Lucene search
K

75 matches found

CVE
CVE
added 2026/03/11 2:19 a.m.25 views

CVE-2026-21360

CVE-2026-21360 affects Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier, with an Improper Pathname/Path Traversal vulnerability that could bypass security features and allow a high-privileged attacker to access files or directories outside the ...

6.8CVSS5.8AI score0.00636EPSS
CVE
CVE
added 2026/05/12 7:50 p.m.25 views

CVE-2026-34648

Adobe Commerce CVE-2026-34648 affects versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier with an Uncontrolled Resource Consumption flaw that can cause application denial-of-service by exhausting system resources. Exploitation requires no user interaction and is ...

7.5CVSS5.8AI score0.2255EPSS
CVE
CVE
added 2025/08/12 5:55 p.m.24 views

CVE-2025-49559

CVE-2025-49559 affects Adobe Commerce/Magento Open Source: path traversal in versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier that could bypass security features and allow modification of limited data. The issue is exploitable without user interaction (networ...

5.3CVSS6.9AI score0.00632EPSS
CVE
CVE
added 2026/03/11 2:19 a.m.24 views

CVE-2026-21311

Adobe Commerce (Magento) versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored XSS (CWE-79) in vulnerable form fields. A high-privileged attacker can inject JavaScript that is executed in a victim’s browser when they visit the affected pag...

8CVSS5.7AI score0.00304EPSS
CVE
CVE
added 2026/05/12 7:50 p.m.22 views

CVE-2026-34655

Adobe Commerce is affected by a stored XSS vulnerability (CVE-2026-34655) in versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier. The issue allows a high-privileged attacker to inject malicious scripts into vulnerable form fields, potentially executing JavaScript...

4.8CVSS5.8AI score0.00368EPSS
CVE
CVE
added 2026/03/11 2:19 a.m.21 views

CVE-2026-21290

Adobe Commerce is affected by a stored Cross-Site Scripting (XSS) vulnerability (CVE-2026-21290) in multiple older 2.4.x releases (2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier). The issue allows a low-privileged attacker to inject malicious scripts into vulnerable...

8.7CVSS5.7AI score0.00452EPSS
CVE
CVE
added 2026/05/12 7:50 p.m.21 views

CVE-2026-34646

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could bypass security features and grant unauthorized write access. The CVSS v3.1 metrics indicate a Network attack vector, no privile...

7.5CVSS5.8AI score0.00411EPSS
CVE
CVE
added 2026/03/11 2:19 a.m.19 views

CVE-2026-21286

CVE-2026-21286 affects Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier, due to an Incorrect Authorization vulnerability (CWE-863) that could bypass security features and allow limited unauthorized view access without user interaction. Multiple...

5.3CVSS5.8AI score0.00295EPSS
CVE
CVE
added 2026/03/11 2:19 a.m.19 views

CVE-2026-21359

CVE-2026-21359 (Adobe Commerce) affects multiple older Adobe Commerce builds (2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier) with an Incorrect Authorization vulnerability that can bypass security features, allowing limited impact to data integrity/availability. The...

4.7CVSS5.8AI score0.00211EPSS
CVE
CVE
added 2026/05/12 7:50 p.m.19 views

CVE-2026-34649

CVE-2026-34649 affects Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier. The issue is an Uncontrolled Resource Consumption vulnerability that can cause an application denial-of-service by exhausting system resources. Exploitation does not requir...

7.5CVSS5.8AI score0.14383EPSS
CVE
CVE
added 2026/05/12 7:50 p.m.19 views

CVE-2026-34651

Adobe Commerce is affected by CVE-2026-34651 across versions 2.4.4-p17 and earlier up to 2.4.9-beta1, with an Uncontrolled Resource Consumption issue that can cause application denial-of-service. The vulnerability enables resource exhaustion without user interaction (attack vector: network; compl...

7.5CVSS5.8AI score0.00675EPSS
CVE
CVE
added 2026/03/11 2:19 a.m.18 views

CVE-2026-21284

Adobe Commerce CVE-2026-21284 is a stored XSS vulnerability affecting versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier. The flaw allows a high-privileged attacker to inject malicious scripts into vulnerable form fields, with JavaScript executed in a victim’s ...

8.1CVSS5.7AI score0.00382EPSS
CVE
CVE
added 2026/03/11 2:19 a.m.18 views

CVE-2026-21289

CVE-2026-21289 affects Adobe Commerce components across versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier, introducing an Incorrect Authorization vulnerability that could bypass security features and allow an attacker to view data without user interaction. Pub...

