Lucene search
+L
AdobeCommerce

198 matches found

CVE
CVE
added 2024/08/14 11:57 a.m.75 views

CVE-2024-39401

CVE-2024-39401 affects Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. Root cause is Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) that could lead to arbitrary code execution by an admin attacker; exploitation requires user in...

8.4CVSS8.7AI score0.01529EPSS
CVE
CVE
added 2025/04/08 8:17 p.m.75 views

CVE-2025-27190

Summary (CVE-2025-27190) : Adobe Commerce (Magento) versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could bypass security features and grant unauthorized access. The issue, exploitable without user interactio...

5.3CVSS7.1AI score0.00468EPSS
CVE
CVE
added 2025/04/08 8:17 p.m.74 views

CVE-2025-27192

CVE-2025-27192 affects Adobe Commerce/Magento: versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier. Root cause: Insufficiently Protected Credentials that could allow an attacker with elevated privileges to obtain sensitive credential information and bypass security features...

2.7CVSS6.9AI score0.00461EPSS
CVE
CVE
added 2023/06/15 12:0 a.m.73 views

CVE-2023-29296

Adobe Commerce is affected by an Incorrect Authorization vulnerability (CVE-2023-29296) impacting 2.4.6 and earlier (including 2.4.5-p2, 2.4.4-p3). A low-privilege attacker could bypass security features and modify a minor portion of another user’s data without user interaction. No exploitation d...

4.3CVSS4.4AI score0.00585EPSS
CVE
CVE
added 2024/08/14 11:57 a.m.73 views

CVE-2024-39402

CVE-2024-39402 affects Adobe Commerce (and Magento Open Source) versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. It is an OS Command Injection caused by improper neutralization of special elements, potentially leading to arbitrary code execution. Exploitation requires admin user inter...

8.4CVSS8.7AI score0.01529EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.73 views

CVE-2025-24416

CVE-2025-24416 affects Adobe Commerce. The vulnerability is a stored XSS in vulnerable form fields that could allow a low-privilege attacker to execute malicious JavaScript in a victim’s browser, with potential session takeover and impact on confidentiality and integrity (CVE details list affecte...

8.7CVSS7.5AI score0.00684EPSS
CVE
CVE
added 2024/06/13 9:5 a.m.72 views

CVE-2024-34106

Adobe Commerce/Magento Open Source versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Incorrect Authorization vulnerability that can bypass security features and allow an attacker to gain unauthorized access or perform actions with another user’s privileges. Exploitation ...

5.3CVSS5.3AI score0.00846EPSS
CVE
CVE
added 2024/10/10 9:57 a.m.72 views

CVE-2024-45131

Adobe Commerce (Magento Open Source) vulnerability CVE-2024-45131 affects versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. The issue is an Improper Authorization that could allow a low-privileged attacker to bypass security features with low impact on confidentiality and integrity; e...

5.4CVSS5.3AI score0.00452EPSS
CVE
CVE
added 2024/06/13 9:4 a.m.71 views

CVE-2024-34108

Adobe Commerce/Magento Open Source

9.1CVSS8.6AI score0.01616EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.71 views

CVE-2025-24425

The CVE-2025-24425 entry concerns Adobe Commerce with a Business Logic Error that can bypass security features and allow limited data modification without user interaction. Affected versions include 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. The underlying issue is a logic...

5.3CVSS5.6AI score0.00611EPSS
CVE
CVE
added 2024/08/14 11:57 a.m.70 views

CVE-2024-39405

CVE-2024-39405 affects Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. It is an Improper Authorization (CWE-285) vulnerability that could bypass security features, allowing a low-priv attacker to modify minor information without user interaction. The CVSS 3.1 vector: A...

4.3CVSS4.5AI score0.00429EPSS
CVE
CVE
added 2024/08/14 11:57 a.m.69 views

CVE-2024-39413

CVE-2024-39413 affects Adobe Commerce (Magento) versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier, due to an Improper Authorization vulnerability that could bypass security controls and disclose minor information. Exploitation can occur without user interaction by a low-privileged attac...

4.3CVSS4.5AI score0.00442EPSS
CVE
CVE
added 2024/10/10 9:57 a.m.69 views

CVE-2024-45120

CVE-2024-45120 affects Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. The issue is a Time-of-check Time-of-use (TOCTOU) race condition that can bypass a security feature by altering a condition between the check and the resource use. The impact is described as low fo...

