Lucene search
+L
AdobeCommerce

198 matches found

CVE
CVE
added 2026/03/11 2:19 a.m.31 views

CVE-2026-21360

CVE-2026-21360 affects Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier, with an Improper Pathname/Path Traversal vulnerability that could bypass security features and allow a high-privileged attacker to access files or directories outside the ...

6.8CVSS5.8AI score0.00636EPSS
CVE
CVE
added 2026/05/12 7:50 p.m.31 views

CVE-2026-34648

Adobe Commerce CVE-2026-34648 affects versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier with an Uncontrolled Resource Consumption flaw that can cause application denial-of-service by exhausting system resources. Exploitation requires no user interaction and is ...

7.5CVSS5.8AI score0.2255EPSS
CVE
CVE
added 2026/05/12 7:50 p.m.29 views

CVE-2026-34652

Adobe Commerce (Magento) versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in an application denial-of-service. The issue is caused by a vulnerable third-party comp...

7.5CVSS5.8AI score0.00508EPSS
CVE
CVE
added 2025/08/12 5:55 p.m.28 views

CVE-2025-49559

CVE-2025-49559 affects Adobe Commerce/Magento Open Source: path traversal in versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier that could bypass security features and allow modification of limited data. The issue is exploitable without user interaction (networ...

5.3CVSS6.9AI score0.00677EPSS
CVE
CVE
added 2026/03/11 2:19 a.m.28 views

CVE-2026-21311

Adobe Commerce (Magento) versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored XSS (CWE-79) in vulnerable form fields. A high-privileged attacker can inject JavaScript that is executed in a victim’s browser when they visit the affected pag...

8CVSS5.7AI score0.00304EPSS
CVE
CVE
added 2026/05/12 7:50 p.m.28 views

CVE-2026-34645

Adobe Commerce is affected by CVE-2026-34645 due to an Incorrect Authorization vulnerability that could bypass security features, allowing unauthorized write access. Affected versions include 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier. The issue is exploitable re...

7.5CVSS5.8AI score0.00561EPSS
CVE
CVE
added 2026/05/12 7:50 p.m.28 views

CVE-2026-34647

Adobe Commerce is affected by an SSRF vulnerability (CVE-2026-34647) impacting versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier. The issue allows bypassing security features and could enable unauthorized read access. Exploitation requires user interaction, whe...

7.4CVSS5.8AI score0.00471EPSS
CVE
CVE
added 2025/06/25 5:41 p.m.27 views

CVE-2025-49549

Adobe Commerce / Magento Open Source is affected by an Incorrect Authorization vulnerability (CVE-2025-49549) that could allow a high-privileged attacker to bypass security features and gain limited unauthorized access without user interaction. Affected versions include 2.4.8 and earlier (2.4.7-p...

2.7CVSS7.1AI score0.00329EPSS
CVE
CVE
added 2025/08/12 5:55 p.m.27 views

CVE-2025-49558

Summary: CVE-2025-49558 affects Adobe Commerce/Magento Open Source (versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier) due to a Time-of-check Time-of-use (TOCTOU) race condition that could bypass a security feature and allow unauthorized write access. The issu...

5.9CVSS7AI score0.00414EPSS
CVE
CVE
added 2026/03/11 2:19 a.m.27 views

CVE-2026-21290

Adobe Commerce is affected by a stored Cross-Site Scripting (XSS) vulnerability (CVE-2026-21290) in multiple older 2.4.x releases (2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier). The issue allows a low-privileged attacker to inject malicious scripts into vulnerable...

8.7CVSS5.7AI score0.00452EPSS
CVE
CVE
added 2026/03/11 2:19 a.m.26 views

CVE-2026-21295

Adobe Commerce is affected by a URL Redirection to Untrusted Site (Open Redirect) vulnerability (CVE-2026-21295). Affected versions include 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier. The underlying issue allows an attacker to redirect users to malicious website...

3.1CVSS5.8AI score0.00233EPSS
CVE
CVE
added 2026/05/12 7:50 p.m.25 views

CVE-2026-34655

Adobe Commerce is affected by a stored XSS vulnerability (CVE-2026-34655) in versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier. The issue allows a high-privileged attacker to inject malicious scripts into vulnerable form fields, potentially executing JavaScript...

