Lucene search

K
AdobeMagento

148 matches found

CVE
CVE
added 2024/10/10 10:15 a.m.52 views

CVE-2024-45131

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confid...

5.4CVSS5.3AI score0.00111EPSS
CVE
CVE
added 2025/04/08 9:15 p.m.52 views

CVE-2025-27192

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to gain unauthorized access to pr...

2.7CVSS6.9AI score0.00063EPSS
CVE
CVE
added 2023/06/15 7:15 p.m.51 views

CVE-2023-29294

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Business Logic Errors vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitat...

4.3CVSS4.4AI score0.00169EPSS
CVE
CVE
added 2024/08/14 12:15 p.m.51 views

CVE-2024-39403

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s ...

7.6CVSS6.5AI score0.00254EPSS
CVE
CVE
added 2024/08/14 12:15 p.m.51 views

CVE-2024-39410

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changes on behalf of a user. The vulnerability could be exploited by tric...

4.3CVSS5.2AI score0.00129EPSS
CVE
CVE
added 2024/08/14 12:15 p.m.51 views

CVE-2024-39413

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. ...

4.3CVSS4.5AI score0.00097EPSS
CVE
CVE
added 2024/08/14 12:15 p.m.51 views

CVE-2024-39417

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. ...

4.3CVSS4.5AI score0.00097EPSS
CVE
CVE
added 2025/04/08 9:15 p.m.51 views

CVE-2025-27190

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. ...

5.3CVSS7.1AI score0.0009EPSS
CVE
CVE
added 2025/06/10 4:15 p.m.51 views

CVE-2025-47110

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in ...

8.4CVSS8.2AI score0.00128EPSS
Web
CVE
CVE
added 2020/06/26 9:15 p.m.50 views

CVE-2020-9580

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

9.8CVSS9.5AI score0.0622EPSS
CVE
CVE
added 2024/08/14 12:15 p.m.50 views

CVE-2024-39398

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to perform brute force attacks and poten...

7.4CVSS7.5AI score0.00265EPSS
CVE
CVE
added 2024/08/14 12:15 p.m.50 views

CVE-2024-39408

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changeson behalf of a user. The vulnerability could be exploited by trick...

4.3CVSS5.8AI score0.00129EPSS
CVE
CVE
added 2024/08/14 12:15 p.m.50 views

CVE-2024-39411

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. ...

4.3CVSS4.5AI score0.00097EPSS
CVE
CVE
added 2024/08/14 12:15 p.m.50 views

CVE-2024-39418

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures to view and edit low-sensitivity...

5.4CVSS5.4AI score0.00097EPSS
CVE
CVE
added 2024/10/10 10:15 a.m.50 views

CVE-2024-45128

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integr...

5.4CVSS5.3AI score0.0016EPSS
CVE
CVE
added 2020/07/29 1:15 p.m.49 views

CVE-2020-9692

Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

8.5CVSS6.9AI score0.00168EPSS
CVE
CVE
added 2024/08/14 12:15 p.m.49 views

CVE-2024-39400

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an admin attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session. Exploit...

8.1CVSS7.1AI score0.00587EPSS
CVE
CVE
added 2024/08/14 12:15 p.m.49 views

CVE-2024-39414

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. ...

4.3CVSS4.5AI score0.00101EPSS
CVE
CVE
added 2024/08/14 12:15 p.m.48 views

CVE-2024-39412

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and perform a minor integrity ch...

4.3CVSS5AI score0.00102EPSS
CVE
CVE
added 2024/08/14 12:15 p.m.47 views

CVE-2024-39404

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Ex...

4.3CVSS4.5AI score0.00106EPSS
CVE
CVE
added 2024/08/14 12:15 p.m.47 views

CVE-2024-39416

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. ...

4.3CVSS4.5AI score0.00101EPSS
CVE
CVE
added 2024/08/14 12:15 p.m.46 views

CVE-2024-39409

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changes on behalf of a user. The vulnerability could be exploited by tric...

4.3CVSS5.8AI score0.00129EPSS
CVE
CVE
added 2024/10/10 10:15 a.m.46 views

CVE-2024-45133

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further atta...

2.7CVSS3.3AI score0.00148EPSS
CVE
CVE
added 2024/08/14 12:15 p.m.45 views

CVE-2024-39419

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Ex...

