Lucene search

K
AdobeMagento

121 matches found

CVE
CVE
added 2025/02/11 6:15 p.m.61 views

CVE-2025-24438

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed...

8.7CVSS7.5AI score0.00116EPSS
CVE
CVE
added 2023/06/15 7:15 p.m.60 views

CVE-2023-29292

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requ...

4.9CVSS5.5AI score0.00321EPSS
CVE
CVE
added 2024/10/10 10:15 a.m.60 views

CVE-2024-45116

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code. If an admin attacker can trick a user into clicking a specially crafted link or submitting a form, malicious scri...

8.1CVSS7.2AI score0.06349EPSS
CVE
CVE
added 2025/02/11 6:15 p.m.60 views

CVE-2025-24410

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed...

8.7CVSS7.5AI score0.00116EPSS
CVE
CVE
added 2025/02/11 6:15 p.m.60 views

CVE-2025-24428

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed...

5.4CVSS5.3AI score0.00078EPSS
CVE
CVE
added 2024/10/10 10:15 a.m.59 views

CVE-2024-45127

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser...

4.8CVSS4.6AI score0.00381EPSS
CVE
CVE
added 2025/02/11 6:15 p.m.59 views

CVE-2025-24416

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed...

8.7CVSS7.5AI score0.00116EPSS
CVE
CVE
added 2024/10/10 10:15 a.m.58 views

CVE-2024-45123

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context...

6.1CVSS5.8AI score0.0042EPSS
CVE
CVE
added 2025/02/11 6:15 p.m.58 views

CVE-2025-24425

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Business Logic Error vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to circumvent intended security mechanisms by manipulating the ...

5.3CVSS5.6AI score0.0027EPSS
CVE
CVE
added 2024/06/13 9:15 a.m.57 views

CVE-2024-34108

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but admin privileges are...

9.1CVSS8.6AI score0.02086EPSS
CVE
CVE
added 2024/08/14 12:15 p.m.57 views

CVE-2024-39401

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue require...

8.4CVSS8.7AI score0.00606EPSS
CVE
CVE
added 2024/08/14 12:15 p.m.57 views

CVE-2024-39402

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue require...

8.4CVSS8.7AI score0.00606EPSS
CVE
CVE
added 2024/10/10 10:15 a.m.57 views

CVE-2024-45117

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to read files from the system outside of the intended directories ...

7.6CVSS7.4AI score0.00639EPSS
CVE
CVE
added 2025/02/11 6:15 p.m.57 views

CVE-2025-24413

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed...

8.7CVSS7.5AI score0.00116EPSS
CVE
CVE
added 2025/06/10 4:15 p.m.56 views

CVE-2025-43585

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access leading...

8.2CVSS8.2AI score0.00089EPSS
CVE
CVE
added 2023/06/15 7:15 p.m.55 views

CVE-2023-29296

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to modify a minor functionality of anot...

4.3CVSS4.4AI score0.00103EPSS
CVE
CVE
added 2024/10/10 10:15 a.m.55 views

CVE-2024-45148

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to gain unauthorized access without proper credentials. Ex...

8.8CVSS8.8AI score0.0036EPSS
CVE
CVE
added 2023/06/15 7:15 p.m.54 views

CVE-2023-29287

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Information Exposure vulnerability that could lead to a security feature bypass. An attacker could leverage this vulnerability to leak minor user data. Exploitation of this issue does n...

5.3CVSS5.3AI score0.00263EPSS
CVE
CVE
added 2024/08/14 12:15 p.m.54 views

CVE-2024-39405

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Ex...

4.3CVSS4.5AI score0.00165EPSS
CVE
CVE
added 2024/08/14 12:15 p.m.54 views

CVE-2024-39415

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. ...

4.3CVSS4.5AI score0.00122EPSS
CVE
CVE
added 2025/02/11 6:15 p.m.54 views

CVE-2025-24435

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized...

4.3CVSS5.1AI score0.00085EPSS
CVE
CVE
added 2025/06/10 4:15 p.m.54 views

CVE-2025-47110

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in ...

8.4CVSS8.2AI score0.00128EPSS
CVE
CVE
added 2021/01/13 11:15 p.m.53 views

CVE-2021-21013

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module. Successful exploitation could lead to sensitive information disclosure and update arbitrary information on another user's...

8.1CVSS7.5AI score0.00875EPSS
CVE
CVE
added 2024/10/10 10:15 a.m.53 views

CVE-2024-45120

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to a security feature bypass. An attacker could exploit this vulnerability to alter a condition between the check and the use...

3.1CVSS4.5AI score0.00201EPSS
CVE
CVE
added 2024/11/12 5:15 p.m.53 views

CVE-2024-49521

Adobe Commerce versions 3.2.5 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to a security feature bypass. A low privileged attacker could exploit this vulnerability to send crafted requests from the vulnerable server to internal systems, which could ...

