Lucene search
K

64 matches found

CVE
CVE
added 2022/02/16 4:38 p.m.1372 views

CVE-2022-24086

CVE-2022-24086 affects Adobe Commerce and Magento Open Source via an improper input validation vulnerability during checkout, allowing arbitrary code execution without user interaction. Affected: Adobe Commerce 2.4.3-p1 and earlier, 2.3.7-p2 and earlier. Evidence from multiple advisories confirms...

10CVSS9.7AI score0.99199EPSS
In wild
CVE
CVE
added 2025/02/11 5:37 p.m.149 views

CVE-2025-24406

CVE-2025-24406 concerns Adobe Commerce; multiple historical releases (2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier) are affected by an improper pathname limitation vulnerability (Path Traversal). An unauthenticated attacker could bypass a security feature and modify files sto...

7.5CVSS6.1AI score0.01333EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.111 views

CVE-2025-24410

Adobe Commerce (Magento) stores XSS in forms across versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. The underlying issue allows low-privilege attackers to inject malicious scripts, potentially leading to session takeover and compromising confidentiality and integrity. ...

8.7CVSS7.5AI score0.00684EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.98 views

CVE-2025-24412

CVE-2025-24412 affects Adobe Commerce and Magento Open Source, with stored XSS in vulnerable form fields across multiple 2.4.x releases (e.g., 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier). The underlying issue is a stored XSS that an attacker with low privileges can abuse to...

8.7CVSS7.5AI score0.00684EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.96 views

CVE-2025-24414

CVE-2025-24414 affects Adobe Commerce prior to some 2.4.x releases (2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier). It is a stored Cross-Site Scripting (XSS) vulnerability that a low-privileged attacker can exploit via vulnerable form fields to inject JavaScript, potentially e...

8.7CVSS7.5AI score0.00684EPSS
CVE
CVE
added 2025/04/08 8:17 p.m.89 views

CVE-2025-27188

Adobe Commerce (Magento) is affected by CVE-2025-27188: an Improper Authorization vulnerability that could allow Privilege Escalation in versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier. Root cause is improper authorization; exploitation does not require user interaction...

4.3CVSS7.2AI score0.00549EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.88 views

CVE-2025-24417

Adobe Commerce CVE-2025-24417 affects multiple 2.4.x releases (2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier) with a stored XSS vulnerability that a low-privilege attacker can abuse to inject malicious scripts into vulnerable form fields. Malicious JavaScript may execute in vi...

8.7CVSS7.5AI score0.00684EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.87 views

CVE-2025-24409

CVE-2025-24409 affects Adobe Commerce: versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect/Improper Authorization vulnerability that can bypass security features and grant unauthorized access without user interaction. The impact is described as ...

8.2CVSS8.8AI score0.00654EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.87 views

CVE-2025-24411

CVE-2025-24411 affects Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier, with an Improper Access Control that could bypass security measures and compromise Confidentiality and Integrity. The attack path is credential-insufficient: a low-privileged attacker...

8.1CVSS8.4AI score0.00888EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.86 views

CVE-2025-24427

CVE-2025-24427 affects Adobe Commerce: vulnerable in 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. The issue is Improper Access Control allowing a low-privilege attacker to bypass security measures and gain unauthorized write access without user interaction. Connected sources...

6.5CVSS7.1AI score0.00609EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.85 views

CVE-2025-24430

CVE-2025-24430 affects Adobe Commerce (and Magento-related builds) up to versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. It describes a Time-of-check Time-of-use (TOCTOU) race condition in the security feature logic that could be exploited to bypass certain protections...

3.7CVSS4.5AI score0.00385EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.83 views

CVE-2025-24421

CVE-2025-24421 affects Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier, due to an Incorrect Authorization flaw that could allow a low-privilege attacker to read select data with no user interaction. The issue enables a security feature bypass. Adobe and r...

4.3CVSS5AI score0.00527EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.83 views

CVE-2025-24429

CVE-2025-24429 affects Adobe Commerce (versions including 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier) and is an Improper Access Control vulnerability that can bypass security features and grant read-only access to an attacker with low privileges. Exploitation, per the NVD e...

3.5CVSS4.9AI score0.00486EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.81 views

CVE-2025-24408

Adobe Commerce CVE-2025-24408 describes an Information Exposure vulnerability affecting multiple 2.x releases (2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier). The issue could allow a low-privileged, remote attacker to access sensitive information without user interaction, with...

6.5CVSS6.8AI score0.00977EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.80 views

CVE-2025-24415

Adobe Commerce and Magento Open Source are affected by a stored XSS vulnerability in vulnerable form fields across versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. A low-privileged attacker can inject malicious scripts, which may execute in a victim’s browser and could ...

8.7CVSS7.5AI score0.00684EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.78 views

CVE-2025-24413

CVE-2025-24413 is a stored XSS vulnerability in Adobe Commerce affecting versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. The flaw allows a low-privileged attacker to inject malicious scripts into vulnerable form fields, which execute in a victim’s browser when viewing ...

