Lucene search
K
AdobeMagento

161 matches found

CVE
CVE
added 2022/02/16 4:38 p.m.1371 views

CVE-2022-24086

CVE-2022-24086 affects Adobe Commerce and Magento Open Source via an improper input validation vulnerability during checkout, allowing arbitrary code execution without user interaction. Affected: Adobe Commerce 2.4.3-p1 and earlier, 2.3.7-p2 and earlier. Evidence from multiple advisories confirms...

10CVSS9.7AI score0.99199EPSS
In wild
CVE
CVE
added 2025/09/09 1:20 p.m.504 views

CVE-2025-54236

CVE-2025-54236 affects Adobe Commerce and Magento Open Source: Improper Input Validation could allow an attacker to take over customer sessions (high confidentiality/integrity impact) with network-level, no-interaction exploit. Affected: Adobe Commerce 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12,...

9.1CVSS6.2AI score0.96742EPSS
In wildWeb
CVE
CVE
added 2024/06/13 9:4 a.m.371 views

CVE-2024-34102

CVE-2024-34102 is an XXE vulnerability in Adobe Commerce/Magento Open Source that allows remote code execution. The issue affects Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier, via improper restriction of XML external entity references. Exploitation can occur without use...

9.8CVSS9.6AI score0.99994EPSS
In wild
CVE
CVE
added 2025/02/11 5:37 p.m.312 views

CVE-2025-24434

Adobe Commerce (Magento) is affected by an Incorrect/Improper Authorization vulnerability (CVE-2025-24434) impacting versions including 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. The issue allows privilege escalation and session takeover without user interaction. Root caus...

9.1CVSS9.2AI score0.15857EPSS
CVE
CVE
added 2024/04/10 11:49 a.m.223 views

CVE-2024-20758

Adobe Commerce (Magento) vulnerable versions: 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier suffer an Improper Input Validation flaw that can lead to arbitrary code execution on the underlying filesystem. Exploitation does not require user interaction, but the attack complexity is high. A...

9CVSS9AI score0.01418EPSS
CVE
CVE
added 2020/02/25 1:20 a.m.155 views

CVE-2020-8818

CVE-2020-8818 affects the CardGate Payments plugin for Magento 2 (up to version 2.0.30). The underlying issue is lack of origin authentication in the IPN callback processing function (Controller/Payment/Callback.php), enabling an attacker to remotely replace critical plugin settings (merchant ID,...

8.1CVSS8AI score0.0417EPSS
Web
CVE
CVE
added 2025/02/11 5:37 p.m.148 views

CVE-2025-24406

CVE-2025-24406 concerns Adobe Commerce; multiple historical releases (2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier) are affected by an improper pathname limitation vulnerability (Path Traversal). An unauthenticated attacker could bypass a security feature and modify files sto...

7.5CVSS6.1AI score0.01278EPSS
CVE
CVE
added 2024/08/14 11:57 a.m.141 views

CVE-2024-39397

Adobe Commerce (Magento) is affected by CVE-2024-39397: Unrestricted Upload of File with Dangerous Type that could lead to arbitrary code execution. Affected versions include 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. The issue arises from uploading a dangerous file that is then executed...

9CVSS9.2AI score0.01096EPSS
CVE
CVE
added 2023/10/13 6:15 a.m.140 views

CVE-2023-38218

CVE-2023-38218 affects Adobe Commerce/Magento Open Source/Community Edition: versions 2.4.4-p5 and earlier up to 2.4.7-beta1 (and earlier) are vulnerable to Incorrect Authorization via the V1/customers/me endpoint, enabling an authenticated attacker to cause information exposure and privilege esc...

8.8CVSS8.5AI score0.00651EPSS
CVE
CVE
added 2024/06/13 9:4 a.m.140 views

CVE-2024-34104

Adobe Commerce (Magento Open Source) versions affected by CVE-2024-34104 include 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier. The issue is described as Improper Authorization that could bypass security features, allowing unauthorized access with confidentiality and integrity impact. Exploitat...

