198 matches found
CVE-2024-39401
CVE-2024-39401 affects Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. Root cause is Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) that could lead to arbitrary code execution by an admin attacker; exploitation requires user in...
CVE-2025-27190
Summary (CVE-2025-27190) : Adobe Commerce (Magento) versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could bypass security features and grant unauthorized access. The issue, exploitable without user interactio...
CVE-2025-27192
CVE-2025-27192 affects Adobe Commerce/Magento: versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier. Root cause: Insufficiently Protected Credentials that could allow an attacker with elevated privileges to obtain sensitive credential information and bypass security features...
CVE-2023-29296
Adobe Commerce is affected by an Incorrect Authorization vulnerability (CVE-2023-29296) impacting 2.4.6 and earlier (including 2.4.5-p2, 2.4.4-p3). A low-privilege attacker could bypass security features and modify a minor portion of another user’s data without user interaction. No exploitation d...
CVE-2024-39402
CVE-2024-39402 affects Adobe Commerce (and Magento Open Source) versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. It is an OS Command Injection caused by improper neutralization of special elements, potentially leading to arbitrary code execution. Exploitation requires admin user inter...
CVE-2025-24416
CVE-2025-24416 affects Adobe Commerce. The vulnerability is a stored XSS in vulnerable form fields that could allow a low-privilege attacker to execute malicious JavaScript in a victim’s browser, with potential session takeover and impact on confidentiality and integrity (CVE details list affecte...
CVE-2024-34106
Adobe Commerce/Magento Open Source versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Incorrect Authorization vulnerability that can bypass security features and allow an attacker to gain unauthorized access or perform actions with another user’s privileges. Exploitation ...
CVE-2024-45131
Adobe Commerce (Magento Open Source) vulnerability CVE-2024-45131 affects versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. The issue is an Improper Authorization that could allow a low-privileged attacker to bypass security features with low impact on confidentiality and integrity; e...
CVE-2024-34108
Adobe Commerce/Magento Open Source
CVE-2025-24425
The CVE-2025-24425 entry concerns Adobe Commerce with a Business Logic Error that can bypass security features and allow limited data modification without user interaction. Affected versions include 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. The underlying issue is a logic...
CVE-2024-39405
CVE-2024-39405 affects Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. It is an Improper Authorization (CWE-285) vulnerability that could bypass security features, allowing a low-priv attacker to modify minor information without user interaction. The CVSS 3.1 vector: A...
CVE-2024-39413
CVE-2024-39413 affects Adobe Commerce (Magento) versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier, due to an Improper Authorization vulnerability that could bypass security controls and disclose minor information. Exploitation can occur without user interaction by a low-privileged attac...
CVE-2024-45120
CVE-2024-45120 affects Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. The issue is a Time-of-check Time-of-use (TOCTOU) race condition that can bypass a security feature by altering a condition between the check and the resource use. The impact is described as low fo...
CVE-2024-49521
CVE-2024-49521 affects Adobe Commerce 3.2.5 and earlier . The vulnerability is a Server-Side Request Forgery (SSRF) that could enable a low-privileged attacker to issue crafted requests from the vulnerable server to internal systems, potentially bypassing security controls such as firewalls. Expl...
CVE-2024-39411
CVE-2024-39411 affects Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. The issue is an Improper Authorization vulnerability that can bypass security features and allow a low-privilege attacker to disclose minor information without user interaction. The connected source...
CVE-2024-39417
CVE-2024-39417 affects Adobe Commerce/Magento Open Source versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. The issue is an Improper Authorization that could allow a low-privileged attacker to bypass security features and disclose minor information without user interaction. Documents d...
CVE-2024-39410
Adobe Commerce (Magento) CSRF CVE-2024-39410 affects 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. Root cause: Cross-Site Request Forgery allowing a user‑bypass of security features and minor integrity changes. Exploitation could occur by tricking a victim into a malicious request; some sou...
CVE-2023-29294
Summary: CVE-2023-29294 affects Adobe Commerce (and Magento) versions 2.4.6 and earlier, 2.4.5-p2 and earlier, and 2.4.4-p3 and earlier. It is described as a business logic error that could allow a low-privilege attacker to bypass a security feature without user interaction. The CVE entry cites a...
CVE-2024-39398
Adobe Commerce and Magento Open Source versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by CVE-2024-39398: Improper Restriction of Excessive Authentication Attempts, which could allow brute-force access to accounts without user interaction. The issue stems from insufficien...
CVE-2024-39408
Adobe Commerce/Open Source Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow bypass of security features and perform minor integrity changes on behalf of a user. Exploitation requires user interac...
CVE-2024-39412
CVE-2024-39412 affects Adobe Commerce and Magento Open Source, with vulnerable versions including 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. The issue is Improper Authorization that could enable a low-privileged attacker to bypass security measures and perform a minor integrity change wi...
CVE-2024-45115
Adobe Commerce CVE-2024-45115 affects multiple 2.4.x releases (2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier) with an Improper Authentication vulnerability that can escalate privileges without user interaction. The issue is documented with a high-impact CVSS v3.1 (9.8, AV:N/AC:L/PR:N/UI:N/S...
CVE-2024-45128
CVE-2024-45128 affects Adobe Commerce and Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. The vulnerability is an Improper Authorization that could allow a low-privileged attacker to bypass security features, with a resulting, albeit low, impact on integrity and ...
CVE-2024-39403
CVE-2024-39403 is a stored XSS vulnerability in Adobe Commerce/Magento Open Source (Magento) tied to the Webhook module public key configuration. Affected: Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. Impact per sources: attacker could inject malicious script into v...
