Th...
CVE-2022-42344
CVE-2022-42344 affects Adobe Commerce versions 2.4.3-p2 and earlier, 2.3.7-p3 and earlier, and 2.4.4 and earlier. The issue is described as an Incorrect Authorization/ improper input validation vulnerability that allows an authenticated attacker to cause information exposure and privilege escalat...
CVE-2025-24412
CVE-2025-24412 affects Adobe Commerce and Magento Open Source, with stored XSS in vulnerable form fields across multiple 2.4.x releases (e.g., 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier). The underlying issue is a stored XSS that an attacker with low privileges can abuse to...
CVE-2025-24414
CVE-2025-24414 affects Adobe Commerce prior to some 2.4.x releases (2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier). It is a stored Cross-Site Scripting (XSS) vulnerability that a low-privileged attacker can exploit via vulnerable form fields to inject JavaScript, potentially e...
CVE-2023-38219
CVE-2023-38219 describes a stored XSS in Adobe Commerce/Magento Open Source prior to versions affected in the description. The root cause is insufficient filtering/escaping of user-supplied data, with the payload stored in an admin area and executed in a victim’s browser when visiting vulnerable ...
CVE-2024-20759
CVE-2024-20759 affects Adobe Commerce (Magento) Open/Commerce platforms: versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier. The issue is a stored Cross‑Site Scripting (XSS) vulnerability in vulnerable form fields that could be exploited by a high‑privileged attacker to inject malicio...
CVE-2022-35692
Adobe Commerce/Open Source Magento 2.x versions 2.4.3-p2 and earlier, 2.3.7-p3 and earlier, and 2.4.4 and earlier are affected by an Improper Access Control vulnerability that could bypass security features and allow leakage of minor information from another user’s account. Exploitation does not ...
CVE-2023-38251
Adobe Commerce is affected by an Uncontrolled Resource Consumption vulnerability (CVE-2023-38251) that can cause a minor denial-of-service without user interaction. Affected: Adobe Commerce versions up to 2.4.7-beta1, 2.4.6-p2, 2.4.5-p4, and 2.4.4-p5 (and earlier). The root cause is Uncontrolled ...
CVE-2024-34103
CVE-2024-34103 affects Adobe Commerce/Magento Open Source: versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier; described as Improper Authentication leading to privilege escalation. Exploitation requires no user interaction but has high attack complexity. Connected sources reference an accou...
CVE-2025-27206
Adobe Commerce (versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier) is impacted by an Improper Access Control vulnerability that could bypass security features and grant limited write access. The issue enables a security feature bypass without user interaction. Multiple connect...
CVE-2023-22248
CVE-2023-22248 affects Adobe Commerce 2.4.x (2.4.6 and earlier, 2.4.5-p2, 2.4.4-p3 and earlier). It is an Incorrect Authorization vulnerability that could bypass a security feature and leak another user’s data. Exploitation does not require user interaction. Documents note that Adobe has released...
CVE-2025-27188
Adobe Commerce (Magento) is affected by CVE-2025-27188: an Improper Authorization vulnerability that could allow Privilege Escalation in versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier. Root cause is improper authorization; exploitation does not require user interaction...
CVE-2025-24409
CVE-2025-24409 affects Adobe Commerce: versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect/Improper Authorization vulnerability that can bypass security features and grant unauthorized access without user interaction. The impact is described as ...
CVE-2023-22251
CVE-2023-22251 describes an Incorrect Authorization flaw impacting Adobe Commerce / Magento Open Source (notably versions 2.4.4-p2 and earlier, 2.4.5-p1 and earlier). The issue allows a low-privileged authenticated attacker to cause a minor information disclosure . Core details across connected d...
CVE-2025-24436
CVE-2025-24436 affects Adobe Commerce: an Incorrect Authorization vulnerability that could allow a low-privileged, remote attacker to view select information without user interaction. Affected versions include 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier. Impact: security fea...
CVE-2024-45122
Adobe Commerce/Open Source Magento Open Source CVE-2024-45122 describes an Improper Access Control vulnerability that could allow a low-privileged attacker to bypass security measures with low confidentiality impact and without user interaction. Affected versions include Adobe Commerce 2.4.7-p2, ...
CVE-2023-26366
CVE-2023-26366 affects Adobe Commerce/Magento Open Source in versions 2.4.4-p5 through 2.4.7-beta1 and earlier. The issue is Server-Side Request Forgery (SSRF) that lets an authenticated, high-privilege attacker cause the application to read arbitrary files by injecting arbitrary URLs; exploitati...
CVE-2025-24411
CVE-2025-24411 affects Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier, with an Improper Access Control that could bypass security measures and compromise Confidentiality and Integrity. The attack path is credential-insufficient: a low-privileged attacker...
CVE-2025-24417
Adobe Commerce CVE-2025-24417 affects multiple 2.4.x releases (2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier) with a stored XSS vulnerability that a low-privilege attacker can abuse to inject malicious scripts into vulnerable form fields. Malicious JavaScript may execute in vi...