4.3CVSS4.5AI score0.00102EPSS
CVE
CVE
added 2024/10/10 10:15 a.m.45 views

CVE-2024-45115

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exp...

9.8CVSS9.7AI score0.00342EPSS
CVE
CVE
added 2024/10/10 10:15 a.m.44 views

CVE-2024-45124

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploita...

5.3CVSS5.1AI score0.00192EPSS
CVE
CVE
added 2024/10/10 10:15 a.m.44 views

CVE-2024-45134

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further atta...

2.7CVSS3.9AI score0.00355EPSS
CVE
CVE
added 2025/04/08 9:15 p.m.44 views

CVE-2025-27191

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. ...

5.3CVSS7.1AI score0.0009EPSS
CVE
CVE
added 2024/10/10 10:15 a.m.43 views

CVE-2024-45125

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to have a low impact on integrity. Exploitation of this iss...

4.3CVSS4.4AI score0.00102EPSS
CVE
CVE
added 2025/06/10 4:15 p.m.42 views

CVE-2025-43586

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized elev...

8.1CVSS8.1AI score0.00078EPSS
CVE
CVE
added 2024/10/10 10:15 a.m.41 views

CVE-2024-45121

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integ...

4.3CVSS4.8AI score0.00128EPSS
CVE
CVE
added 2024/10/10 10:15 a.m.41 views

CVE-2024-45130

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integ...

4.3CVSS4.8AI score0.00123EPSS
CVE
CVE
added 2020/07/22 8:15 p.m.40 views

CVE-2020-9665

Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

6.1CVSS5.7AI score0.00575EPSS
CVE
CVE
added 2024/10/10 10:15 a.m.40 views

CVE-2024-45132

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect confidentiality. Exploita...

6.5CVSS6.7AI score0.00156EPSS
CVE
CVE
added 2024/10/10 10:15 a.m.40 views

CVE-2024-45149

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on conf...

2.7CVSS3.7AI score0.00149EPSS
CVE
CVE
added 2024/10/10 10:15 a.m.39 views

CVE-2024-45129

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity....

4.3CVSS4.9AI score0.00123EPSS
CVE
CVE
added 2024/10/10 10:15 a.m.38 views

CVE-2024-45118

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have high impact on integr...

6.5CVSS6.3AI score0.00128EPSS
CVE
CVE
added 2024/10/10 10:15 a.m.38 views

CVE-2024-45122

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confi...

4.3CVSS4.4AI score0.00122EPSS
CVE
CVE
added 2025/06/10 4:15 p.m.36 views

CVE-2025-27206

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited write access. Expl...

5.3CVSS5.3AI score0.00106EPSS
CVE
CVE
added 2024/10/10 10:15 a.m.34 views

CVE-2024-45135

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An admin attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Ex...

2.7CVSS4AI score0.00197EPSS
CVE
CVE
added 2025/08/12 6:15 p.m.13 views

CVE-2025-49554

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability by providing specially crafted input, causi...

7.5CVSS6.9AI score0.00261EPSS
CVE
CVE
added 2025/08/12 6:15 p.m.12 views

CVE-2025-49557

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form fields. A successful attacker...

8.7CVSS4.9AI score0.00041EPSS
CVE
CVE
added 2025/06/25 6:15 p.m.9 views

CVE-2025-49549

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain limited una...

2.7CVSS7.1AI score0.00077EPSS
CVE
CVE
added 2025/08/12 6:15 p.m.9 views

CVE-2025-49558

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability by manipulating the ti...

5.9CVSS7AI score0.00161EPSS
CVE
CVE
added 2025/06/25 6:15 p.m.8 views

CVE-2025-49550

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized acces...

4.3CVSS7.1AI score0.00086EPSS
CVE
CVE
added 2025/08/12 6:15 p.m.8 views

CVE-2025-49556

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthori...

7.5CVSS7.1AI score0.00132EPSS
CVE
CVE
added 2025/08/12 6:15 p.m.8 views

CVE-2025-49559

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a security feature bypass. An attacker could leverage this vulne...

5.3CVSS6.9AI score0.00168EPSS
CVE
CVE
added 2025/08/12 6:15 p.m.7 views

CVE-2025-49555

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in privilege escalation. A high-privileged attacker could trick a victim into executing unintended actions on a w...

8.1CVSS7AI score0.00048EPSS
Total number of security vulnerabilities148