75 matches found
CVE-2022-24086
CVE-2022-24086 affects Adobe Commerce and Magento Open Source via an improper input validation vulnerability during checkout, allowing arbitrary code execution without user interaction. Affected: Adobe Commerce 2.4.3-p1 and earlier, 2.3.7-p2 and earlier. Evidence from multiple advisories confirms...
CVE-2022-24093
Summary: CVE-2022-24093 affects Adobe Commerce and Magento Open Source, with an improper input validation vulnerability that could enable post-authentication arbitrary code execution. Affected versions (per sources): Adobe Commerce 2.4.3-p1 and earlier; 2.3.7-p2 and earlier (and related 2.x lines...
CVE-2023-22247
Adobe Commerce (Magento) XML Injection vulnerability CVE-2023-22247 affects 2.4.4-p2 and earlier, and 2.4.5-p1 and earlier. An unauthenticated attacker can force the application to make arbitrary requests by injecting URLs, potentially enabling arbitrary file system read. Impact is high for confi...
CVE-2023-22249
Adobe Commerce (Magento) stores a Cross-Site Scripting (XSS) vulnerability affecting versions 2.4.4-p2 and earlier and 2.4.5-p1 and earlier. The issue involves vulnerable form fields that can inject malicious JavaScript and execute in a user’s browser. The CVSS vector indicates a high-privileges ...
CVE-2025-24406
CVE-2025-24406 concerns Adobe Commerce; multiple historical releases (2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier) are affected by an improper pathname limitation vulnerability (Path Traversal). An unauthenticated attacker could bypass a security feature and modify files sto...
CVE-2022-35698
The CVE-2022-35698 entry concerns a Stored Cross-Site Scripting vulnerability in Adobe Commerce and Magento Open Source, affecting Adobe Commerce 2.4.4-p1 and earlier and 2.4.5 and earlier. The issue can allow post-authentication arbitrary code execution, with exploitation described as not requir...
CVE-2022-35689
Adobe Commerce and Magento Open Source are affected by CVE-2022-35689: an Improper Access Control flaw in Adobe Commerce versions 2.4.4-p1 and earlier, and 2.4.5 and earlier, could bypass security features and affect availability of a user feature. Exploitation is possible without user interactio...
CVE-2023-38208
CVE-2023-38208 affects Adobe Commerce and Magento: OS Command Injection due to improper neutralization in admin-privileged context. Affected are Adobe Commerce 2.4.6-p1 and earlier, 2.4.5-p3 and earlier, 2.4.4-p4 and earlier. The vulnerability allows arbitrary code execution without user interact...
CVE-2025-24410
Adobe Commerce (Magento) stores XSS in forms across versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. The underlying issue allows low-privilege attackers to inject malicious scripts, potentially leading to session takeover and compromising confidentiality and integrity. ...
CVE-2023-22250
Adobe Commerce Open Source/Commerce (Magento) suffers an Improper Access Control vulnerability (CVE-2023-22250) affecting 2.4.4-p2 and earlier and 2.4.5-p1 and earlier. The issue could allow a security feature bypass and impact availability of a user’s minor feature without user interaction. CVSS...
CVE-2022-42344
CVE-2022-42344 affects Adobe Commerce versions 2.4.3-p2 and earlier, 2.3.7-p3 and earlier, and 2.4.4 and earlier. The issue is described as an Incorrect Authorization/ improper input validation vulnerability that allows an authenticated attacker to cause information exposure and privilege escalat...
CVE-2025-24412
CVE-2025-24412 affects Adobe Commerce and Magento Open Source, with stored XSS in vulnerable form fields across multiple 2.4.x releases (e.g., 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier). The underlying issue is a stored XSS that an attacker with low privileges can abuse to...
CVE-2025-24414
CVE-2025-24414 affects Adobe Commerce prior to some 2.4.x releases (2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier). It is a stored Cross-Site Scripting (XSS) vulnerability that a low-privileged attacker can exploit via vulnerable form fields to inject JavaScript, potentially e...
CVE-2025-27188
Adobe Commerce (Magento) is affected by CVE-2025-27188: an Improper Authorization vulnerability that could allow Privilege Escalation in versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier. Root cause is improper authorization; exploitation does not require user interaction...
