Lucene search

K
AdobeMagento

148 matches found

CVE
CVE
added 2025/02/11 6:15 p.m.66 views

CVE-2025-24429

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass allowing read only access. A low-privileged attacker could leverage this vulnerability to bypass security...

3.5CVSS4.9AI score0.00051EPSS
CVE
CVE
added 2025/02/11 6:15 p.m.66 views

CVE-2025-24436

Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to view select information. Exploitation of t...

4.3CVSS6.2AI score0.00047EPSS
CVE
CVE
added 2023/06/15 7:15 p.m.65 views

CVE-2023-29295

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploi...

4.3CVSS4.4AI score0.00103EPSS
CVE
CVE
added 2024/06/13 9:15 a.m.65 views

CVE-2024-34110

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. A high-privilege attacker could exploit this vulnerability by uploading a malicious file to the sys...

7.2CVSS7.4AI score0.02808EPSS
CVE
CVE
added 2025/02/11 6:15 p.m.65 views

CVE-2025-24415

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed...

8.7CVSS7.5AI score0.00067EPSS
CVE
CVE
added 2025/02/11 6:15 p.m.65 views

CVE-2025-24427

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unautho...

6.5CVSS7.1AI score0.0006EPSS
CVE
CVE
added 2025/04/08 9:15 p.m.65 views

CVE-2025-27188

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploi...

4.3CVSS7.2AI score0.00054EPSS
CVE
CVE
added 2023/06/15 7:15 p.m.64 views

CVE-2023-29291

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requ...

4.9CVSS5.1AI score0.00413EPSS
CVE
CVE
added 2024/08/14 12:15 p.m.64 views

CVE-2024-39407

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Ex...

4.3CVSS4.5AI score0.00106EPSS
CVE
CVE
added 2025/02/11 6:15 p.m.64 views

CVE-2025-24432

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this race condition to alter a condition after it has...

3.7CVSS4.5AI score0.00085EPSS
CVE
CVE
added 2020/06/26 9:15 p.m.63 views

CVE-2020-9630

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a business logic error vulnerability. Successful exploitation could lead to privilege escalation.

9.8CVSS9.2AI score0.01143EPSS
CVE
CVE
added 2020/07/29 1:15 p.m.63 views

CVE-2020-9690

Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.

4.2CVSS5.4AI score0.0047EPSS
CVE
CVE
added 2023/06/15 7:15 p.m.63 views

CVE-2023-29288

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacker could leverage this vulnerability to modify a minor functionality of another ...

4.3CVSS4.3AI score0.00183EPSS
CVE
CVE
added 2020/06/26 9:15 p.m.62 views

CVE-2020-9584

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

5.4CVSS5AI score0.00232EPSS
CVE
CVE
added 2025/02/11 6:15 p.m.62 views

CVE-2025-24437

Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to view or modify select information. Exploit...

5.4CVSS6.8AI score0.00047EPSS
CVE
CVE
added 2020/06/26 9:15 p.m.61 views

CVE-2020-9579

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

9.8CVSS9.5AI score0.0622EPSS
CVE
CVE
added 2020/06/26 9:15 p.m.61 views

CVE-2020-9585

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to arbitrary code execution.

9.8CVSS9.5AI score0.0622EPSS
CVE
CVE
added 2020/06/26 9:15 p.m.61 views

CVE-2020-9587

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability. Successful exploitation could lead to potentially unauthorized product discounts.

7.5CVSS7.3AI score0.00551EPSS
CVE
CVE
added 2020/06/26 9:15 p.m.61 views

CVE-2020-9631

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

10CVSS9.5AI score0.05808EPSS
CVE
CVE
added 2024/06/13 9:15 a.m.61 views

CVE-2024-34107

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and view minor unauthorised information. Exploit...

9.8CVSS7.2AI score0.00326EPSS
CVE
CVE
added 2025/02/11 6:15 p.m.61 views

CVE-2025-24438

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed...

8.7CVSS7.5AI score0.00067EPSS
CVE
CVE
added 2025/02/11 6:15 p.m.60 views

CVE-2025-24410

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed...

8.7CVSS7.5AI score0.00067EPSS
CVE
CVE
added 2025/02/11 6:15 p.m.60 views

CVE-2025-24428

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed...

5.4CVSS5.3AI score0.00048EPSS
CVE
CVE
added 2025/02/11 6:15 p.m.59 views

CVE-2025-24416

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed...

8.7CVSS7.5AI score0.00067EPSS
CVE
CVE
added 2025/02/11 6:15 p.m.58 views

CVE-2025-24425

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Business Logic Error vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to circumvent intended security mechanisms by manipulating the ...

5.3CVSS5.6AI score0.00225EPSS
CVE
CVE
added 2020/06/26 9:15 p.m.57 views

CVE-2020-9577

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure .

