Lucene search
K

21 matches found

CVE
CVE
added 2024/04/10 11:49 a.m.223 views

CVE-2024-20758

Adobe Commerce (Magento) vulnerable versions: 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier suffer an Improper Input Validation flaw that can lead to arbitrary code execution on the underlying filesystem. Exploitation does not require user interaction, but the attack complexity is high. A...

9CVSS9AI score0.01418EPSS
CVE
CVE
added 2024/10/10 9:57 a.m.121 views

CVE-2024-45116

CVE-2024-45116 is an XSS flaw in Adobe Commerce (Magento Open Source) affecting versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. An attacker can lure an admin or user to click a crafted link or submit a form, causing arbitrary script execution in the victim’s browser with high impact...

8.1CVSS7.2AI score0.00916EPSS
CVE
CVE
added 2024/10/10 9:58 a.m.115 views

CVE-2024-45127

CVE-2024-45127 is cited for Adobe Commerce (Magento) in multiple documents as a stored Cross-Site Scripting (XSS) vulnerability. Affected versions include 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. The vulnerability allows an admin attacker to inject malicious scripts into vulnerable fo...

4.8CVSS4.6AI score0.00438EPSS
CVE
CVE
added 2024/10/10 9:58 a.m.114 views

CVE-2024-45117

CVE-2024-45117 affects Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. The vulnerability is an Improper Input Validation that could allow an admin attacker to read files outside of permitted directories via the PHP filter chain, with a low-availability impact on the s...

7.6CVSS7.4AI score0.00852EPSS
CVE
CVE
added 2024/10/10 9:58 a.m.103 views

CVE-2024-45124

CVE-2024-45124 affects Adobe Commerce (2.4.x: 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier) with an Improper Access Control vulnerability that could bypass security features and impact integrity at a low level. Exploitation does not require user interaction. The Connected documents corrobo...

5.3CVSS5.1AI score0.00589EPSS
CVE
CVE
added 2024/10/10 9:57 a.m.101 views

CVE-2024-45130

Summary: CVE-2024-45130 affects Adobe Commerce/Magento Open Source and Adobe Commerce B2B products in multiple documents, with an Improper Access Control vulnerability that can enable a security feature bypass. The affected versions include Adobe Commerce 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 a...

4.3CVSS4.8AI score0.00521EPSS
CVE
CVE
added 2024/10/10 9:58 a.m.100 views

CVE-2024-45121

CVE-2024-45121 affects Adobe Commerce (Magento) versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. It is an Improper Access Control (CWE-284) vulnerability that could allow a low-privileged attacker to bypass security measures, with a low impact on integrity and no required user intera...

4.3CVSS4.8AI score0.00521EPSS
CVE
CVE
added 2024/04/10 11:49 a.m.95 views

CVE-2024-20759

CVE-2024-20759 affects Adobe Commerce (Magento) Open/Commerce platforms: versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier. The issue is a stored Cross‑Site Scripting (XSS) vulnerability in vulnerable form fields that could be exploited by a high‑privileged attacker to inject malicio...

8.1CVSS6.8AI score0.01028EPSS
CVE
CVE
added 2024/10/10 9:57 a.m.87 views

CVE-2024-45122

Adobe Commerce/Open Source Magento Open Source CVE-2024-45122 describes an Improper Access Control vulnerability that could allow a low-privileged attacker to bypass security measures with low confidentiality impact and without user interaction. Affected versions include Adobe Commerce 2.4.7-p2, ...

4.3CVSS4.4AI score0.00536EPSS
CVE
CVE
added 2024/10/10 9:57 a.m.82 views

CVE-2024-45148

CVE-2024-45148 affects Adobe Commerce/Magento Open Source: versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could bypass security features. A low-privileged attacker could gain unauthorized access without credentials, and e...