4.8CVSS5.8AI score0.00368EPSS
CVE
CVE
added 2025/10/14 8:27 p.m.24 views

CVE-2025-54266

CVE-2025-54266 affects Adobe Commerce (Magento Open Source) versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier. The issue is a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vu...

4.8CVSS5.2AI score0.00252EPSS
CVE
CVE
added 2026/03/11 2:19 a.m.24 views

CVE-2026-21284

Adobe Commerce CVE-2026-21284 is a stored XSS vulnerability affecting versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier. The flaw allows a high-privileged attacker to inject malicious scripts into vulnerable form fields, with JavaScript executed in a victim’s ...

8.1CVSS5.7AI score0.00382EPSS
CVE
CVE
added 2026/03/11 2:19 a.m.24 views

CVE-2026-21297

CVE-2026-21297 affects Adobe Commerce (Magento) versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier and is an Incorrect Authorization vulnerability that could bypass security features. A low-privileged attacker may gain limited unauthorized access to a feature, ...

4.3CVSS5.8AI score0.0035EPSS
CVE
CVE
added 2025/10/14 8:27 p.m.23 views

CVE-2025-54265

Adobe Commerce (Magento Open Source) versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability (CVE-2025-54265) that could allow an attacker to bypass security measures and gain unauthorized read access. Exploit...

5.9CVSS5.3AI score0.00461EPSS
CVE
CVE
added 2026/05/12 7:50 p.m.23 views

CVE-2026-34649

CVE-2026-34649 affects Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier. The issue is an Uncontrolled Resource Consumption vulnerability that can cause an application denial-of-service by exhausting system resources. Exploitation does not requir...

7.5CVSS5.8AI score0.14383EPSS
CVE
CVE
added 2026/03/11 2:19 a.m.22 views

CVE-2026-21286

CVE-2026-21286 affects Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier, due to an Incorrect Authorization vulnerability (CWE-863) that could bypass security features and allow limited unauthorized view access without user interaction. Multiple...

5.3CVSS5.8AI score0.00295EPSS
CVE
CVE
added 2026/03/11 2:19 a.m.22 views

CVE-2026-21310

CVE-2026-21310 affects Adobe Commerce (Magento) 2.4.x up to 2.4.9-alpha3 and earlier, due to Improper Input Validation that can bypass security features with no user interaction. Impact is limited to integrity; attack vector is network, no privileges required. Remediation: upgrade to fixed releas...

5.3CVSS5.8AI score0.00302EPSS
CVE
CVE
added 2026/05/12 7:50 p.m.22 views

CVE-2026-34646

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could bypass security features and grant unauthorized write access. The CVSS v3.1 metrics indicate a Network attack vector, no privile...

7.5CVSS5.8AI score0.00411EPSS
CVE
CVE
added 2026/05/12 7:50 p.m.22 views

CVE-2026-34651

Adobe Commerce is affected by CVE-2026-34651 across versions 2.4.4-p17 and earlier up to 2.4.9-beta1, with an Uncontrolled Resource Consumption issue that can cause application denial-of-service. The vulnerability enables resource exhaustion without user interaction (attack vector: network; compl...

7.5CVSS5.8AI score0.00675EPSS
CVE
CVE
added 2026/03/11 2:19 a.m.21 views

CVE-2026-21289

CVE-2026-21289 affects Adobe Commerce components across versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier, introducing an Incorrect Authorization vulnerability that could bypass security features and allow an attacker to view data without user interaction. Pub...

7.5CVSS5.8AI score0.00603EPSS
CVE
CVE
added 2026/03/11 2:19 a.m.21 views

CVE-2026-21359

CVE-2026-21359 (Adobe Commerce) affects multiple older Adobe Commerce builds (2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier) with an Incorrect Authorization vulnerability that can bypass security features, allowing limited impact to data integrity/availability. The...

4.7CVSS5.8AI score0.00211EPSS
CVE
CVE
added 5 days ago21 views

CVE-2026-48356

Adobe Commerce is affected by an Unrestricted Upload of File with Dangerous Type (CWE-434) that could lead to arbitrary code execution in the context of the current user. The root cause stated is unrestricted file upload of dangerous types, with exploitation requiring user interaction (victim vis...

