Lucene search
K

75 matches found

CVE
CVE
added 2022/02/16 4:38 p.m.1371 views

CVE-2022-24086

CVE-2022-24086 affects Adobe Commerce and Magento Open Source via an improper input validation vulnerability during checkout, allowing arbitrary code execution without user interaction. Affected: Adobe Commerce 2.4.3-p1 and earlier, 2.3.7-p2 and earlier. Evidence from multiple advisories confirms...

10CVSS9.7AI score0.99199EPSS
In wild
CVE
CVE
added 2023/09/12 7:36 a.m.1266 views

CVE-2022-24093

Summary: CVE-2022-24093 affects Adobe Commerce and Magento Open Source, with an improper input validation vulnerability that could enable post-authentication arbitrary code execution. Affected versions (per sources): Adobe Commerce 2.4.3-p1 and earlier; 2.3.7-p2 and earlier (and related 2.x lines...

9.1CVSS7.7AI score0.01461EPSS
CVE
CVE
added 2023/03/27 12:0 a.m.273 views

CVE-2023-22247

Adobe Commerce (Magento) XML Injection vulnerability CVE-2023-22247 affects 2.4.4-p2 and earlier, and 2.4.5-p1 and earlier. An unauthenticated attacker can force the application to make arbitrary requests by injecting URLs, potentially enabling arbitrary file system read. Impact is high for confi...

7.5CVSS7.7AI score0.00928EPSS
CVE
CVE
added 2023/03/27 12:0 a.m.155 views

CVE-2023-22249

Adobe Commerce (Magento) stores a Cross-Site Scripting (XSS) vulnerability affecting versions 2.4.4-p2 and earlier and 2.4.5-p1 and earlier. The issue involves vulnerable form fields that can inject malicious JavaScript and execute in a user’s browser. The CVSS vector indicates a high-privileges ...

4.8CVSS4.6AI score0.57424EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.148 views

CVE-2025-24406

CVE-2025-24406 concerns Adobe Commerce; multiple historical releases (2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier) are affected by an improper pathname limitation vulnerability (Path Traversal). An unauthenticated attacker could bypass a security feature and modify files sto...

7.5CVSS6.1AI score0.01278EPSS
CVE
CVE
added 2022/10/14 7:48 p.m.139 views

CVE-2022-35698

The CVE-2022-35698 entry concerns a Stored Cross-Site Scripting vulnerability in Adobe Commerce and Magento Open Source, affecting Adobe Commerce 2.4.4-p1 and earlier and 2.4.5 and earlier. The issue can allow post-authentication arbitrary code execution, with exploitation described as not requir...

10CVSS6.6AI score0.09722EPSS
CVE
CVE
added 2022/10/14 7:48 p.m.136 views

CVE-2022-35689

Adobe Commerce and Magento Open Source are affected by CVE-2022-35689: an Improper Access Control flaw in Adobe Commerce versions 2.4.4-p1 and earlier, and 2.4.5 and earlier, could bypass security features and affect availability of a user feature. Exploitation is possible without user interactio...

5.3CVSS5AI score0.01171EPSS
CVE
CVE
added 2023/08/09 7:41 a.m.123 views

CVE-2023-38208

CVE-2023-38208 affects Adobe Commerce and Magento: OS Command Injection due to improper neutralization in admin-privileged context. Affected are Adobe Commerce 2.4.6-p1 and earlier, 2.4.5-p3 and earlier, 2.4.4-p4 and earlier. The vulnerability allows arbitrary code execution without user interact...

9.1CVSS8.4AI score0.02269EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.111 views

CVE-2025-24410

Adobe Commerce (Magento) stores XSS in forms across versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. The underlying issue allows low-privilege attackers to inject malicious scripts, potentially leading to session takeover and compromising confidentiality and integrity. ...

8.7CVSS7.5AI score0.00656EPSS
CVE
CVE
added 2023/03/27 12:0 a.m.106 views

CVE-2023-22250

Adobe Commerce Open Source/Commerce (Magento) suffers an Improper Access Control vulnerability (CVE-2023-22250) affecting 2.4.4-p2 and earlier and 2.4.5-p1 and earlier. The issue could allow a security feature bypass and impact availability of a user’s minor feature without user interaction. CVSS...