7.5CVSS5.8AI score0.00603EPSS
CVE
CVE
added 2026/03/11 2:19 a.m.18 views

CVE-2026-21295

Adobe Commerce is affected by a URL Redirection to Untrusted Site (Open Redirect) vulnerability (CVE-2026-21295). Affected versions include 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier. The underlying issue allows an attacker to redirect users to malicious website...

3.1CVSS5.8AI score0.00233EPSS
CVE
CVE
added 2026/03/11 2:19 a.m.18 views

CVE-2026-21297

CVE-2026-21297 affects Adobe Commerce (Magento) versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier and is an Incorrect Authorization vulnerability that could bypass security features. A low-privileged attacker may gain limited unauthorized access to a feature, ...

4.3CVSS5.8AI score0.0035EPSS
CVE
CVE
added 2026/03/11 2:19 a.m.18 views

CVE-2026-21310

CVE-2026-21310 affects Adobe Commerce (Magento) 2.4.x up to 2.4.9-alpha3 and earlier, due to Improper Input Validation that can bypass security features with no user interaction. Impact is limited to integrity; attack vector is network, no privileges required. Remediation: upgrade to fixed releas...

5.3CVSS5.8AI score0.00302EPSS
CVE
CVE
added 2026/05/12 7:50 p.m.17 views

CVE-2026-34653

Adobe Commerce users affected: versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are impacted by an Improper Limitation of a Pathname to a Restricted Directory (Path Traversal). The vulnerability allows an authenticated administrator to read or write arbitrary ...

8.7CVSS5.9AI score0.00606EPSS
CVE
CVE
added 2026/03/11 2:19 a.m.16 views

CVE-2026-21292

Adobe Commerce (Magento) is affected by a stored Cross-Site Scripting (XSS) vulnerability (CVE-2026-21292) in multiple 2.4.x releases: 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier. Root cause: improper input validation allowing injection of malicious scripts into ...

5.4CVSS5.8AI score0.00255EPSS
CVE
CVE
added 2026/03/11 2:19 a.m.16 views

CVE-2026-21293

CVE-2026-21293 affects Adobe Commerce (Magento) up to 2.4.9-alpha3 and earlier, with a Server-Side Request Forgery (SSRF) that could bypass security features. A high-privileged attacker can manipulate server-side requests to access unauthorized resources without user interaction. Root cause: SSRF...

5.5CVSS5.8AI score0.00232EPSS
CVE
CVE
added 2026/03/11 2:19 a.m.15 views

CVE-2026-21309

Summary: CVE-2026-21309 affects Adobe Commerce and is an Incorrect Authorization vulnerability enabling unauthorized data viewing with no user interaction. Affected: Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier. Impact: security feature byp...

7.5CVSS5.8AI score0.0056EPSS
CVE
CVE
added 2026/03/11 2:19 a.m.14 views

CVE-2026-21285

CVE-2026-21285 affects Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier. The issue is an Incorrect Authorization vulnerability that could allow a low-privileged attacker to bypass security measures and gain limited unauthorized access to a feat...

4.3CVSS5.8AI score0.00255EPSS
CVE
CVE
added 2026/03/11 2:19 a.m.13 views

CVE-2026-21296

Adobe Commerce (Magento) suffers an Incorrect Authorization vulnerability (CVE-2026-21296) across multiple versions including 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier. The issue enables a security feature bypass where a low-privileged attacker can gain limited...

4.3CVSS5.8AI score0.00339EPSS
CVE
CVE
added 2026/05/12 7:50 p.m.13 views

CVE-2026-34658

Summary: Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious Jav...

4.8CVSS5.8AI score0.00274EPSS
CVE
CVE
added 2026/03/11 2:19 a.m.12 views

CVE-2026-21291

CVE-2026-21291 affects Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier. The issue is a stored Cross-Site Scripting (XSS) vulnerability (CWE-79) that could be exploited by a high-privileged attacker to inject malicious scripts into vulnerable f...

4.8CVSS5.8AI score0.00267EPSS
CVE
CVE
added 2026/03/11 2:19 a.m.12 views

CVE-2026-21294

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could bypass security features. The issue allows a high-privileged attacker to manipulate server-side requests and bypass c...

5.5CVSS5.8AI score0.00232EPSS
Total number of security vulnerabilities75