Commerce Security Vulnerabilities and Issues — Page 3 of Commerce CVE List

Lucene search

AdobeCommerce

136 matches found

CVE•added 2024/08/14 12:15 p.m.•49 views

CVE-2024-39410

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changes on behalf of a user. The vulnerability could be exploited by tric...

4.3CVSS5.2AI score0.00129EPSS

CVE•added 2024/08/14 12:15 p.m.•49 views

CVE-2024-39413

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. ...

4.3CVSS4.5AI score0.00097EPSS

CVE•added 2024/08/14 12:15 p.m.•49 views

CVE-2024-39417

4.3CVSS4.5AI score0.00097EPSS

CVE•added 2024/10/10 10:15 a.m.•49 views

CVE-2024-45127

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser...

4.8CVSS4.6AI score0.00311EPSS

CVE•added 2024/10/10 10:15 a.m.•49 views

CVE-2024-45128

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integr...

5.4CVSS5.3AI score0.00116EPSS

CVE•added 2025/04/08 9:15 p.m.•49 views

CVE-2025-27190

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. ...

5.3CVSS7.1AI score0.00127EPSS

CVE•added 2024/06/13 9:15 a.m.•48 views

CVE-2024-34106

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to gain unauthorized access or perform actions with the privileges of another...

5.3CVSS5.3AI score0.00288EPSS

CVE•added 2024/08/14 12:15 p.m.•48 views

CVE-2024-39398

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to perform brute force attacks and poten...

7.4CVSS7.5AI score0.00265EPSS

CVE•added 2024/08/14 12:15 p.m.•48 views

CVE-2024-39411

4.3CVSS4.5AI score0.00097EPSS

CVE•added 2024/08/14 12:15 p.m.•48 views

CVE-2024-39418

5.4CVSS5.4AI score0.00097EPSS

CVE•added 2024/08/14 12:15 p.m.•47 views

CVE-2024-39400

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an admin attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session. Exploit...

8.1CVSS7.1AI score0.00587EPSS

CVE•added 2024/08/14 12:15 p.m.•47 views

CVE-2024-39408

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changeson behalf of a user. The vulnerability could be exploited by trick...

4.3CVSS5.8AI score0.00129EPSS

CVE•added 2024/08/14 12:15 p.m.•47 views

CVE-2024-39414

4.3CVSS4.5AI score0.00101EPSS

CVE•added 2024/10/10 10:15 a.m.•47 views

CVE-2024-45117

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to read files from the system outside of the intended directories ...

7.6CVSS7.4AI score0.00609EPSS

CVE•added 2024/08/14 12:15 p.m.•46 views

CVE-2024-39412

4.3CVSS5AI score0.00102EPSS

CVE•added 2024/08/14 12:15 p.m.•45 views

CVE-2024-39404

4.3CVSS4.5AI score0.00106EPSS

CVE•added 2024/08/14 12:15 p.m.•45 views

CVE-2024-39416

4.3CVSS4.5AI score0.00101EPSS

CVE•added 2024/10/10 10:15 a.m.•45 views

CVE-2024-45133

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further atta...

2.7CVSS3.3AI score0.00107EPSS

CVE•added 2024/08/14 12:15 p.m.•44 views

CVE-2024-39409

4.3CVSS5.8AI score0.00129EPSS

CVE•added 2024/10/10 10:15 a.m.•44 views

CVE-2024-45115

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exp...

9.8CVSS9.7AI score0.00262EPSS

CVE•added 2024/08/14 12:15 p.m.•43 views

CVE-2024-39419

4.3CVSS4.5AI score0.00102EPSS

CVE•added 2024/10/10 10:15 a.m.•43 views

CVE-2024-45134

2.7CVSS3.9AI score0.00257EPSS

CVE•added 2025/04/08 9:15 p.m.•43 views

CVE-2025-27191

5.3CVSS7.1AI score0.00127EPSS

CVE•added 2024/10/10 10:15 a.m.•42 views

CVE-2024-45125

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to have a low impact on integrity. Exploitation of this iss...

4.3CVSS4.4AI score0.00074EPSS

CVE•added 2024/10/10 10:15 a.m.•40 views

CVE-2024-45121

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integ...

4.3CVSS4.8AI score0.00093EPSS

CVE•added 2024/10/10 10:15 a.m.•40 views

CVE-2024-45130

4.3CVSS4.8AI score0.00089EPSS

CVE•added 2025/06/10 4:15 p.m.•40 views

CVE-2025-47110

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in ...

8.4CVSS8.2AI score0.00111EPSS

CVE•added 2024/10/10 10:15 a.m.•39 views

CVE-2024-45132

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect confidentiality. Exploita...

6.5CVSS6.7AI score0.00113EPSS

CVE•added 2024/10/10 10:15 a.m.•39 views

CVE-2024-45149

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on conf...

2.7CVSS3.7AI score0.00108EPSS

CVE•added 2025/06/10 4:15 p.m.•39 views

CVE-2025-43586

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized elev...

8.1CVSS8.1AI score0.00067EPSS

CVE•added 2024/10/10 10:15 a.m.•38 views

CVE-2024-45129

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity....

4.3CVSS4.9AI score0.00089EPSS

CVE•added 2024/10/10 10:15 a.m.•37 views

CVE-2024-45118

6.5CVSS6.3AI score0.00093EPSS

CVE•added 2024/10/10 10:15 a.m.•37 views

CVE-2024-45122

4.3CVSS4.4AI score0.00088EPSS

CVE•added 2024/10/10 10:15 a.m.•37 views

CVE-2024-45124

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploita...

5.3CVSS5.1AI score0.00139EPSS

CVE•added 2025/06/10 4:15 p.m.•34 views

CVE-2025-27206

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited write access. Expl...

5.3CVSS5.3AI score0.00102EPSS

CVE•added 2024/10/10 10:15 a.m.•33 views

CVE-2024-45135

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An admin attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Ex...

2.7CVSS4AI score0.00143EPSS

Total number of security vulnerabilities136