CVE-2025-24411
CVE-2025-24411 affects Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier, with an Improper Access Control that could bypass security measures and compromise Confidentiality and Integrity. The attack path is credential-insufficient: a low-privileged attacker...
CVE-2023-22251
CVE-2023-22251 describes an Incorrect Authorization flaw impacting Adobe Commerce / Magento Open Source (notably versions 2.4.4-p2 and earlier, 2.4.5-p1 and earlier). The issue allows a low-privileged authenticated attacker to cause a minor information disclosure . Core details across connected d...
CVE-2025-24409
CVE-2025-24409 affects Adobe Commerce: versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect/Improper Authorization vulnerability that can bypass security features and grant unauthorized access without user interaction. The impact is described as ...
CVE-2025-24427
CVE-2025-24427 affects Adobe Commerce: vulnerable in 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. The issue is Improper Access Control allowing a low-privilege attacker to bypass security measures and gain unauthorized write access without user interaction. Connected sources...
CVE-2025-24417
Adobe Commerce CVE-2025-24417 affects multiple 2.4.x releases (2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier) with a stored XSS vulnerability that a low-privilege attacker can abuse to inject malicious scripts into vulnerable form fields. Malicious JavaScript may execute in vi...
CVE-2025-24430
CVE-2025-24430 affects Adobe Commerce (and Magento-related builds) up to versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. It describes a Time-of-check Time-of-use (TOCTOU) race condition in the security feature logic that could be exploited to bypass certain protections...
CVE-2025-24421
CVE-2025-24421 affects Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier, due to an Incorrect Authorization flaw that could allow a low-privilege attacker to read select data with no user interaction. The issue enables a security feature bypass. Adobe and r...
CVE-2023-38209
Adobe Commerce/Open Source Magento versions 2.4.4-p4–2.4.6-p1 (and earlier) are affected by an Incorrect Authorization vulnerability that permits a low-privileged attacker to access other users’ data without user interaction. The issue stems from improper access control and has a high confidentia...
CVE-2025-24429
CVE-2025-24429 affects Adobe Commerce (versions including 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier) and is an Improper Access Control vulnerability that can bypass security features and grant read-only access to an attacker with low privileges. Exploitation, per the NVD e...
CVE-2023-38207
Summary: CVE-2023-38207 affects Adobe Commerce (Magento) across multiple 2.4.x releases due to an XML Injection (Blind XPath Injection) flaw that can allow reading of minor arbitrary files from the filesystem without user interaction. Affected: 2.4.6-p1 and earlier, 2.4.5-p3 and earlier, 2.4.4-p4...
CVE-2025-24408
Adobe Commerce CVE-2025-24408 describes an Information Exposure vulnerability affecting multiple 2.x releases (2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier). The issue could allow a low-privileged, remote attacker to access sensitive information without user interaction, with...
CVE-2025-24415
Adobe Commerce and Magento Open Source are affected by a stored XSS vulnerability in vulnerable form fields across versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. A low-privileged attacker can inject malicious scripts, which may execute in a victim’s browser and could ...
CVE-2025-24413
CVE-2025-24413 is a stored XSS vulnerability in Adobe Commerce affecting versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. The flaw allows a low-privileged attacker to inject malicious scripts into vulnerable form fields, which execute in a victim’s browser when viewing ...
CVE-2025-24432
CVE-2025-24432 affects Adobe Commerce: TOCTOU race condition in multiple 2.4.x releases (2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier) that could bypass a security feature by altering a checked condition before use, potentially bypassing rate limiting. Exploitation is describ...
CVE-2025-24428
CVE-2025-24428 concerns a stored Cross-Site Scripting (XSS) vulnerability in Adobe Commerce. Affected are Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. The flaw allows a low-privileged attacker to inject malicious scripts into vulnerable form fields, w...
CVE-2025-24416
CVE-2025-24416 affects Adobe Commerce. The vulnerability is a stored XSS in vulnerable form fields that could allow a low-privilege attacker to execute malicious JavaScript in a victim’s browser, with potential session takeover and impact on confidentiality and integrity (CVE details list affecte...