5.3CVSS5AI score0.00957EPSS
CVE
CVE
added 2022/10/20 4:28 p.m.95 views

CVE-2022-42344

CVE-2022-42344 affects Adobe Commerce versions 2.4.3-p2 and earlier, 2.3.7-p3 and earlier, and 2.4.4 and earlier. The issue is described as an Incorrect Authorization/ improper input validation vulnerability that allows an authenticated attacker to cause information exposure and privilege escalat...

8.8CVSS8.3AI score0.02242EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.95 views

CVE-2025-24412

CVE-2025-24412 affects Adobe Commerce and Magento Open Source, with stored XSS in vulnerable form fields across multiple 2.4.x releases (e.g., 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier). The underlying issue is a stored XSS that an attacker with low privileges can abuse to...

8.7CVSS7.5AI score0.00656EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.95 views

CVE-2025-24414

CVE-2025-24414 affects Adobe Commerce prior to some 2.4.x releases (2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier). It is a stored Cross-Site Scripting (XSS) vulnerability that a low-privileged attacker can exploit via vulnerable form fields to inject JavaScript, potentially e...

8.7CVSS7.5AI score0.00656EPSS
CVE
CVE
added 2025/04/08 8:17 p.m.88 views

CVE-2025-27188

Adobe Commerce (Magento) is affected by CVE-2025-27188: an Improper Authorization vulnerability that could allow Privilege Escalation in versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier. Root cause is improper authorization; exploitation does not require user interaction...

4.3CVSS7.2AI score0.00498EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.87 views

CVE-2025-24411

CVE-2025-24411 affects Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier, with an Improper Access Control that could bypass security measures and compromise Confidentiality and Integrity. The attack path is credential-insufficient: a low-privileged attacker...

8.1CVSS8.4AI score0.00851EPSS
CVE
CVE
added 2023/03/27 12:0 a.m.86 views

CVE-2023-22251

CVE-2023-22251 describes an Incorrect Authorization flaw impacting Adobe Commerce / Magento Open Source (notably versions 2.4.4-p2 and earlier, 2.4.5-p1 and earlier). The issue allows a low-privileged authenticated attacker to cause a minor information disclosure . Core details across connected d...

4.3CVSS4.5AI score0.00563EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.86 views

CVE-2025-24409

CVE-2025-24409 affects Adobe Commerce: versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect/Improper Authorization vulnerability that can bypass security features and grant unauthorized access without user interaction. The impact is described as ...

8.2CVSS8.8AI score0.00627EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.86 views

CVE-2025-24427

CVE-2025-24427 affects Adobe Commerce: vulnerable in 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. The issue is Improper Access Control allowing a low-privilege attacker to bypass security measures and gain unauthorized write access without user interaction. Connected sources...

6.5CVSS7.1AI score0.00584EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.85 views

CVE-2025-24417

Adobe Commerce CVE-2025-24417 affects multiple 2.4.x releases (2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier) with a stored XSS vulnerability that a low-privilege attacker can abuse to inject malicious scripts into vulnerable form fields. Malicious JavaScript may execute in vi...

8.7CVSS7.5AI score0.00656EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.85 views

CVE-2025-24430

CVE-2025-24430 affects Adobe Commerce (and Magento-related builds) up to versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. It describes a Time-of-check Time-of-use (TOCTOU) race condition in the security feature logic that could be exploited to bypass certain protections...

3.7CVSS4.5AI score0.00369EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.83 views

CVE-2025-24421

CVE-2025-24421 affects Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier, due to an Incorrect Authorization flaw that could allow a low-privilege attacker to read select data with no user interaction. The issue enables a security feature bypass. Adobe and r...

4.3CVSS5AI score0.00505EPSS
CVE
CVE
added 2023/08/09 7:41 a.m.82 views

CVE-2023-38209

Adobe Commerce/Open Source Magento versions 2.4.4-p4–2.4.6-p1 (and earlier) are affected by an Incorrect Authorization vulnerability that permits a low-privileged attacker to access other users’ data without user interaction. The issue stems from improper access control and has a high confidentia...

6.5CVSS6.3AI score0.00747EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.82 views

CVE-2025-24429

CVE-2025-24429 affects Adobe Commerce (versions including 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier) and is an Improper Access Control vulnerability that can bypass security features and grant read-only access to an attacker with low privileges. Exploitation, per the NVD e...