6.1CVSS5.8AI score0.00434EPSS
CVE
CVE
added 2023/06/15 7:15 p.m.57 views

CVE-2023-29292

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requ...

4.9CVSS5.5AI score0.00321EPSS
CVE
CVE
added 2024/06/13 9:15 a.m.57 views

CVE-2024-34108

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but admin privileges are...

9.1CVSS8.6AI score0.02086EPSS
CVE
CVE
added 2024/08/14 12:15 p.m.57 views

CVE-2024-39402

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue require...

8.4CVSS8.7AI score0.01485EPSS
CVE
CVE
added 2024/10/10 10:15 a.m.57 views

CVE-2024-45116

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code. If an admin attacker can trick a user into clicking a specially crafted link or submitting a form, malicious scri...

8.1CVSS7.2AI score0.06349EPSS
CVE
CVE
added 2024/10/10 10:15 a.m.57 views

CVE-2024-45119

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injectio...

4.9CVSS5AI score0.0021EPSS
CVE
CVE
added 2024/10/10 10:15 a.m.57 views

CVE-2024-45123

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context...

6.1CVSS5.8AI score0.0042EPSS
CVE
CVE
added 2020/06/26 9:15 p.m.56 views

CVE-2020-9578

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

9.8CVSS9.7AI score0.0323EPSS
CVE
CVE
added 2024/08/14 12:15 p.m.56 views

CVE-2024-39401

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue require...

8.4CVSS8.7AI score0.01485EPSS
CVE
CVE
added 2024/10/10 10:15 a.m.56 views

CVE-2024-45127

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser...

4.8CVSS4.6AI score0.00381EPSS
CVE
CVE
added 2025/02/11 6:15 p.m.56 views

CVE-2025-24413

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed...

8.7CVSS7.5AI score0.00067EPSS
CVE
CVE
added 2020/07/22 8:15 p.m.55 views

CVE-2020-9664

Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a php object injection vulnerability. Successful exploitation could lead to arbitrary code execution.

9.8CVSS9.7AI score0.12559EPSS
CVE
CVE
added 2024/10/10 10:15 a.m.55 views

CVE-2024-45148

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to gain unauthorized access without proper credentials. Ex...

8.8CVSS8.8AI score0.0036EPSS
CVE
CVE
added 2025/06/10 4:15 p.m.55 views

CVE-2025-43585

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access leading...

8.2CVSS8.2AI score0.00089EPSS
CVE
CVE
added 2020/07/29 1:15 p.m.54 views

CVE-2020-9691

Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a dom-based cross-site scripting vulnerability. Successful exploitation could lead to arbitrary code execution.

9.6CVSS8.8AI score0.00631EPSS
CVE
CVE
added 2023/06/15 7:15 p.m.54 views

CVE-2023-29287

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Information Exposure vulnerability that could lead to a security feature bypass. An attacker could leverage this vulnerability to leak minor user data. Exploitation of this issue does n...

5.3CVSS5.3AI score0.00263EPSS
CVE
CVE
added 2023/06/15 7:15 p.m.54 views

CVE-2023-29296

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to modify a minor functionality of anot...

4.3CVSS4.4AI score0.00103EPSS
CVE
CVE
added 2024/08/14 12:15 p.m.54 views

CVE-2024-39405

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Ex...

4.3CVSS4.5AI score0.00102EPSS
CVE
CVE
added 2024/08/14 12:15 p.m.54 views

CVE-2024-39415

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. ...

4.3CVSS4.5AI score0.00097EPSS
CVE
CVE
added 2024/10/10 10:15 a.m.54 views

CVE-2024-45117

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to read files from the system outside of the intended directories ...

7.6CVSS7.4AI score0.00639EPSS
CVE
CVE
added 2021/01/13 11:15 p.m.53 views

CVE-2021-21013

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module. Successful exploitation could lead to sensitive information disclosure and update arbitrary information on another user's...

8.1CVSS7.5AI score0.00875EPSS
CVE
CVE
added 2024/10/10 10:15 a.m.53 views

CVE-2024-45120

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to a security feature bypass. An attacker could exploit this vulnerability to alter a condition between the check and the use...

3.1CVSS4.5AI score0.00201EPSS
CVE
CVE
added 2024/11/12 5:15 p.m.53 views

CVE-2024-49521

Adobe Commerce versions 3.2.5 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to a security feature bypass. A low privileged attacker could exploit this vulnerability to send crafted requests from the vulnerable server to internal systems, which could ...

7.7CVSS7.4AI score0.00198EPSS
CVE
CVE
added 2025/02/11 6:15 p.m.53 views

CVE-2025-24435

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized...

4.3CVSS5.1AI score0.00071EPSS
CVE
CVE
added 2024/06/13 9:15 a.m.52 views

CVE-2024-34106

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to gain unauthorized access or perform actions with the privileges of another...

5.3CVSS5.3AI score0.00272EPSS
Total number of security vulnerabilities148