Commerce@* Security Vulnerabilities and Issues — Commerce@* CVE List

Lucene search

AdobeCommerce*

42 matches found

CVE•added 2022/02/16 5:15 p.m.•1329 views

CVE-2022-24086

Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.

10CVSS9.7AI score0.90147EPSS

In wild

CVE•added 2023/09/12 8:15 a.m.•1209 views

CVE-2022-24093

Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution.

9.1CVSS7.7AI score0.01024EPSS

CVE•added 2023/03/27 9:15 p.m.•255 views

CVE-2023-22247

Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an XML Injection vulnerability that could lead to arbitrary file system read. An unauthenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of t...

7.5CVSS7.7AI score0.00736EPSS

CVE•added 2023/08/09 8:15 a.m.•100 views

CVE-2023-38208

Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead to arbitrary code execution by an admin-privilege authenticat...

9.1CVSS8.4AI score0.03434EPSS

CVE•added 2023/03/27 9:15 p.m.•98 views

CVE-2023-22249

Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s ...

4.8CVSS4.6AI score0.15675EPSS

CVE•added 2023/03/27 9:15 p.m.•84 views

CVE-2023-22250

Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this...

5.3CVSS5AI score0.00044EPSS

CVE•added 2022/10/14 8:15 p.m.•83 views

CVE-2022-35698

Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by a Stored Cross-site Scripting vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution.

10CVSS6.6AI score0.05928EPSS

CVE•added 2022/10/20 5:15 p.m.•82 views

CVE-2022-42344

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Incorrect Authorization vulnerability. An authenticated attacker can exploit this vulnerability to achieve information exposure and privilege escalation.

8.8CVSS8.3AI score0.00873EPSS

CVE•added 2022/10/14 8:15 p.m.•81 views

CVE-2022-35689

Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this is...

5.3CVSS5AI score0.00183EPSS

CVE•added 2025/02/11 6:15 p.m.•80 views

CVE-2025-24406

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to a security feature bypass. An unauthenticated attacker could exploit this vuln...

7.5CVSS6.1AI score0.00295EPSS

CVE•added 2025/02/11 6:15 p.m.•74 views

CVE-2025-24411

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unautho...

8.1CVSS8.4AI score0.00107EPSS

CVE•added 2025/02/11 6:15 p.m.•72 views

CVE-2025-24417

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed...

8.7CVSS7.5AI score0.00076EPSS

CVE•added 2025/02/11 6:15 p.m.•71 views

CVE-2025-24414

8.7CVSS7.5AI score0.00076EPSS

CVE•added 2025/02/11 6:15 p.m.•69 views

CVE-2025-24409

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access, ...

8.2CVSS8.8AI score0.00139EPSS

CVE•added 2023/03/27 9:15 p.m.•67 views

CVE-2023-22251

Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Incorrect Authorization vulnerability. A low-privileged authenticated attacker could leverage this vulnerability to achieve minor information disclosure.

4.3CVSS4.5AI score0.00222EPSS

CVE•added 2025/02/11 6:15 p.m.•67 views

CVE-2025-24408

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Information Exposure vulnerability that could result in privilege escalation. A low-privileged attacker could gain unauthorized access to sensitive information. Exploitation of this issue do...

6.5CVSS6.8AI score0.00114EPSS

CVE•added 2025/02/11 6:15 p.m.•67 views

CVE-2025-24412

8.7CVSS7.5AI score0.00076EPSS

CVE•added 2025/02/11 6:15 p.m.•67 views

CVE-2025-24421

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to read select data. Exploitation of this iss...

4.3CVSS5AI score0.0005EPSS

CVE•added 2025/02/11 6:15 p.m.•67 views

CVE-2025-24430

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this race condition to alter a condition after it has...

3.7CVSS4.5AI score0.00092EPSS

CVE•added 2025/02/11 6:15 p.m.•66 views

CVE-2025-24429

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass allowing read only access. A low-privileged attacker could leverage this vulnerability to bypass security...