8.7CVSS7.5AI score0.00684EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.77 views

CVE-2025-24432

CVE-2025-24432 affects Adobe Commerce: TOCTOU race condition in multiple 2.4.x releases (2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier) that could bypass a security feature by altering a checked condition before use, potentially bypassing rate limiting. Exploitation is describ...

3.7CVSS4.5AI score0.00385EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.73 views

CVE-2025-24416

CVE-2025-24416 affects Adobe Commerce. The vulnerability is a stored XSS in vulnerable form fields that could allow a low-privilege attacker to execute malicious JavaScript in a victim’s browser, with potential session takeover and impact on confidentiality and integrity (CVE details list affecte...

8.7CVSS7.5AI score0.00684EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.73 views

CVE-2025-24428

CVE-2025-24428 concerns a stored Cross-Site Scripting (XSS) vulnerability in Adobe Commerce. Affected are Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. The flaw allows a low-privileged attacker to inject malicious scripts into vulnerable form fields, w...

5.4CVSS5.3AI score0.00396EPSS
CVE
CVE
added 2025/02/11 5:37 p.m.71 views

CVE-2025-24425

The CVE-2025-24425 entry concerns Adobe Commerce with a Business Logic Error that can bypass security features and allow limited data modification without user interaction. Affected versions include 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. The underlying issue is a logic...

5.3CVSS5.6AI score0.00611EPSS
CVE
CVE
added 2025/04/08 8:17 p.m.70 views

CVE-2025-27192

CVE-2025-27192 affects Adobe Commerce/Magento: versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier. Root cause: Insufficiently Protected Credentials that could allow an attacker with elevated privileges to obtain sensitive credential information and bypass security features...

2.7CVSS6.9AI score0.00461EPSS
CVE
CVE
added 2024/11/12 4:41 p.m.69 views

CVE-2024-49521

CVE-2024-49521 affects Adobe Commerce 3.2.5 and earlier . The vulnerability is a Server-Side Request Forgery (SSRF) that could enable a low-privileged attacker to issue crafted requests from the vulnerable server to internal systems, potentially bypassing security controls such as firewalls. Expl...

7.7CVSS7.4AI score0.00652EPSS
CVE
CVE
added 2025/08/12 5:55 p.m.60 views

CVE-2025-49556

Adobe Commerce/Magento Open Source versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Incorrect Authorization vulnerability (CVE-2025-49556) that could bypass security features and allow unauthorized read access. The issue is network-exploita...

7.5CVSS7.1AI score0.00573EPSS
CVE
CVE
added 2025/04/08 8:17 p.m.58 views

CVE-2025-27191

CVE-2025-27191 affects Adobe Commerce (Magento) versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier, due to an Improper Access Control vulnerability that could result in a security feature bypass and unauthorized access. Exploitation does not require user interaction. The v...

5.3CVSS7.1AI score0.00468EPSS
CVE
CVE
added 2025/08/12 5:55 p.m.41 views

CVE-2025-49557

CVE-2025-49557 refers to a stored Cross-site Scripting (XSS) vulnerability in Adobe Commerce/Magento Open Source versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier. The issue allows a low-privileged attacker to inject malicious scripts into vulnerable form fiel...

8.7CVSS4.9AI score0.00604EPSS
CVE
CVE
added 2026/05/12 7:50 p.m.35 views

CVE-2026-34654

The CVE concerns Adobe Commerce (Magento) versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier affected by a Dependency on Vulnerable Third-Party Component vulnerability causing a denial-of-service. Exploitation does not require user interaction and can be perform...

5.3CVSS5.8AI score0.0062EPSS
CVE
CVE
added 2025/08/12 5:55 p.m.34 views

CVE-2025-49554

CVE-2025-49554 — Adobe Commerce/Magento DoS via Improper Input Validation . Affected: Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier. Root cause: improper input validation could cause the application to crash or become unresponsive, enabling ...

7.5CVSS6.9AI score0.00541EPSS
CVE
CVE
added 2026/05/12 7:50 p.m.32 views

CVE-2026-34656

Adobe Commerce is affected by an Improper Authorization (CWE-285) vulnerability (CVE-2026-34656) impacting versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier. The issue could bypass security features and grant unauthorized write access. Exploitation requires use...

4.3CVSS5.8AI score0.00393EPSS
CVE
CVE
added 2026/05/12 7:50 p.m.31 views

CVE-2026-34650

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. Exploitation can be performed remotely over the network with no user interactio...

7.5CVSS5.8AI score0.15933EPSS
CVE
CVE
added 2026/03/11 2:19 a.m.30 views

CVE-2026-21282

CVE-2026-21282 affects Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier. The vulnerability is Improper Input Validation that could lead to a denial-of-service; exploitation does not require user interaction. Public connected sources confirm the...

5.3CVSS5.8AI score0.00524EPSS
CVE
CVE
added 2026/05/12 7:50 p.m.30 views

CVE-2026-34685

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A high-privileged attacker could bypass security measures and gain unauthorized write acc...