9.6CVSS6.5AI score0.17903EPSS
CVE
CVE
added 2025/10/14 8:27 p.m.19 views

CVE-2025-54264

CVE-2025-54264 affects Adobe Commerce (Magento Open Source) 2.4.9-alpha2 and earlier. It is a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields that high-privilege attackers can exploit to inject JavaScript, with exploitation requiring user interaction and potentially enab...

8.1CVSS5.2AI score0.00564EPSS
CVE
CVE
added 2026/03/11 2:19 a.m.19 views

CVE-2026-21292

Adobe Commerce (Magento) is affected by a stored Cross-Site Scripting (XSS) vulnerability (CVE-2026-21292) in multiple 2.4.x releases: 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier. Root cause: improper input validation allowing injection of malicious scripts into ...

5.4CVSS5.8AI score0.00255EPSS
CVE
CVE
added 2026/05/12 7:50 p.m.18 views

CVE-2026-34653

Adobe Commerce users affected: versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are impacted by an Improper Limitation of a Pathname to a Restricted Directory (Path Traversal). The vulnerability allows an authenticated administrator to read or write arbitrary ...

8.7CVSS5.9AI score0.00606EPSS
CVE
CVE
added 2026/03/11 2:19 a.m.17 views

CVE-2026-21293

CVE-2026-21293 affects Adobe Commerce (Magento) up to 2.4.9-alpha3 and earlier, with a Server-Side Request Forgery (SSRF) that could bypass security features. A high-privileged attacker can manipulate server-side requests to access unauthorized resources without user interaction. Root cause: SSRF...

5.5CVSS5.8AI score0.00232EPSS
CVE
CVE
added 2026/03/11 2:19 a.m.17 views

CVE-2026-21309

Summary: CVE-2026-21309 affects Adobe Commerce and is an Incorrect Authorization vulnerability enabling unauthorized data viewing with no user interaction. Affected: Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier. Impact: security feature byp...

7.5CVSS5.8AI score0.0056EPSS
CVE
CVE
added 2026/05/12 7:50 p.m.17 views

CVE-2026-34658

Summary: Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious Jav...

4.8CVSS5.8AI score0.00274EPSS
CVE
CVE
added 2025/10/14 8:27 p.m.16 views

CVE-2025-54267

CVE-2025-54267 affects Adobe Commerce/Magento Open Source versions 2.4.9-alpha2 and earlier. The issue is an Incorrect Authorization vulnerability that lets a low-privileged attacker bypass security controls and gain elevated privileges, increasing integrity impact to high; exploitation requires ...

6.5CVSS6.4AI score0.0036EPSS
CVE
CVE
added 2026/03/11 2:19 a.m.16 views

CVE-2026-21291

CVE-2026-21291 affects Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier. The issue is a stored Cross-Site Scripting (XSS) vulnerability (CWE-79) that could be exploited by a high-privileged attacker to inject malicious scripts into vulnerable f...

4.8CVSS5.8AI score0.00267EPSS
CVE
CVE
added 2026/03/11 2:19 a.m.16 views

CVE-2026-21296

Adobe Commerce (Magento) suffers an Incorrect Authorization vulnerability (CVE-2026-21296) across multiple versions including 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier. The issue enables a security feature bypass where a low-privileged attacker can gain limited...

4.3CVSS5.8AI score0.00339EPSS
CVE
CVE
added 2026/03/11 2:19 a.m.15 views

CVE-2026-21285

CVE-2026-21285 affects Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier. The issue is an Incorrect Authorization vulnerability that could allow a low-privileged attacker to bypass security measures and gain limited unauthorized access to a feat...

4.3CVSS5.8AI score0.00255EPSS
CVE
CVE
added 2026/03/11 2:19 a.m.12 views

CVE-2026-21294

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could bypass security features. The issue allows a high-privileged attacker to manipulate server-side requests and bypass c...

5.5CVSS5.8AI score0.00232EPSS
CVE
CVE
added 5 days ago10 views

CVE-2026-48000

CVE-2026-48000 affects Adobe Commerce and is an open redirect vulnerability in the URL redirection logic. The underlying issue is an improper redirect that can bypass a security feature and potentially lead to credential theft or account takeover if a user clicks a malicious link. Exploitation re...