8.2CVSS8.1AI score0.00791EPSS
CVE
CVE
added 2023/06/15 12:0 a.m.136 views

CVE-2023-29290

CVE-2023-29290 affects Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier, and 2.4.4-p3 and earlier. The vulnerability is an Incorrect Authorization issue that could bypass a security feature and enable bypass of a minor functionality without user interaction. The CVE has a Medium ba...

5.3CVSS5.1AI score0.00566EPSS
CVE
CVE
added 2023/06/15 12:0 a.m.131 views

CVE-2023-29297

CVE-2023-29297 affects Adobe Commerce versions 2.4.6 and earlier (including 2.4.5-p2 and 2.4.4-p3) with an Improper Neutralization of Special Elements Used in a Template Engine vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation doe...

9.1CVSS8.3AI score0.01223EPSS
CVE
CVE
added 2024/08/14 11:57 a.m.130 views

CVE-2024-39406

Adobe Commerce/Open Source Magento Path Traversal (CVE-2024-39406) affects versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. The issue is an Improper Limitation of a Pathname to a Restricted Directory, enabling an attacker to read arbitrary files outside the restricted path without use...

6.8CVSS7.3AI score0.00872EPSS
CVE
CVE
added 2024/06/13 9:4 a.m.129 views

CVE-2024-34111

CVE-2024-34111 is a Server-Side Request Forgery (SSRF) affecting Adobe Commerce/Magento Open Source versions up to 2.4.7 and earlier (e.g., 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier). The issue allows a low-privilege, authenticated attacker to cause arbitrary file system reads by injecting ...

8.8CVSS7.6AI score0.01123EPSS
CVE
CVE
added 2024/06/13 9:5 a.m.128 views

CVE-2024-34109

CVE-2024-34109 affects Adobe Commerce/Magento Open Source; affected versions are 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier. It is an Improper Input Validation vulnerability that could enable arbitrary code execution in the context of the current user. Exploitation does not require user inte...

7.2CVSS7.3AI score0.01561EPSS
CVE
CVE
added 2024/08/14 11:57 a.m.125 views

CVE-2024-39399

CVE-2024-39399 affects Adobe Commerce/Magento Open Source versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. Description: an improper limitation of a pathname to a restricted directory enables path traversal, allowing a low-privileged attacker to read arbitrary files outside the restric...

7.7CVSS7.7AI score0.00911EPSS
CVE
CVE
added 2024/06/13 9:4 a.m.124 views

CVE-2024-34110

CVE-2024-34110 affects Adobe Commerce and Magento Open Source versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier. It is an Unrestricted Upload of File with Dangerous Type vulnerability that could enable arbitrary code execution . A high-privilege attacker can upload a malicious file and hav...

7.2CVSS7.4AI score0.01386EPSS
CVE
CVE
added 2024/06/13 9:4 a.m.122 views

CVE-2024-34105

CVE-2024-34105 concerns Adobe Commerce/Magento Open Source versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier. The issue is a stored Cross-Site Scripting (XSS) in order form fields that an admin attacker can abuse to inject malicious scripts, which may execute in a victim’s browser when loa...

4.8CVSS4.6AI score0.0067EPSS
CVE
CVE
added 2024/08/14 11:57 a.m.122 views

CVE-2024-39407

CVE-2024-39407 affects Adobe Commerce (Magento) versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. The issue is an Improper Authorization vulnerability that can bypass security features, allowing a low-privileged attacker to modify minor information without user interaction. The availab...

4.3CVSS4.5AI score0.00429EPSS
CVE
CVE
added 2024/10/10 9:57 a.m.121 views

CVE-2024-45119

CVE-2024-45119 affects Adobe Commerce (Magento) versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier, exposing a server-side request forgery (SSRF) that can lead to arbitrary file system reads. An admin-privileged, authenticated attacker can induce the application to make arbitrary HTTP r...

