Commerce Security Vulnerabilities and Issues — Commerce CVE List

Lucene search

AdobeCommerce

14 matches found

CVE•added 2023/09/12 8:15 a.m.•1200 views

CVE-2022-24093

Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution.

9.1CVSS7.7AI score0.01024EPSS

CVE•added 2024/06/13 9:15 a.m.•235 views

CVE-2024-34102

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that r...

9.8CVSS9.6AI score0.94362EPSS

CVE•added 2025/02/11 6:15 p.m.•231 views

CVE-2025-24434

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Explo...

9.1CVSS9.2AI score0.00227EPSS

CVE•added 2024/04/10 12:15 p.m.•147 views

CVE-2024-20758

Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution on the underlying filesystem. Exploitation of this issue does not require user interaction, but the attack complexit...

9CVSS9AI score0.00892EPSS

CVE•added 2024/08/14 12:15 p.m.•117 views

CVE-2024-39397

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution by an attacker. An attacker could exploit this vulnerability by uploading a malicious file which ...

9CVSS9.2AI score0.06781EPSS

CVE•added 2023/06/15 7:15 p.m.•112 views

CVE-2023-29297

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation...

9.1CVSS8.3AI score0.06202EPSS

CVE•added 2024/02/15 2:15 p.m.•103 views

CVE-2024-20720

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does not require user i...

9.1CVSS8.5AI score0.04818EPSS

CVE•added 2023/08/09 8:15 a.m.•99 views

CVE-2023-38208

Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead to arbitrary code execution by an admin-privilege authenticat...

9.1CVSS8.4AI score0.03434EPSS

CVE•added 2022/08/16 9:15 p.m.•96 views

CVE-2022-34253

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an XML Injection vulnerability in the Widgets Module. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution. Exploitation of this issue ...

9.1CVSS7.4AI score0.25306EPSS

CVE•added 2022/08/16 9:15 p.m.•82 views

CVE-2022-34256

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to access other user's data. Exploitation of this issue doe...

9.8CVSS8.4AI score0.00538EPSS

CVE•added 2024/06/13 9:15 a.m.•59 views

CVE-2024-34107

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and view minor unauthorised information. Exploit...

9.8CVSS7.2AI score0.00195EPSS

CVE•added 2024/02/15 2:15 p.m.•56 views

CVE-2024-20719

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page. Malicious JavaScript may be executed in a victim’s browser when they browse...

9.1CVSS7.2AI score0.06202EPSS

CVE•added 2024/06/13 9:15 a.m.•55 views

CVE-2024-34108

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but admin privileges are...

9.1CVSS8.6AI score0.01888EPSS

CVE•added 2024/10/10 10:15 a.m.•44 views

CVE-2024-45115

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exp...

9.8CVSS9.7AI score0.00262EPSS