6.1CVSS6.1AI score0.00353EPSS
CVE
CVE
added 5 days ago10 views

CVE-2026-48358

Adobe Commerce is affected by an Improper Encoding or Escaping of Output vulnerability (CWE-116) that could lead to arbitrary code execution in the context of the current user. The issue enables code execution without user interaction and is rated CRITICAL (CVSS 3.1: AV:N/AC:L/PR:H/UI:N/S:C/C:H/I...

10CVSS6.5AI score0.00912EPSS
CVE
CVE
added 5 days ago10 views

CVE-2026-48371

Adobe Commerce is affected by a stored Cross-Site Scripting (XSS) vulnerability. The issue allows a low-privilege attacker to inject malicious scripts into vulnerable form fields, with malicious JavaScript potentially executing in a victim’s browser when visiting the page containing the vulnerabl...

5.4CVSS6.1AI score0.00182EPSS
CVE
CVE
added 5 days ago9 views

CVE-2026-47992

CVE-2026-47992 affects Adobe Commerce and is described as an SQL Injection vulnerability caused by improper neutralization of special elements in SQL commands. The flaw could allow arbitrary code execution in the context of the current user, with a high-privilege attacker potentially executing ma...

7.2CVSS6.5AI score0.19924EPSS
CVE
CVE
added 5 days ago9 views

CVE-2026-47994

Adobe Commerce is affected by a stored Cross-Site Scripting (XSS) vulnerability (CVE-2026-47994). The issue allows a low-privileged attacker to inject malicious scripts into vulnerable form fields, with malicious JavaScript potentially executing in a victim’s browser when visiting the page contai...

8.7CVSS6.1AI score0.00336EPSS
CVE
CVE
added 5 days ago9 views

CVE-2026-47995

Technical details such as affected versions, vulnerable components, exploit methods, or remediation steps are not provided in the supplied documents. Monitor for updates from Adobe/NVD for concrete technical information.

8.1CVSS6.1AI score0.00269EPSS
CVE
CVE
added 5 days ago8 views

CVE-2026-47988

Technical details about CVE-2026-47988 are not publicly available in the provided documents. Monitor for updates from vendor advisories and security bulletins.

9.1CVSS6.1AI score0.00492EPSS
CVE
CVE
added 5 days ago8 views

CVE-2026-47996

Technical details about CVE-2026-47996 are not publicly available in the provided documents; monitor for updates. Available descriptions indicate an Incorrect Authorization issue in Adobe Commerce that could enable unauthorized read access with high privileges.

7.6CVSS6.1AI score0.18028EPSS
CVE
CVE
added 5 days ago8 views

CVE-2026-47998

Adobe Commerce is affected by an Incorrect Authorization (CWE-863) vulnerability that could bypass security features and allow unauthorized read access. The issue is exploitable over a network with high attack complexity and requires no privileges or user interaction, though exploitation depends ...

5.9CVSS6.1AI score0.00568EPSS
CVE
CVE
added 5 days ago7 views

CVE-2026-47999

CVE-2026-47999 describes a stored Cross-Site Scripting (XSS) flaw in Adobe Commerce . A high-privilege attacker can inject malicious scripts into vulnerable form fields, with JavaScript potentially executing in a victim’s browser when loading the page containing the affected field. The CVSS metri...

4.8CVSS6.1AI score0.07076EPSS
CVE
CVE
added 5 days ago7 views

CVE-2026-48001

CVE-2026-48001 affects Adobe Commerce with an Information Exposure vulnerability that could lead to limited disclosure of sensitive information. The provided documents do not specify the vulnerable component, root cause details, or affected product versions. Exploitation is possible without user ...

3.7CVSS6.1AI score0.00542EPSS
CVE
CVE
added 5 days ago6 views

CVE-2026-47984

Technical details about CVE-2026-47984 are not publicly available in the provided documents; monitor for updates from official advisories.

9.1CVSS6.1AI score0.00492EPSS
CVE
CVE
added 5 days ago6 views

CVE-2026-47997

Adobe Commerce is affected by an Incorrect Authorization vulnerability that could bypass security features and allow unauthorized read access. The issue is exploitable remotely over the network, does not require user interaction, and exploitation depends on conditions beyond the attacker’s contro...

5.9CVSS6.1AI score0.00568EPSS
Total number of security vulnerabilities198