8.8CVSS8.8AI score0.0073EPSS
CVE
CVE
added 2024/10/10 9:58 a.m.78 views

CVE-2024-45123

Adobe Commerce (Magento Open Source) CVE-2024-45123 is a reflected Cross-Site Scripting (XSS) vulnerability affecting versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. An attacker who can entice a user to visit a specially crafted URL can cause malicious JavaScript to execute in the v...

6.1CVSS5.8AI score0.00426EPSS
CVE
CVE
added 2024/10/10 9:57 a.m.71 views

CVE-2024-45131

Adobe Commerce (Magento Open Source) vulnerability CVE-2024-45131 affects versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. The issue is an Improper Authorization that could allow a low-privileged attacker to bypass security features with low impact on confidentiality and integrity; e...

5.4CVSS5.3AI score0.0044EPSS
CVE
CVE
added 2024/10/10 9:58 a.m.66 views

CVE-2024-45128

CVE-2024-45128 affects Adobe Commerce and Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. The vulnerability is an Improper Authorization that could allow a low-privileged attacker to bypass security features, with a resulting, albeit low, impact on integrity and ...

5.4CVSS5.3AI score0.00568EPSS
CVE
CVE
added 2024/10/10 9:58 a.m.65 views

CVE-2024-45115

Adobe Commerce CVE-2024-45115 affects multiple 2.4.x releases (2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier) with an Improper Authentication vulnerability that can escalate privileges without user interaction. The issue is documented with a high-impact CVSS v3.1 (9.8, AV:N/AC:L/PR:N/UI:N/S...

9.8CVSS9.7AI score0.0108EPSS
CVE
CVE
added 2024/10/10 9:57 a.m.64 views

CVE-2024-45125

Adobe Commerce (Magento Open Source) CVE-2024-45125 affects versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier, due to an Incorrect Authorization vulnerability that can bypass security features. The issue allows a low-privilege attacker to impact integrity with a low severity (CVSS 3.1:...

4.3CVSS4.4AI score0.00521EPSS
CVE
CVE
added 2024/10/10 9:58 a.m.63 views

CVE-2024-45133

CVE-2024-45133 affects Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. The issue is an Information Exposure vulnerability that could enable a security feature bypass, with a low confidentiality impact and no required user interaction. Exploitation does not require use...

2.7CVSS3.3AI score0.0058EPSS
CVE
CVE
added 2024/10/10 9:57 a.m.59 views

CVE-2024-45118

CVE-2024-45118 affects Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier, with an Improper Access Control vulnerability (CWE-284) that could allow a low-privileged attacker to bypass security features and impact integrity. The reports consistently describe a high-impact,...

6.5CVSS6.3AI score0.00626EPSS
CVE
CVE
added 2024/10/10 9:57 a.m.59 views

CVE-2024-45129

CVE-2024-45129 affects Adobe Commerce (and Magento Open Source) versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier, due to an Improper Access Control vulnerability that could enable privilege escalation. A low-privileged attacker could bypass security controls and achieve integrity impa...

4.3CVSS4.9AI score0.00521EPSS
CVE
CVE
added 2024/10/10 9:57 a.m.58 views

CVE-2024-45132

CVE-2024-45132 affects Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. The issue is an Improper Authorization vulnerability that could enable a privilege escalation . A low-privileged attacker could bypass security measures and gain access with higher privileges, with...

6.5CVSS6.7AI score0.00742EPSS
CVE
CVE
added 2024/10/10 9:57 a.m.57 views

CVE-2024-45134

CVE-2024-45134 (Adobe Commerce) affects Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. The vulnerability is an Information Exposure that could result in a security feature bypass, with a low confidentiality impact. Exploitation does not require user interaction and, ...

2.7CVSS3.9AI score0.00612EPSS
CVE
CVE
added 2024/10/10 9:57 a.m.48 views

CVE-2024-45135

Summary of CVE-2024-45135 : Adobe Commerce (versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier) is affected by an Improper Access Control vulnerability that could result in a security feature bypass. The underlying issue is an access-control flaw that could be exploited by an admin atta...

2.7CVSS4AI score0.00563EPSS