4.9CVSS5AI score0.00761EPSS
CVE
CVE
added 2023/06/15 12:0 a.m.120 views

CVE-2023-29295

Adobe Commerce CVE-2023-29295 describes an Incorrect Authorization vulnerability affecting 2.4.6 and earlier (including 2.4.5-p2, 2.4.4-p3) that could let a low-privilege attacker bypass a security feature without user interaction. The issue stems from an authorization flaw in the Create Quote fl...

4.3CVSS4.4AI score0.00585EPSS
CVE
CVE
added 2024/10/10 9:57 a.m.120 views

CVE-2024-45116

CVE-2024-45116 is an XSS flaw in Adobe Commerce (Magento Open Source) affecting versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. An attacker can lure an admin or user to click a crafted link or submit a form, causing arbitrary script execution in the victim’s browser with high impact...

8.1CVSS7.2AI score0.00916EPSS
CVE
CVE
added 2023/06/15 12:0 a.m.117 views

CVE-2023-29292

CVE-2023-29292 affects Adobe Commerce (Magento) variants, including 2.4.6 and earlier, 2.4.5-p2 and earlier, and 2.4.4-p3 and earlier. The issue is a Server-Side Request Forgery (SSRF) that lets an admin-privileged, authenticated attacker force the application to make arbitrary URL requests, pote...

4.9CVSS5.5AI score0.00861EPSS
CVE
CVE
added 2023/10/13 6:15 a.m.117 views

CVE-2023-38249

CVE-2023-38249 affects Adobe Commerce/Magento core components prior to versions listed (e.g., 2.4.7-beta1 and earlier; 2.4.6-p2 and earlier; 2.4.5-p4 and earlier; 2.4.4-p5 and earlier) with an SQL Injection vulnerability due to improper neutralization of special elements in an SQL command. The is...

8CVSS7.6AI score0.00829EPSS
CVE
CVE
added 2024/10/10 9:58 a.m.114 views

CVE-2024-45127

CVE-2024-45127 is cited for Adobe Commerce (Magento) in multiple documents as a stored Cross-Site Scripting (XSS) vulnerability. Affected versions include 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. The vulnerability allows an admin attacker to inject malicious scripts into vulnerable fo...

4.8CVSS4.6AI score0.00438EPSS
CVE
CVE
added 2024/10/10 9:58 a.m.113 views

CVE-2024-45117

CVE-2024-45117 affects Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. The vulnerability is an Improper Input Validation that could allow an admin attacker to read files outside of permitted directories via the PHP filter chain, with a low-availability impact on the s...

7.6CVSS7.4AI score0.00852EPSS
CVE
CVE
added 2025/06/10 4:8 p.m.113 views

CVE-2025-47110

CVE-2025-47110 is a stored XSS vulnerability in Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier. The issue allows a high-privileged attacker to inject malicious scripts into vulnerable form fields, with JavaScript execution in users’ browsers when visiting the...

8.4CVSS8.2AI score0.007EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.112 views

CVE-2025-24438

Summary (validated from connected documents): CVE-2025-24438 affects Adobe Commerce and Magento variants, specifically Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. It is a stored Cross-Site Scripting (XSS) vulnerability that could allow a low-privileg...

8.7CVSS7.5AI score0.00736EPSS
CVE
CVE
added 2023/10/13 6:15 a.m.111 views

CVE-2023-38220

Adobe Commerce / Magento Open Source versions 2.4.7-beta1 and earlier (including 2.4.6-p2, 2.4.5-p4, 2.4.4-p5 and earlier) are affected by an Improper Authorization vulnerability that can bypass security features to access unauthorized data, with exploitation not requiring user interaction. Conne...

7.5CVSS7.4AI score0.00688EPSS
CVE
CVE
added 2024/08/14 11:57 a.m.111 views

CVE-2024-39400

Adobe Commerce (Magento) DOM-based XSS (CVE-2024-39400) affects versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. The root cause is a DOM-based XSS lack of proper filtering/escaping of user-supplied data, allowing an admin attacker to inject and execute arbitrary JavaScript in the cont...