3.1CVSS4.5AI score0.0037EPSS
CVE
CVE
added 2024/11/12 4:41 p.m.69 views

CVE-2024-49521

CVE-2024-49521 affects Adobe Commerce 3.2.5 and earlier . The vulnerability is a Server-Side Request Forgery (SSRF) that could enable a low-privileged attacker to issue crafted requests from the vulnerable server to internal systems, potentially bypassing security controls such as firewalls. Expl...

7.7CVSS7.4AI score0.00652EPSS
CVE
CVE
added 2024/08/14 11:57 a.m.68 views

CVE-2024-39411

CVE-2024-39411 affects Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. The issue is an Improper Authorization vulnerability that can bypass security features and allow a low-privilege attacker to disclose minor information without user interaction. The connected source...

4.3CVSS4.5AI score0.00442EPSS
CVE
CVE
added 2024/08/14 11:57 a.m.68 views

CVE-2024-39417

CVE-2024-39417 affects Adobe Commerce/Magento Open Source versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. The issue is an Improper Authorization that could allow a low-privileged attacker to bypass security features and disclose minor information without user interaction. Documents d...

4.3CVSS4.5AI score0.00442EPSS
CVE
CVE
added 2024/08/14 11:57 a.m.67 views

CVE-2024-39410

Adobe Commerce (Magento) CSRF CVE-2024-39410 affects 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. Root cause: Cross-Site Request Forgery allowing a user‑bypass of security features and minor integrity changes. Exploitation could occur by tricking a victim into a malicious request; some sou...

4.3CVSS5.2AI score0.00449EPSS
CVE
CVE
added 2023/06/15 12:0 a.m.66 views

CVE-2023-29294

Summary: CVE-2023-29294 affects Adobe Commerce (and Magento) versions 2.4.6 and earlier, 2.4.5-p2 and earlier, and 2.4.4-p3 and earlier. It is described as a business logic error that could allow a low-privilege attacker to bypass a security feature without user interaction. The CVE entry cites a...

4.3CVSS4.4AI score0.00668EPSS
CVE
CVE
added 2024/08/14 11:57 a.m.66 views

CVE-2024-39398

Adobe Commerce and Magento Open Source versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by CVE-2024-39398: Improper Restriction of Excessive Authentication Attempts, which could allow brute-force access to accounts without user interaction. The issue stems from insufficien...

7.4CVSS7.5AI score0.00751EPSS
CVE
CVE
added 2024/08/14 11:57 a.m.66 views

CVE-2024-39408

Adobe Commerce/Open Source Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow bypass of security features and perform minor integrity changes on behalf of a user. Exploitation requires user interac...

4.3CVSS5.8AI score0.00449EPSS
CVE
CVE
added 2024/08/14 11:57 a.m.66 views

CVE-2024-39412

CVE-2024-39412 affects Adobe Commerce and Magento Open Source, with vulnerable versions including 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. The issue is Improper Authorization that could enable a low-privileged attacker to bypass security measures and perform a minor integrity change wi...

4.3CVSS5AI score0.00429EPSS
CVE
CVE
added 2024/10/10 9:58 a.m.66 views

CVE-2024-45115

Adobe Commerce CVE-2024-45115 affects multiple 2.4.x releases (2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier) with an Improper Authentication vulnerability that can escalate privileges without user interaction. The issue is documented with a high-impact CVSS v3.1 (9.8, AV:N/AC:L/PR:N/UI:N/S...

9.8CVSS9.7AI score0.01073EPSS
CVE
CVE
added 2024/10/10 9:58 a.m.66 views

CVE-2024-45128

CVE-2024-45128 affects Adobe Commerce and Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. The vulnerability is an Improper Authorization that could allow a low-privileged attacker to bypass security features, with a resulting, albeit low, impact on integrity and ...

5.4CVSS5.3AI score0.00592EPSS
CVE
CVE
added 2024/08/14 11:57 a.m.64 views

CVE-2024-39403

CVE-2024-39403 is a stored XSS vulnerability in Adobe Commerce/Magento Open Source (Magento) tied to the Webhook module public key configuration. Affected: Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. Impact per sources: attacker could inject malicious script into v...