3.5CVSS4.9AI score0.00054EPSS

CVE•added 2025/02/11 6:15 p.m.•65 views

CVE-2025-24415

8.7CVSS7.5AI score0.00076EPSS

CVE•added 2025/02/11 6:15 p.m.•65 views

CVE-2025-24427

6.5CVSS7.1AI score0.00064EPSS

CVE•added 2025/04/08 9:15 p.m.•65 views

CVE-2025-27188

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploi...

4.3CVSS7.2AI score0.00054EPSS

CVE•added 2023/08/09 8:15 a.m.•64 views

CVE-2023-38209

Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Incorrect Authorization vulnerability that could lead to a Security feature bypass. A low-privileged attacker could leverage this vulnerability to access other user's data. Exploitat...

6.5CVSS6.3AI score0.00132EPSS

CVE•added 2025/02/11 6:15 p.m.•64 views

CVE-2025-24432

3.7CVSS4.5AI score0.00092EPSS

CVE•added 2023/08/09 8:15 a.m.•63 views

CVE-2023-38207

Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by a XML Injection (aka Blind XPath Injection) vulnerability that could lead in minor arbitrary file system read. Exploitation of this issue does not require user interaction.

7.5CVSS7.6AI score0.00697EPSS

CVE•added 2025/02/11 6:15 p.m.•60 views

CVE-2025-24410

8.7CVSS7.5AI score0.00076EPSS

CVE•added 2025/02/11 6:15 p.m.•60 views

CVE-2025-24428

5.4CVSS5.3AI score0.00051EPSS

CVE•added 2025/02/11 6:15 p.m.•59 views

CVE-2025-24416

8.7CVSS7.5AI score0.00076EPSS

CVE•added 2025/02/11 6:15 p.m.•58 views

CVE-2025-24425

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Business Logic Error vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to circumvent intended security mechanisms by manipulating the ...

5.3CVSS5.6AI score0.00241EPSS

CVE•added 2025/02/11 6:15 p.m.•56 views

CVE-2025-24413

8.7CVSS7.5AI score0.00076EPSS

CVE•added 2024/11/12 5:15 p.m.•53 views

CVE-2024-49521

Adobe Commerce versions 3.2.5 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to a security feature bypass. A low privileged attacker could exploit this vulnerability to send crafted requests from the vulnerable server to internal systems, which could ...

7.7CVSS7.4AI score0.0024EPSS

CVE•added 2025/04/08 9:15 p.m.•52 views

CVE-2025-27192

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to gain unauthorized access to pr...

2.7CVSS6.9AI score0.00063EPSS

CVE•added 2025/04/08 9:15 p.m.•44 views

CVE-2025-27191

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. ...

5.3CVSS7.1AI score0.0009EPSS

CVE•added 2025/08/12 6:15 p.m.•13 views

CVE-2025-49554

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability by providing specially crafted input, causi...

7.5CVSS6.9AI score0.00284EPSS

CVE•added 2025/08/12 6:15 p.m.•12 views

CVE-2025-49557

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form fields. A successful attacker...

8.7CVSS4.9AI score0.00047EPSS

CVE•added 2025/06/25 6:15 p.m.•9 views

CVE-2025-49549

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain limited una...

2.7CVSS7.1AI score0.00077EPSS

CVE•added 2025/08/12 6:15 p.m.•9 views

CVE-2025-49558

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability by manipulating the ti...

5.9CVSS7AI score0.00175EPSS

CVE•added 2025/06/25 6:15 p.m.•8 views

CVE-2025-49550

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized acces...

4.3CVSS7.1AI score0.00086EPSS

CVE•added 2025/08/12 6:15 p.m.•8 views

CVE-2025-49556

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthori...

7.5CVSS7.1AI score0.00144EPSS

CVE•added 2025/08/12 6:15 p.m.•8 views

CVE-2025-49559

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a security feature bypass. An attacker could leverage this vulne...

5.3CVSS6.9AI score0.00183EPSS

CVE•added 2025/08/12 6:15 p.m.•7 views

CVE-2025-49555

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in privilege escalation. A high-privileged attacker could trick a victim into executing unintended actions on a w...

8.1CVSS7AI score0.00052EPSS