8.1CVSS7.1AI score0.00639EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.111 views

CVE-2025-24410

Adobe Commerce (Magento) stores XSS in forms across versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. The underlying issue allows low-privilege attackers to inject malicious scripts, potentially leading to session takeover and compromising confidentiality and integrity. ...

8.7CVSS7.5AI score0.00656EPSS
CVE
CVE
added 2025/06/10 4:8 p.m.111 views

CVE-2025-43585

Adobe Commerce (Magento) CVE-2025-43585 affects multiple 2.x releases (2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier). The issue is an Improper Authorization vulnerability that can bypass security features, granting unauthorized access with a limited confidentiality impact but high...

8.2CVSS8.2AI score0.00429EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.109 views

CVE-2025-24437

CVE-2025-24437 affects Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier. Description: Incorrect Authorization could allow a low-privileged attacker to view or modify select information without user interaction, constituting a security feature bypass. CVSSv...

5.4CVSS6.8AI score0.00415EPSS
CVE
CVE
added 2023/10/13 6:15 a.m.108 views

CVE-2023-26367

CVE-2023-26367 affects Adobe Commerce/Magento (Magento Open Source) and Magento Commerce. The issue is an Improper Input Validation in the product bulk import logic that can allow an authenticated admin user to read arbitrary files from the file system. The vulnerability arises from error-based f...

4.9CVSS4.9AI score0.00675EPSS
CVE
CVE
added 2024/08/14 11:57 a.m.104 views

CVE-2024-39418

Adobe Commerce/CMS: CVE-2024-39418 is an Improper Authorization flaw (CWE-285) affecting 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. The issue allows a low-privileged attacker to bypass security and view/edit low-sensitivity data without user interaction. The Nessus adapter references APS...

5.4CVSS5.4AI score0.00385EPSS
CVE
CVE
added 2023/06/15 12:0 a.m.103 views

CVE-2023-29289

Adobe Commerce and Magento are affected by CVE-2023-29289 (XML Injection) in versions 2.4.6 and earlier, 2.4.5-p2 and earlier, and 2.4.4-p3 and earlier. The issue enables a low-privilege attacker to trigger a crafted script that bypasses a security feature, with exploitation not requiring user in...

6.5CVSS6.4AI score0.00793EPSS
CVE
CVE
added 2024/10/10 9:58 a.m.102 views

CVE-2024-45124

CVE-2024-45124 affects Adobe Commerce (2.4.x: 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier) with an Improper Access Control vulnerability that could bypass security features and impact integrity at a low level. Exploitation does not require user interaction. The Connected documents corrobo...

5.3CVSS5.1AI score0.00589EPSS
CVE
CVE
added 2023/10/13 6:15 a.m.101 views

CVE-2023-38221

CVE-2023-38221 concerns Adobe Commerce/Magento with an SQL Injection in versions up to 2.4.7-beta1 and earlier. The root cause is improper neutralization of special elements in an SQL command. The impact is potential arbitrary code execution by an attacker with admin privileges (no user interacti...

8CVSS7.6AI score0.00829EPSS
CVE
CVE
added 2024/10/10 9:57 a.m.101 views

CVE-2024-45130

Summary: CVE-2024-45130 affects Adobe Commerce/Magento Open Source and Adobe Commerce B2B products in multiple documents, with an Improper Access Control vulnerability that can enable a security feature bypass. The affected versions include Adobe Commerce 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 a...

4.3CVSS4.8AI score0.00521EPSS
CVE
CVE
added 2023/10/13 6:15 a.m.100 views

CVE-2023-38250

CVE-2023-38250 affects Adobe Commerce (Magento) platforms: versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier, 2.4.4-p5 and earlier are vulnerable to SQL Injection that enables arbitrary code execution when exploited by an admin-privileged authenticated attacker. The iss...