CVE-2024-45125
Adobe Commerce (Magento Open Source) CVE-2024-45125 affects versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier, due to an Incorrect Authorization vulnerability that can bypass security features. The issue allows a low-privilege attacker to impact integrity with a low severity (CVSS 3.1:...
CVE-2024-39404
CVE-2024-39404 affects Adobe Commerce/Magento Open Source versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. The issue is an Improper Authorization vulnerability enabling a low-privileged attacker to bypass security measures and modify minor information without user interaction. The vul...
CVE-2024-39416
CVE-2024-39416 affects Adobe Commerce and Magento Open Source versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier, due to an improper authorization issue that could bypass security features and disclose minor information. Exploitation does not require user interaction. Connected documents...
CVE-2024-45133
CVE-2024-45133 affects Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. The issue is an Information Exposure vulnerability that could enable a security feature bypass, with a low confidentiality impact and no required user interaction. Exploitation does not require use...
CVE-2024-45149
Adobe Commerce (Magento) versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability (CVE-2024-45149) that could bypass security features. A high-privileged attacker could exploit this vulnerability to bypass security with a low impact on ...
CVE-2025-49556
Adobe Commerce/Magento Open Source versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Incorrect Authorization vulnerability (CVE-2025-49556) that could bypass security features and allow unauthorized read access. The issue is network-exploita...
CVE-2024-39409
CVE-2024-39409 affects Adobe Commerce/Magento Open Source 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier with a Cross-Site Request Forgery (CSRF) vulnerability. Exploitation requires user interaction (tricking a user into submitting a malicious request) and could allow minor integrity changes...
CVE-2024-45118
CVE-2024-45118 affects Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier, with an Improper Access Control vulnerability (CWE-284) that could allow a low-privileged attacker to bypass security features and impact integrity. The reports consistently describe a high-impact,...
CVE-2024-45129
CVE-2024-45129 affects Adobe Commerce (and Magento Open Source) versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier, due to an Improper Access Control vulnerability that could enable privilege escalation. A low-privileged attacker could bypass security controls and achieve integrity impa...
CVE-2024-45132
CVE-2024-45132 affects Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. The issue is an Improper Authorization vulnerability that could enable a privilege escalation . A low-privileged attacker could bypass security measures and gain access with higher privileges, with...
CVE-2025-27191
CVE-2025-27191 affects Adobe Commerce (Magento) versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier, due to an Improper Access Control vulnerability that could result in a security feature bypass and unauthorized access. Exploitation does not require user interaction. The v...
CVE-2025-43586
Summary of CVE-2025-43586 (Adobe Commerce) : Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could enable privilege escalation. A low-privileged attacker could bypass security measures and gain elev...
CVE-2024-45134
CVE-2024-45134 (Adobe Commerce) affects Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. The vulnerability is an Information Exposure that could result in a security feature bypass, with a low confidentiality impact. Exploitation does not require user interaction and, ...
CVE-2024-45135
Summary of CVE-2024-45135 : Adobe Commerce (versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier) is affected by an Improper Access Control vulnerability that could result in a security feature bypass. The underlying issue is an access-control flaw that could be exploited by an admin atta...
CVE-2025-49557
CVE-2025-49557 refers to a stored Cross-site Scripting (XSS) vulnerability in Adobe Commerce/Magento Open Source versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier. The issue allows a low-privileged attacker to inject malicious scripts into vulnerable form fiel...
CVE-2026-34654
The CVE concerns Adobe Commerce (Magento) versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier affected by a Dependency on Vulnerable Third-Party Component vulnerability causing a denial-of-service. Exploitation does not require user interaction and can be perform...
CVE-2025-49554
CVE-2025-49554 — Adobe Commerce/Magento DoS via Improper Input Validation . Affected: Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier. Root cause: improper input validation could cause the application to crash or become unresponsive, enabling ...
CVE-2026-21282
CVE-2026-21282 affects Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier. The vulnerability is Improper Input Validation that could lead to a denial-of-service; exploitation does not require user interaction. Public connected sources confirm the...
CVE-2026-34656
Adobe Commerce is affected by an Improper Authorization (CWE-285) vulnerability (CVE-2026-34656) impacting versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier. The issue could bypass security features and grant unauthorized write access. Exploitation requires use...
CVE-2026-34686
Adobe Commerce (Magento) versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored cross-site scripting (XSS) vulnerability. A low-privilege attacker can abuse vulnerable form fields to inject malicious scripts, which may execute in a victim’s ...
CVE-2025-49555
CVE-2025-49555 affects Adobe Commerce/Magento Open Source (versions 2.4.9-alpha1 through earlier) with a Cross-Site Request Forgery (CSRF) vulnerability that can lead to privilege escalation when a user is authenticated. Exploitation requires user interaction (victim visits malicious site or clic...
CVE-2025-54263
CVE-2025-54263 affects Adobe Commerce / Magento Open Source versions including 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier. It is an Incorrect Authorization vulnerability that allows a low-privileged attacker to bypass security measures and gain unauthorized acce...
CVE-2026-21361
Adobe Commerce
CVE-2026-34650
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. Exploitation can be performed remotely over the network with no user interactio...
CVE-2026-34685
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A high-privileged attacker could bypass security measures and gain unauthorized write acc...
CVE-2025-49550
Adobe Commerce (Magento) versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could bypass security features and allow limited unauthorized access. Exploitation requires user interaction. The issue is documented across...