CVE-2025-24430
CVE-2025-24430 affects Adobe Commerce (and Magento-related builds) up to versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. It describes a Time-of-check Time-of-use (TOCTOU) race condition in the security feature logic that could be exploited to bypass certain protections...
CVE-2025-24427
CVE-2025-24427 affects Adobe Commerce: vulnerable in 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. The issue is Improper Access Control allowing a low-privilege attacker to bypass security measures and gain unauthorized write access without user interaction. Connected sources...
CVE-2025-24429
CVE-2025-24429 affects Adobe Commerce (versions including 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier) and is an Improper Access Control vulnerability that can bypass security features and grant read-only access to an attacker with low privileges. Exploitation, per the NVD e...
CVE-2023-38209
Adobe Commerce/Open Source Magento versions 2.4.4-p4–2.4.6-p1 (and earlier) are affected by an Incorrect Authorization vulnerability that permits a low-privileged attacker to access other users’ data without user interaction. The issue stems from improper access control and has a high confidentia...
CVE-2025-24408
Adobe Commerce CVE-2025-24408 describes an Information Exposure vulnerability affecting multiple 2.x releases (2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier). The issue could allow a low-privileged, remote attacker to access sensitive information without user interaction, with...
CVE-2025-24421
CVE-2025-24421 affects Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier, due to an Incorrect Authorization flaw that could allow a low-privilege attacker to read select data with no user interaction. The issue enables a security feature bypass. Adobe and r...
CVE-2023-29288
Adobe Commerce (Magento) 2.x up to 2.4.6 (and earlier 2.4.5-p2, 2.4.4-p3) is affected by an Incorrect Authorization vulnerability (CWE-863) that could bypass a security feature and allow a privileged attacker to modify a minor portion of another user’s data. Exploitation does not require user int...
CVE-2023-29293
Adobe Commerce (Magento) Open Source/Commerce: Vulnerable in 2.4.4-p3 and earlier up to 2.4.6 and earlier. An Improper Input Validation vulnerability could allow an admin-privileged attacker to bypass a security feature and affect the availability of a user’s minor feature without user interactio...
CVE-2023-29287
Adobe Commerce/Magento suffers an Information Disclosure vulnerability that can bypass a security feature and leak minor user data without user interaction. Affects: Adobe Commerce/Magento 2.4.6 and earlier (including 2.4.5-p2, 2.4.4-p3). Root cause: Information exposure enabling limited data lea...
CVE-2023-38207
Summary: CVE-2023-38207 affects Adobe Commerce (Magento) across multiple 2.4.x releases due to an XML Injection (Blind XPath Injection) flaw that can allow reading of minor arbitrary files from the filesystem without user interaction. Affected: 2.4.6-p1 and earlier, 2.4.5-p3 and earlier, 2.4.4-p4...
CVE-2024-45148
CVE-2024-45148 affects Adobe Commerce/Magento Open Source: versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could bypass security features. A low-privileged attacker could gain unauthorized access without credentials, and e...
CVE-2025-24415
Adobe Commerce and Magento Open Source are affected by a stored XSS vulnerability in vulnerable form fields across versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. A low-privileged attacker can inject malicious scripts, which may execute in a victim’s browser and could ...
CVE-2023-29291
Adobe Commerce (Magento) is affected by CVE-2023-29291: SSRF that can lead to arbitrary file-system reads. Affected versions include 2.4.6 and earlier, 2.4.5-p2 and earlier, 2.4.4-p3 and earlier. An admin-privilege authenticated attacker can force the application to make arbitrary requests via in...
CVE-2024-45123
Adobe Commerce (Magento Open Source) CVE-2024-45123 is a reflected Cross-Site Scripting (XSS) vulnerability affecting versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. An attacker who can entice a user to visit a specially crafted URL can cause malicious JavaScript to execute in the v...
CVE-2025-24413
CVE-2025-24413 is a stored XSS vulnerability in Adobe Commerce affecting versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. The flaw allows a low-privileged attacker to inject malicious scripts into vulnerable form fields, which execute in a victim’s browser when viewing ...
CVE-2025-24432
CVE-2025-24432 affects Adobe Commerce: TOCTOU race condition in multiple 2.4.x releases (2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier) that could bypass a security feature by altering a checked condition before use, potentially bypassing rate limiting. Exploitation is describ...
CVE-2024-39415
CVE-2024-39415 affects Adobe Commerce and Magento Open Source installations running 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier with an Improper Authorization vulnerability that can bypass security measures and disclose minor information without user interaction. Connected sources indicate...
CVE-2025-24435
CVE-2025-24435 affects Adobe Commerce and Magento Open Source with an Improper Access Control vulnerability enabling a low-privilege attacker to escalate privileges and modify limited fields without user interaction. Affected versions include 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 ...
CVE-2024-34107
Adobe Commerce/Open Source Magento is affected by CVE-2024-34107 (Improper Access Control). Affected versions include 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier. The vulnerability allows bypassing security controls to view minor unauthorized information, with exploitation not requiring user ...
CVE-2024-39401
CVE-2024-39401 affects Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. Root cause is Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) that could lead to arbitrary code execution by an admin attacker; exploitation requires user in...