8CVSS7.2AI score0.00829EPSS
CVE
CVE
added 2024/08/14 11:57 a.m.100 views

CVE-2024-39414

CVE-2024-39414 affects Adobe Commerce/Magento Open Source versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. Root cause: Improper Authorization that allows a low-privileged attacker to bypass security controls and disclose minor information without user interaction. Exploitation is netw...

4.3CVSS4.5AI score0.00442EPSS
CVE
CVE
added 2024/10/10 9:58 a.m.99 views

CVE-2024-45121

CVE-2024-45121 affects Adobe Commerce (Magento) versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. It is an Improper Access Control (CWE-284) vulnerability that could allow a low-privileged attacker to bypass security measures, with a low impact on integrity and no required user intera...

4.3CVSS4.8AI score0.00521EPSS
CVE
CVE
added 2024/08/14 11:57 a.m.98 views

CVE-2024-39419

Adobe Commerce (Magento) is affected by CVE-2024-39419: an Improper Authorization vulnerability that allows a low-privileged attacker to bypass security measures and modify minor information without user interaction. Affected versions include 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. Th...

4.3CVSS4.5AI score0.00429EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.96 views

CVE-2025-24412

CVE-2025-24412 affects Adobe Commerce and Magento Open Source, with stored XSS in vulnerable form fields across multiple 2.4.x releases (e.g., 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier). The underlying issue is a stored XSS that an attacker with low privileges can abuse to...

8.7CVSS7.5AI score0.00656EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.96 views

CVE-2025-24414

CVE-2025-24414 affects Adobe Commerce prior to some 2.4.x releases (2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier). It is a stored Cross-Site Scripting (XSS) vulnerability that a low-privileged attacker can exploit via vulnerable form fields to inject JavaScript, potentially e...

8.7CVSS7.5AI score0.00656EPSS
CVE
CVE
added 2023/10/13 6:15 a.m.95 views

CVE-2023-38219

CVE-2023-38219 describes a stored XSS in Adobe Commerce/Magento Open Source prior to versions affected in the description. The root cause is insufficient filtering/escaping of user-supplied data, with the payload stored in an admin area and executed in a victim’s browser when visiting vulnerable ...

8.7CVSS7.4AI score0.00623EPSS
CVE
CVE
added 2024/04/10 11:49 a.m.95 views

CVE-2024-20759

CVE-2024-20759 affects Adobe Commerce (Magento) Open/Commerce platforms: versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier. The issue is a stored Cross‑Site Scripting (XSS) vulnerability in vulnerable form fields that could be exploited by a high‑privileged attacker to inject malicio...

8.1CVSS6.8AI score0.01028EPSS
CVE
CVE
added 2024/06/13 9:5 a.m.93 views

CVE-2024-34103

CVE-2024-34103 affects Adobe Commerce/Magento Open Source: versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier; described as Improper Authentication leading to privilege escalation. Exploitation requires no user interaction but has high attack complexity. Connected sources reference an accou...

8.1CVSS8.2AI score0.00781EPSS
CVE
CVE
added 2023/06/15 12:0 a.m.92 views

CVE-2023-22248

CVE-2023-22248 affects Adobe Commerce 2.4.x (2.4.6 and earlier, 2.4.5-p2, 2.4.4-p3 and earlier). It is an Incorrect Authorization vulnerability that could bypass a security feature and leak another user’s data. Exploitation does not require user interaction. Documents note that Adobe has released...

7.5CVSS7.3AI score0.00918EPSS
CVE
CVE
added 2023/10/13 6:15 a.m.92 views

CVE-2023-38251

Adobe Commerce is affected by an Uncontrolled Resource Consumption vulnerability (CVE-2023-38251) that can cause a minor denial-of-service without user interaction. Affected: Adobe Commerce versions up to 2.4.7-beta1, 2.4.6-p2, 2.4.5-p4, and 2.4.4-p5 (and earlier). The root cause is Uncontrolled ...

5.3CVSS5.1AI score0.00671EPSS
Total number of security vulnerabilities161