CVE-2025-24425
The CVE-2025-24425 entry concerns Adobe Commerce with a Business Logic Error that can bypass security features and allow limited data modification without user interaction. Affected versions include 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. The underlying issue is a logic...
CVE-2025-27192
CVE-2025-27192 affects Adobe Commerce/Magento: versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier. Root cause: Insufficiently Protected Credentials that could allow an attacker with elevated privileges to obtain sensitive credential information and bypass security features...
CVE-2024-49521
CVE-2024-49521 affects Adobe Commerce 3.2.5 and earlier . The vulnerability is a Server-Side Request Forgery (SSRF) that could enable a low-privileged attacker to issue crafted requests from the vulnerable server to internal systems, potentially bypassing security controls such as firewalls. Expl...
CVE-2025-27191
CVE-2025-27191 affects Adobe Commerce (Magento) versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier, due to an Improper Access Control vulnerability that could result in a security feature bypass and unauthorized access. Exploitation does not require user interaction. The v...
CVE-2025-49556
Adobe Commerce/Magento Open Source versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Incorrect Authorization vulnerability (CVE-2025-49556) that could bypass security features and allow unauthorized read access. The issue is network-exploita...
CVE-2025-49557
CVE-2025-49557 refers to a stored Cross-site Scripting (XSS) vulnerability in Adobe Commerce/Magento Open Source versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier. The issue allows a low-privileged attacker to inject malicious scripts into vulnerable form fiel...
CVE-2025-49554
CVE-2025-49554 — Adobe Commerce/Magento DoS via Improper Input Validation . Affected: Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier. Root cause: improper input validation could cause the application to crash or become unresponsive, enabling ...
CVE-2026-34685
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A high-privileged attacker could bypass security measures and gain unauthorized write acc...
CVE-2026-21282
CVE-2026-21282 affects Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier. The vulnerability is Improper Input Validation that could lead to a denial-of-service; exploitation does not require user interaction. Public connected sources confirm the...
CVE-2025-49555
CVE-2025-49555 affects Adobe Commerce/Magento Open Source (versions 2.4.9-alpha1 through earlier) with a Cross-Site Request Forgery (CSRF) vulnerability that can lead to privilege escalation when a user is authenticated. Exploitation requires user interaction (victim visits malicious site or clic...
CVE-2026-34647
Adobe Commerce is affected by an SSRF vulnerability (CVE-2026-34647) impacting versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier. The issue allows bypassing security features and could enable unauthorized read access. Exploitation requires user interaction, whe...
CVE-2025-49550
Adobe Commerce (Magento) versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could bypass security features and allow limited unauthorized access. Exploitation requires user interaction. The issue is documented across...
CVE-2025-49558
Summary: CVE-2025-49558 affects Adobe Commerce/Magento Open Source (versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier) due to a Time-of-check Time-of-use (TOCTOU) race condition that could bypass a security feature and allow unauthorized write access. The issu...
CVE-2026-34650
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. Exploitation can be performed remotely over the network with no user interactio...
CVE-2026-34652
Adobe Commerce (Magento) versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in an application denial-of-service. The issue is caused by a vulnerable third-party comp...
CVE-2026-34645
Adobe Commerce is affected by CVE-2026-34645 due to an Incorrect Authorization vulnerability that could bypass security features, allowing unauthorized write access. Affected versions include 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier. The issue is exploitable re...
CVE-2025-49559
CVE-2025-49559 affects Adobe Commerce/Magento Open Source: path traversal in versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier that could bypass security features and allow modification of limited data. The issue is exploitable without user interaction (networ...
CVE-2026-21361
Adobe Commerce
CVE-2026-34648
Adobe Commerce CVE-2026-34648 affects versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier with an Uncontrolled Resource Consumption flaw that can cause application denial-of-service by exhausting system resources. Exploitation requires no user interaction and is ...
CVE-2026-34654
The CVE concerns Adobe Commerce (Magento) versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier affected by a Dependency on Vulnerable Third-Party Component vulnerability causing a denial-of-service. Exploitation does not require user interaction and can be perform...