7.7CVSS7.4AI score0.0024EPSS
CVE
CVE
added 2025/04/08 9:15 p.m.53 views

CVE-2025-27192

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to gain unauthorized access to pr...

2.7CVSS6.9AI score0.00082EPSS
CVE
CVE
added 2023/06/15 7:15 p.m.52 views

CVE-2023-29294

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Business Logic Errors vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitat...

4.3CVSS4.4AI score0.00169EPSS
CVE
CVE
added 2024/06/13 9:15 a.m.52 views

CVE-2024-34106

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to gain unauthorized access or perform actions with the privileges of another...

5.3CVSS5.3AI score0.00272EPSS
CVE
CVE
added 2024/08/14 12:15 p.m.52 views

CVE-2024-39400

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an admin attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session. Exploit...

8.1CVSS7.1AI score0.00358EPSS
CVE
CVE
added 2024/10/10 10:15 a.m.52 views

CVE-2024-45131

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confid...

5.4CVSS5.3AI score0.00111EPSS
CVE
CVE
added 2024/08/14 12:15 p.m.51 views

CVE-2024-39403

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s ...

7.6CVSS6.5AI score0.00657EPSS
CVE
CVE
added 2024/08/14 12:15 p.m.51 views

CVE-2024-39410

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changes on behalf of a user. The vulnerability could be exploited by tric...

4.3CVSS5.2AI score0.00279EPSS
CVE
CVE
added 2024/08/14 12:15 p.m.51 views

CVE-2024-39413

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. ...

4.3CVSS4.5AI score0.00122EPSS
CVE
CVE
added 2024/08/14 12:15 p.m.51 views

CVE-2024-39417

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. ...

4.3CVSS4.5AI score0.00122EPSS
CVE
CVE
added 2025/04/08 9:15 p.m.51 views

CVE-2025-27190

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. ...

5.3CVSS7.1AI score0.00117EPSS
CVE
CVE
added 2024/08/14 12:15 p.m.50 views

CVE-2024-39398

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to perform brute force attacks and poten...

7.4CVSS7.5AI score0.00095EPSS
CVE
CVE
added 2024/08/14 12:15 p.m.50 views

CVE-2024-39408

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changeson behalf of a user. The vulnerability could be exploited by trick...

4.3CVSS5.8AI score0.00213EPSS
CVE
CVE
added 2024/08/14 12:15 p.m.50 views

CVE-2024-39411

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. ...

4.3CVSS4.5AI score0.0016EPSS
CVE
CVE
added 2024/08/14 12:15 p.m.50 views

CVE-2024-39418

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures to view and edit low-sensitivity...

5.4CVSS5.4AI score0.00171EPSS
CVE
CVE
added 2024/10/10 10:15 a.m.50 views

CVE-2024-45128

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integr...

5.4CVSS5.3AI score0.0016EPSS
CVE
CVE
added 2024/08/14 12:15 p.m.49 views

CVE-2024-39414

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. ...

4.3CVSS4.5AI score0.00127EPSS
CVE
CVE
added 2024/10/10 10:15 a.m.49 views

CVE-2024-45115

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exp...

9.8CVSS9.7AI score0.00342EPSS
CVE
CVE
added 2024/08/14 12:15 p.m.48 views

CVE-2024-39412

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and perform a minor integrity ch...

4.3CVSS5AI score0.00145EPSS
CVE
CVE
added 2024/08/14 12:15 p.m.48 views

CVE-2024-39416

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. ...

4.3CVSS4.5AI score0.00127EPSS
CVE
CVE
added 2024/08/14 12:15 p.m.47 views

CVE-2024-39404

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Ex...

4.3CVSS4.5AI score0.00132EPSS
CVE
CVE
added 2024/10/10 10:15 a.m.47 views

CVE-2024-45124

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploita...

5.3CVSS5.1AI score0.00192EPSS
CVE
CVE
added 2024/10/10 10:15 a.m.47 views

CVE-2024-45133

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further atta...

2.7CVSS3.3AI score0.00148EPSS
CVE
CVE
added 2024/08/14 12:15 p.m.46 views

CVE-2024-39409

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changes on behalf of a user. The vulnerability could be exploited by tric...

4.3CVSS5.8AI score0.00213EPSS
CVE
CVE
added 2024/08/14 12:15 p.m.45 views

CVE-2024-39419

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Ex...

4.3CVSS4.5AI score0.00126EPSS
CVE
CVE
added 2024/10/10 10:15 a.m.44 views

CVE-2024-45121

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integ...

4.3CVSS4.8AI score0.00128EPSS
Total number of security vulnerabilities121