7.6CVSS6.5AI score0.0049EPSS
CVE
CVE
added 2024/10/10 9:57 a.m.64 views

CVE-2024-45125

Adobe Commerce (Magento Open Source) CVE-2024-45125 affects versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier, due to an Incorrect Authorization vulnerability that can bypass security features. The issue allows a low-privilege attacker to impact integrity with a low severity (CVSS 3.1:...

4.3CVSS4.4AI score0.00535EPSS
CVE
CVE
added 2024/08/14 11:57 a.m.63 views

CVE-2024-39404

CVE-2024-39404 affects Adobe Commerce/Magento Open Source versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. The issue is an Improper Authorization vulnerability enabling a low-privileged attacker to bypass security measures and modify minor information without user interaction. The vul...

4.3CVSS4.5AI score0.00455EPSS
CVE
CVE
added 2024/08/14 11:57 a.m.63 views

CVE-2024-39416

CVE-2024-39416 affects Adobe Commerce and Magento Open Source versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier, due to an improper authorization issue that could bypass security features and disclose minor information. Exploitation does not require user interaction. Connected documents...

4.3CVSS4.5AI score0.00442EPSS
CVE
CVE
added 2024/10/10 9:58 a.m.63 views

CVE-2024-45133

CVE-2024-45133 affects Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. The issue is an Information Exposure vulnerability that could enable a security feature bypass, with a low confidentiality impact and no required user interaction. Exploitation does not require use...

2.7CVSS3.3AI score0.00596EPSS
CVE
CVE
added 2024/10/10 9:57 a.m.62 views

CVE-2024-45149

Adobe Commerce (Magento) versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability (CVE-2024-45149) that could bypass security features. A high-privileged attacker could exploit this vulnerability to bypass security with a low impact on ...

2.7CVSS3.7AI score0.00478EPSS
CVE
CVE
added 2025/08/12 5:55 p.m.62 views

CVE-2025-49556

Adobe Commerce/Magento Open Source versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Incorrect Authorization vulnerability (CVE-2025-49556) that could bypass security features and allow unauthorized read access. The issue is network-exploita...

7.5CVSS7.1AI score0.00615EPSS
CVE
CVE
added 2024/08/14 11:57 a.m.61 views

CVE-2024-39409

CVE-2024-39409 affects Adobe Commerce/Magento Open Source 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier with a Cross-Site Request Forgery (CSRF) vulnerability. Exploitation requires user interaction (tricking a user into submitting a malicious request) and could allow minor integrity changes...

4.3CVSS5.8AI score0.00449EPSS
CVE
CVE
added 2024/10/10 9:57 a.m.60 views

CVE-2024-45118

CVE-2024-45118 affects Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier, with an Improper Access Control vulnerability (CWE-284) that could allow a low-privileged attacker to bypass security features and impact integrity. The reports consistently describe a high-impact,...

6.5CVSS6.3AI score0.00643EPSS
CVE
CVE
added 2024/10/10 9:57 a.m.59 views

CVE-2024-45129

CVE-2024-45129 affects Adobe Commerce (and Magento Open Source) versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier, due to an Improper Access Control vulnerability that could enable privilege escalation. A low-privileged attacker could bypass security controls and achieve integrity impa...

4.3CVSS4.9AI score0.00535EPSS
CVE
CVE
added 2024/10/10 9:57 a.m.59 views

CVE-2024-45132

CVE-2024-45132 affects Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. The issue is an Improper Authorization vulnerability that could enable a privilege escalation . A low-privileged attacker could bypass security measures and gain access with higher privileges, with...

6.5CVSS6.7AI score0.00727EPSS
CVE
CVE
added 2025/04/08 8:17 p.m.59 views

CVE-2025-27191

CVE-2025-27191 affects Adobe Commerce (Magento) versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier, due to an Improper Access Control vulnerability that could result in a security feature bypass and unauthorized access. Exploitation does not require user interaction. The v...

5.3CVSS7.1AI score0.00468EPSS
CVE
CVE
added 2025/06/10 4:8 p.m.59 views

CVE-2025-43586

Summary of CVE-2025-43586 (Adobe Commerce) : Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could enable privilege escalation. A low-privileged attacker could bypass security measures and gain elev...

8.1CVSS8.1AI score0.0048EPSS
CVE
CVE
added 2024/10/10 9:57 a.m.57 views

CVE-2024-45134

CVE-2024-45134 (Adobe Commerce) affects Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. The vulnerability is an Information Exposure that could result in a security feature bypass, with a low confidentiality impact. Exploitation does not require user interaction and, ...