3.5CVSS4.9AI score0.00466EPSS
CVE
CVE
added 2023/08/09 7:41 a.m.81 views

CVE-2023-38207

Summary: CVE-2023-38207 affects Adobe Commerce (Magento) across multiple 2.4.x releases due to an XML Injection (Blind XPath Injection) flaw that can allow reading of minor arbitrary files from the filesystem without user interaction. Affected: 2.4.6-p1 and earlier, 2.4.5-p3 and earlier, 2.4.4-p4...

7.5CVSS7.6AI score0.00828EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.81 views

CVE-2025-24408

Adobe Commerce CVE-2025-24408 describes an Information Exposure vulnerability affecting multiple 2.x releases (2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier). The issue could allow a low-privileged, remote attacker to access sensitive information without user interaction, with...

6.5CVSS6.8AI score0.00936EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.79 views

CVE-2025-24415

Adobe Commerce and Magento Open Source are affected by a stored XSS vulnerability in vulnerable form fields across versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. A low-privileged attacker can inject malicious scripts, which may execute in a victim’s browser and could ...

8.7CVSS7.5AI score0.00656EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.77 views

CVE-2025-24413

CVE-2025-24413 is a stored XSS vulnerability in Adobe Commerce affecting versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. The flaw allows a low-privileged attacker to inject malicious scripts into vulnerable form fields, which execute in a victim’s browser when viewing ...

8.7CVSS7.5AI score0.00656EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.77 views

CVE-2025-24432

CVE-2025-24432 affects Adobe Commerce: TOCTOU race condition in multiple 2.4.x releases (2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier) that could bypass a security feature by altering a checked condition before use, potentially bypassing rate limiting. Exploitation is describ...

3.7CVSS4.5AI score0.00369EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.72 views

CVE-2025-24428

CVE-2025-24428 concerns a stored Cross-Site Scripting (XSS) vulnerability in Adobe Commerce. Affected are Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. The flaw allows a low-privileged attacker to inject malicious scripts into vulnerable form fields, w...

5.4CVSS5.3AI score0.0038EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.71 views

CVE-2025-24416

CVE-2025-24416 affects Adobe Commerce. The vulnerability is a stored XSS in vulnerable form fields that could allow a low-privilege attacker to execute malicious JavaScript in a victim’s browser, with potential session takeover and impact on confidentiality and integrity (CVE details list affecte...

8.7CVSS7.5AI score0.00656EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.70 views

CVE-2025-24425

The CVE-2025-24425 entry concerns Adobe Commerce with a Business Logic Error that can bypass security features and allow limited data modification without user interaction. Affected versions include 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. The underlying issue is a logic...

5.3CVSS5.6AI score0.00585EPSS
CVE
CVE
added 2025/04/08 8:17 p.m.70 views

CVE-2025-27192

CVE-2025-27192 affects Adobe Commerce/Magento: versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier. Root cause: Insufficiently Protected Credentials that could allow an attacker with elevated privileges to obtain sensitive credential information and bypass security features...

2.7CVSS6.9AI score0.00419EPSS
CVE
CVE
added 2024/11/12 4:41 p.m.67 views

CVE-2024-49521

CVE-2024-49521 affects Adobe Commerce 3.2.5 and earlier . The vulnerability is a Server-Side Request Forgery (SSRF) that could enable a low-privileged attacker to issue crafted requests from the vulnerable server to internal systems, potentially bypassing security controls such as firewalls. Expl...

7.7CVSS7.4AI score0.00652EPSS
CVE
CVE
added 2025/04/08 8:17 p.m.58 views

CVE-2025-27191

CVE-2025-27191 affects Adobe Commerce (Magento) versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier, due to an Improper Access Control vulnerability that could result in a security feature bypass and unauthorized access. Exploitation does not require user interaction. The v...

5.3CVSS7.1AI score0.00425EPSS
CVE
CVE
added 2025/08/12 5:55 p.m.58 views

CVE-2025-49556

Adobe Commerce/Magento Open Source versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Incorrect Authorization vulnerability (CVE-2025-49556) that could bypass security features and allow unauthorized read access. The issue is network-exploita...

7.5CVSS7.1AI score0.00573EPSS
CVE
CVE
added 2025/08/12 5:55 p.m.39 views

CVE-2025-49557

CVE-2025-49557 refers to a stored Cross-site Scripting (XSS) vulnerability in Adobe Commerce/Magento Open Source versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier. The issue allows a low-privileged attacker to inject malicious scripts into vulnerable form fiel...

