Lucene search

K
AdobeCommerce2.4.5

28 matches found

CVE
CVE
added 2023/03/27 9:15 p.m.254 views

CVE-2023-22247

Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an XML Injection vulnerability that could lead to arbitrary file system read. An unauthenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of t...

7.5CVSS7.7AI score0.00736EPSS
CVE
CVE
added 2023/06/15 7:15 p.m.112 views

CVE-2023-29297

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation...

9.1CVSS8.3AI score0.06202EPSS
CVE
CVE
added 2023/10/13 7:15 a.m.111 views

CVE-2023-38218

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Incorrect Authorization . An authenticated attacker can exploit this to achieve information exposure and privilege escalation.

8.8CVSS8.5AI score0.00692EPSS
CVE
CVE
added 2023/08/09 8:15 a.m.99 views

CVE-2023-38208

Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead to arbitrary code execution by an admin-privilege authenticat...

9.1CVSS8.4AI score0.03434EPSS
CVE
CVE
added 2023/10/13 7:15 a.m.98 views

CVE-2023-38220

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Authorization vulnerability that could lead in a security feature bypass in a way that an attacker could access unauthorised data. Exploitation of...

7.5CVSS7.4AI score0.00153EPSS
CVE
CVE
added 2023/03/27 9:15 p.m.94 views

CVE-2023-22249

Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s ...

4.8CVSS4.6AI score0.15675EPSS
CVE
CVE
added 2023/10/13 7:15 a.m.94 views

CVE-2023-26367

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker. Exploitation of this is...

4.9CVSS4.9AI score0.00331EPSS
CVE
CVE
added 2023/10/13 7:15 a.m.91 views

CVE-2023-38249

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-...

8CVSS7.6AI score0.01412EPSS
CVE
CVE
added 2023/03/27 9:15 p.m.83 views

CVE-2023-22250

Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this...

5.3CVSS5AI score0.00044EPSS
CVE
CVE
added 2023/10/13 7:15 a.m.81 views

CVE-2023-38250

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-...

8CVSS7.2AI score0.01412EPSS
CVE
CVE
added 2023/10/13 7:15 a.m.80 views

CVE-2023-38219

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. M...

8.7CVSS7.4AI score0.0152EPSS
CVE
CVE
added 2023/10/13 7:15 a.m.80 views

CVE-2023-38221

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-...

8CVSS7.6AI score0.01412EPSS
CVE
CVE
added 2023/10/13 7:15 a.m.78 views

CVE-2023-38251

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Uncontrolled Resource Consumption vulnerability that could lead in minor application denial-of-service. Exploitation of this issue does not require user int...

5.3CVSS5.1AI score0.00232EPSS
CVE
CVE
added 2023/06/15 7:15 p.m.76 views

CVE-2023-22248

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to leak another user's data. Exploitation of this iss...

7.5CVSS7.3AI score0.00145EPSS
CVE
CVE
added 2023/06/15 7:15 p.m.75 views

CVE-2023-29290

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this...

5.3CVSS5.1AI score0.00125EPSS
CVE
CVE
added 2023/10/13 7:15 a.m.74 views

CVE-2023-26366

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privileged authenticated attacker can force the appli...

6.8CVSS6.5AI score0.00324EPSS
CVE
CVE
added 2023/06/15 7:15 p.m.71 views

CVE-2023-29289

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an XML Injection vulnerability. An attacker with low privileges can trigger a specially crafted script to a security feature bypass. Exploitation of this issue does not require user intera...

6.5CVSS6.4AI score0.00322EPSS
CVE
CVE
added 2023/06/15 7:15 p.m.68 views

CVE-2023-29293

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An admin privileged attacker could leverage this vulnerability to impact the availability of a us...

2.7CVSS3.9AI score0.00035EPSS
CVE
CVE
added 2023/03/27 9:15 p.m.66 views

CVE-2023-22251

Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Incorrect Authorization vulnerability. A low-privileged authenticated attacker could leverage this vulnerability to achieve minor information disclosure.

4.3CVSS4.5AI score0.00222EPSS
CVE
CVE
added 2023/06/15 7:15 p.m.63 views

CVE-2023-29291

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requ...

4.9CVSS5.1AI score0.00413EPSS
CVE
CVE
added 2023/08/09 8:15 a.m.63 views

CVE-2023-38209

Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Incorrect Authorization vulnerability that could lead to a Security feature bypass. A low-privileged attacker could leverage this vulnerability to access other user's data. Exploitat...

6.5CVSS6.3AI score0.00132EPSS
CVE
CVE
added 2023/06/15 7:15 p.m.62 views

CVE-2023-29288

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacker could leverage this vulnerability to modify a minor functionality of another ...

4.3CVSS4.3AI score0.00183EPSS
CVE
CVE
added 2023/08/09 8:15 a.m.62 views

CVE-2023-38207

Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by a XML Injection (aka Blind XPath Injection) vulnerability that could lead in minor arbitrary file system read. Exploitation of this issue does not require user interaction.

7.5CVSS7.6AI score0.00697EPSS
CVE
CVE
added 2023/06/15 7:15 p.m.61 views

CVE-2023-29295

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploi...

4.3CVSS4.4AI score0.00103EPSS
CVE
CVE
added 2023/06/15 7:15 p.m.53 views

CVE-2023-29292

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requ...

4.9CVSS5.5AI score0.00321EPSS
CVE
CVE
added 2023/06/15 7:15 p.m.53 views

CVE-2023-29296

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to modify a minor functionality of anot...

4.3CVSS4.4AI score0.00103EPSS
CVE
CVE
added 2023/06/15 7:15 p.m.52 views

CVE-2023-29287

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Information Exposure vulnerability that could lead to a security feature bypass. An attacker could leverage this vulnerability to leak minor user data. Exploitation of this issue does n...

5.3CVSS5.3AI score0.00263EPSS
CVE
CVE
added 2023/06/15 7:15 p.m.50 views

CVE-2023-29294

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Business Logic Errors vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitat...

4.3CVSS4.4AI score0.00169EPSS