75 matches found
CVE-2026-21360
CVE-2026-21360 affects Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier, with an Improper Pathname/Path Traversal vulnerability that could bypass security features and allow a high-privileged attacker to access files or directories outside the ...
CVE-2026-34648
Adobe Commerce CVE-2026-34648 affects versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier with an Uncontrolled Resource Consumption flaw that can cause application denial-of-service by exhausting system resources. Exploitation requires no user interaction and is ...
CVE-2025-49559
CVE-2025-49559 affects Adobe Commerce/Magento Open Source: path traversal in versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier that could bypass security features and allow modification of limited data. The issue is exploitable without user interaction (networ...
CVE-2026-21311
Adobe Commerce (Magento) versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored XSS (CWE-79) in vulnerable form fields. A high-privileged attacker can inject JavaScript that is executed in a victim’s browser when they visit the affected pag...
CVE-2026-34655
Adobe Commerce is affected by a stored XSS vulnerability (CVE-2026-34655) in versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier. The issue allows a high-privileged attacker to inject malicious scripts into vulnerable form fields, potentially executing JavaScript...
CVE-2026-21290
Adobe Commerce is affected by a stored Cross-Site Scripting (XSS) vulnerability (CVE-2026-21290) in multiple older 2.4.x releases (2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier). The issue allows a low-privileged attacker to inject malicious scripts into vulnerable...
CVE-2026-34646
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could bypass security features and grant unauthorized write access. The CVSS v3.1 metrics indicate a Network attack vector, no privile...
CVE-2026-21286
CVE-2026-21286 affects Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier, due to an Incorrect Authorization vulnerability (CWE-863) that could bypass security features and allow limited unauthorized view access without user interaction. Multiple...
CVE-2026-21359
CVE-2026-21359 (Adobe Commerce) affects multiple older Adobe Commerce builds (2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier) with an Incorrect Authorization vulnerability that can bypass security features, allowing limited impact to data integrity/availability. The...
CVE-2026-34649
CVE-2026-34649 affects Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier. The issue is an Uncontrolled Resource Consumption vulnerability that can cause an application denial-of-service by exhausting system resources. Exploitation does not requir...
CVE-2026-34651
Adobe Commerce is affected by CVE-2026-34651 across versions 2.4.4-p17 and earlier up to 2.4.9-beta1, with an Uncontrolled Resource Consumption issue that can cause application denial-of-service. The vulnerability enables resource exhaustion without user interaction (attack vector: network; compl...
CVE-2026-21284
Adobe Commerce CVE-2026-21284 is a stored XSS vulnerability affecting versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier. The flaw allows a high-privileged attacker to inject malicious scripts into vulnerable form fields, with JavaScript executed in a victim’s ...
CVE-2026-21289
CVE-2026-21289 affects Adobe Commerce components across versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier, introducing an Incorrect Authorization vulnerability that could bypass security features and allow an attacker to view data without user interaction. Pub...
CVE-2026-21295
Adobe Commerce is affected by a URL Redirection to Untrusted Site (Open Redirect) vulnerability (CVE-2026-21295). Affected versions include 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier. The underlying issue allows an attacker to redirect users to malicious website...
CVE-2026-21297
CVE-2026-21297 affects Adobe Commerce (Magento) versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier and is an Incorrect Authorization vulnerability that could bypass security features. A low-privileged attacker may gain limited unauthorized access to a feature, ...
CVE-2026-21310
CVE-2026-21310 affects Adobe Commerce (Magento) 2.4.x up to 2.4.9-alpha3 and earlier, due to Improper Input Validation that can bypass security features with no user interaction. Impact is limited to integrity; attack vector is network, no privileges required. Remediation: upgrade to fixed releas...
CVE-2026-34653
Adobe Commerce users affected: versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are impacted by an Improper Limitation of a Pathname to a Restricted Directory (Path Traversal). The vulnerability allows an authenticated administrator to read or write arbitrary ...
CVE-2026-21292
Adobe Commerce (Magento) is affected by a stored Cross-Site Scripting (XSS) vulnerability (CVE-2026-21292) in multiple 2.4.x releases: 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier. Root cause: improper input validation allowing injection of malicious scripts into ...
CVE-2026-21293
CVE-2026-21293 affects Adobe Commerce (Magento) up to 2.4.9-alpha3 and earlier, with a Server-Side Request Forgery (SSRF) that could bypass security features. A high-privileged attacker can manipulate server-side requests to access unauthorized resources without user interaction. Root cause: SSRF...
CVE-2026-21309
Summary: CVE-2026-21309 affects Adobe Commerce and is an Incorrect Authorization vulnerability enabling unauthorized data viewing with no user interaction. Affected: Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier. Impact: security feature byp...
CVE-2026-21285
CVE-2026-21285 affects Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier. The issue is an Incorrect Authorization vulnerability that could allow a low-privileged attacker to bypass security measures and gain limited unauthorized access to a feat...
CVE-2026-21296
Adobe Commerce (Magento) suffers an Incorrect Authorization vulnerability (CVE-2026-21296) across multiple versions including 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier. The issue enables a security feature bypass where a low-privileged attacker can gain limited...
CVE-2026-34658
Summary: Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious Jav...
CVE-2026-21291
CVE-2026-21291 affects Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier. The issue is a stored Cross-Site Scripting (XSS) vulnerability (CWE-79) that could be exploited by a high-privileged attacker to inject malicious scripts into vulnerable f...
CVE-2026-21294
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could bypass security features. The issue allows a high-privileged attacker to manipulate server-side requests and bypass c...