8.7CVSS4.9AI score0.00604EPSS
CVE
CVE
added 2025/08/12 5:55 p.m.29 views

CVE-2025-49554

CVE-2025-49554 — Adobe Commerce/Magento DoS via Improper Input Validation . Affected: Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier. Root cause: improper input validation could cause the application to crash or become unresponsive, enabling ...

7.5CVSS6.9AI score0.00541EPSS
CVE
CVE
added 2026/05/12 7:50 p.m.29 views

CVE-2026-34685

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A high-privileged attacker could bypass security measures and gain unauthorized write acc...

3.4CVSS5.8AI score0.00373EPSS
CVE
CVE
added 2026/03/11 2:19 a.m.28 views

CVE-2026-21282

CVE-2026-21282 affects Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier. The vulnerability is Improper Input Validation that could lead to a denial-of-service; exploitation does not require user interaction. Public connected sources confirm the...

5.3CVSS5.8AI score0.00524EPSS
CVE
CVE
added 2025/08/12 5:55 p.m.27 views

CVE-2025-49555

CVE-2025-49555 affects Adobe Commerce/Magento Open Source (versions 2.4.9-alpha1 through earlier) with a Cross-Site Request Forgery (CSRF) vulnerability that can lead to privilege escalation when a user is authenticated. Exploitation requires user interaction (victim visits malicious site or clic...

8.1CVSS7AI score0.0085EPSS
CVE
CVE
added 2026/05/12 7:50 p.m.27 views

CVE-2026-34647

Adobe Commerce is affected by an SSRF vulnerability (CVE-2026-34647) impacting versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier. The issue allows bypassing security features and could enable unauthorized read access. Exploitation requires user interaction, whe...

7.4CVSS5.8AI score0.00471EPSS
CVE
CVE
added 2025/06/25 5:41 p.m.26 views

CVE-2025-49550

Adobe Commerce (Magento) versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could bypass security features and allow limited unauthorized access. Exploitation requires user interaction. The issue is documented across...

4.3CVSS7.1AI score0.0031EPSS
CVE
CVE
added 2025/08/12 5:55 p.m.26 views

CVE-2025-49558

Summary: CVE-2025-49558 affects Adobe Commerce/Magento Open Source (versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier) due to a Time-of-check Time-of-use (TOCTOU) race condition that could bypass a security feature and allow unauthorized write access. The issu...

5.9CVSS7AI score0.00387EPSS
CVE
CVE
added 2026/05/12 7:50 p.m.26 views

CVE-2026-34650

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. Exploitation can be performed remotely over the network with no user interactio...

7.5CVSS5.8AI score0.15933EPSS
CVE
CVE
added 2026/05/12 7:50 p.m.26 views

CVE-2026-34652

Adobe Commerce (Magento) versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in an application denial-of-service. The issue is caused by a vulnerable third-party comp...

7.5CVSS5.8AI score0.00508EPSS
CVE
CVE
added 2026/05/12 7:50 p.m.25 views

CVE-2026-34645

Adobe Commerce is affected by CVE-2026-34645 due to an Incorrect Authorization vulnerability that could bypass security features, allowing unauthorized write access. Affected versions include 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier. The issue is exploitable re...

7.5CVSS5.8AI score0.00561EPSS
CVE
CVE
added 2025/08/12 5:55 p.m.24 views

CVE-2025-49559

CVE-2025-49559 affects Adobe Commerce/Magento Open Source: path traversal in versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier that could bypass security features and allow modification of limited data. The issue is exploitable without user interaction (networ...

5.3CVSS6.9AI score0.00632EPSS
CVE
CVE
added 2026/03/11 2:19 a.m.24 views

CVE-2026-21361

Adobe Commerce

8.1CVSS5.7AI score0.00445EPSS
CVE
CVE
added 2026/05/12 7:50 p.m.24 views

CVE-2026-34648

Adobe Commerce CVE-2026-34648 affects versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier with an Uncontrolled Resource Consumption flaw that can cause application denial-of-service by exhausting system resources. Exploitation requires no user interaction and is ...

7.5CVSS5.8AI score0.2255EPSS
CVE
CVE
added 2026/05/12 7:50 p.m.24 views

CVE-2026-34654

The CVE concerns Adobe Commerce (Magento) versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier affected by a Dependency on Vulnerable Third-Party Component vulnerability causing a denial-of-service. Exploitation does not require user interaction and can be perform...

5.3CVSS5.8AI score0.0062EPSS
Total number of security vulnerabilities75