2.7CVSS3.9AI score0.00629EPSS
CVE
CVE
added 2024/10/10 9:57 a.m.48 views

CVE-2024-45135

Summary of CVE-2024-45135 : Adobe Commerce (versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier) is affected by an Improper Access Control vulnerability that could result in a security feature bypass. The underlying issue is an access-control flaw that could be exploited by an admin atta...

2.7CVSS4AI score0.00578EPSS
CVE
CVE
added 2025/08/12 5:55 p.m.42 views

CVE-2025-49557

CVE-2025-49557 refers to a stored Cross-site Scripting (XSS) vulnerability in Adobe Commerce/Magento Open Source versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier. The issue allows a low-privileged attacker to inject malicious scripts into vulnerable form fiel...

8.7CVSS4.9AI score0.00648EPSS
CVE
CVE
added 2026/05/12 7:50 p.m.41 views

CVE-2026-34654

The CVE concerns Adobe Commerce (Magento) versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier affected by a Dependency on Vulnerable Third-Party Component vulnerability causing a denial-of-service. Exploitation does not require user interaction and can be perform...

5.3CVSS5.8AI score0.0062EPSS
CVE
CVE
added 2025/08/12 5:55 p.m.36 views

CVE-2025-49554

CVE-2025-49554 — Adobe Commerce/Magento DoS via Improper Input Validation . Affected: Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier. Root cause: improper input validation could cause the application to crash or become unresponsive, enabling ...

7.5CVSS6.9AI score0.0058EPSS
CVE
CVE
added 2026/03/11 2:19 a.m.35 views

CVE-2026-21282

CVE-2026-21282 affects Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier. The vulnerability is Improper Input Validation that could lead to a denial-of-service; exploitation does not require user interaction. Public connected sources confirm the...

5.3CVSS5.8AI score0.00524EPSS
CVE
CVE
added 2026/05/12 7:50 p.m.35 views

CVE-2026-34656

Adobe Commerce is affected by an Improper Authorization (CWE-285) vulnerability (CVE-2026-34656) impacting versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier. The issue could bypass security features and grant unauthorized write access. Exploitation requires use...

4.3CVSS5.8AI score0.00393EPSS
CVE
CVE
added 2026/05/12 7:50 p.m.33 views

CVE-2026-34686

Adobe Commerce (Magento) versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored cross-site scripting (XSS) vulnerability. A low-privilege attacker can abuse vulnerable form fields to inject malicious scripts, which may execute in a victim’s ...

8.7CVSS5.8AI score0.00402EPSS
CVE
CVE
added 2025/08/12 5:55 p.m.32 views

CVE-2025-49555

CVE-2025-49555 affects Adobe Commerce/Magento Open Source (versions 2.4.9-alpha1 through earlier) with a Cross-Site Request Forgery (CSRF) vulnerability that can lead to privilege escalation when a user is authenticated. Exploitation requires user interaction (victim visits malicious site or clic...

8.1CVSS7AI score0.00911EPSS
CVE
CVE
added 2025/10/14 8:27 p.m.32 views

CVE-2025-54263

CVE-2025-54263 affects Adobe Commerce / Magento Open Source versions including 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier. It is an Incorrect Authorization vulnerability that allows a low-privileged attacker to bypass security measures and gain unauthorized acce...

8.1CVSS6.3AI score0.00502EPSS
CVE
CVE
added 2026/03/11 2:19 a.m.32 views

CVE-2026-21361

Adobe Commerce

8.1CVSS5.7AI score0.00445EPSS
CVE
CVE
added 2026/05/12 7:50 p.m.32 views

CVE-2026-34650

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. Exploitation can be performed remotely over the network with no user interactio...

7.5CVSS5.8AI score0.15933EPSS
CVE
CVE
added 2026/05/12 7:50 p.m.32 views

CVE-2026-34685

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A high-privileged attacker could bypass security measures and gain unauthorized write acc...

3.4CVSS6.1AI score0.00373EPSS
CVE
CVE
added 2025/06/25 5:41 p.m.30 views

CVE-2025-49550

Adobe Commerce (Magento) versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could bypass security features and allow limited unauthorized access. Exploitation requires user interaction. The issue is documented across...

4.3CVSS7.1AI score0.0031EPSS
Total number of security vulnerabilities198