3.4CVSS5.8AI score0.00373EPSS
CVE
CVE
added 2025/06/25 5:41 p.m.28 views

CVE-2025-49550

Adobe Commerce (Magento) versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could bypass security features and allow limited unauthorized access. Exploitation requires user interaction. The issue is documented across...

4.3CVSS7.1AI score0.0031EPSS
CVE
CVE
added 2025/08/12 5:55 p.m.28 views

CVE-2025-49555

CVE-2025-49555 affects Adobe Commerce/Magento Open Source (versions 2.4.9-alpha1 through earlier) with a Cross-Site Request Forgery (CSRF) vulnerability that can lead to privilege escalation when a user is authenticated. Exploitation requires user interaction (victim visits malicious site or clic...

8.1CVSS7AI score0.0085EPSS
CVE
CVE
added 2026/05/12 7:50 p.m.27 views

CVE-2026-34647

Adobe Commerce is affected by an SSRF vulnerability (CVE-2026-34647) impacting versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier. The issue allows bypassing security features and could enable unauthorized read access. Exploitation requires user interaction, whe...

7.4CVSS5.8AI score0.00471EPSS
CVE
CVE
added 2025/08/12 5:55 p.m.26 views

CVE-2025-49558

Summary: CVE-2025-49558 affects Adobe Commerce/Magento Open Source (versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier) due to a Time-of-check Time-of-use (TOCTOU) race condition that could bypass a security feature and allow unauthorized write access. The issu...

5.9CVSS7AI score0.00387EPSS
CVE
CVE
added 2026/03/11 2:19 a.m.26 views

CVE-2026-21361

Adobe Commerce

8.1CVSS5.7AI score0.00445EPSS
CVE
CVE
added 2026/05/12 7:50 p.m.26 views

CVE-2026-34645

Adobe Commerce is affected by CVE-2026-34645 due to an Incorrect Authorization vulnerability that could bypass security features, allowing unauthorized write access. Affected versions include 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier. The issue is exploitable re...

7.5CVSS5.8AI score0.00561EPSS
CVE
CVE
added 2026/05/12 7:50 p.m.26 views

CVE-2026-34652

Adobe Commerce (Magento) versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in an application denial-of-service. The issue is caused by a vulnerable third-party comp...

7.5CVSS5.8AI score0.00508EPSS
CVE
CVE
added 2025/06/25 5:41 p.m.25 views

CVE-2025-49549

Adobe Commerce / Magento Open Source is affected by an Incorrect Authorization vulnerability (CVE-2025-49549) that could allow a high-privileged attacker to bypass security features and gain limited unauthorized access without user interaction. Affected versions include 2.4.8 and earlier (2.4.7-p...

2.7CVSS7.1AI score0.00329EPSS
CVE
CVE
added 2026/03/11 2:19 a.m.25 views

CVE-2026-21360

CVE-2026-21360 affects Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier, with an Improper Pathname/Path Traversal vulnerability that could bypass security features and allow a high-privileged attacker to access files or directories outside the ...

6.8CVSS5.8AI score0.00636EPSS
CVE
CVE
added 2026/05/12 7:50 p.m.25 views

CVE-2026-34648

Adobe Commerce CVE-2026-34648 affects versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier with an Uncontrolled Resource Consumption flaw that can cause application denial-of-service by exhausting system resources. Exploitation requires no user interaction and is ...

7.5CVSS5.8AI score0.2255EPSS
CVE
CVE
added 2025/08/12 5:55 p.m.24 views

CVE-2025-49559

CVE-2025-49559 affects Adobe Commerce/Magento Open Source: path traversal in versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier that could bypass security features and allow modification of limited data. The issue is exploitable without user interaction (networ...

5.3CVSS6.9AI score0.00632EPSS
CVE
CVE
added 2026/03/11 2:19 a.m.24 views

CVE-2026-21311

Adobe Commerce (Magento) versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored XSS (CWE-79) in vulnerable form fields. A high-privileged attacker can inject JavaScript that is executed in a victim’s browser when they visit the affected pag...

8CVSS5.7AI score0.00304EPSS
CVE
CVE
added 2026/05/12 7:50 p.m.22 views

CVE-2026-34655

Adobe Commerce is affected by a stored XSS vulnerability (CVE-2026-34655) in versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier. The issue allows a high-privileged attacker to inject malicious scripts into vulnerable form fields, potentially executing JavaScript...

4.8CVSS5.8AI score0.00368EPSS
CVE
CVE
added 2026/03/11 2:19 a.m.21 views

CVE-2026-21290

Adobe Commerce is affected by a stored Cross-Site Scripting (XSS) vulnerability (CVE-2026-21290) in multiple older 2.4.x releases (2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier). The issue allows a low-privileged attacker to inject malicious scripts into vulnerable...

8.7CVSS5.7AI score0.00452EPSS
CVE
CVE
added 2026/05/12 7:50 p.m.21 views

CVE-2026-34646

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could bypass security features and grant unauthorized write access. The CVSS v3.1 metrics indicate a Network attack vector, no privile...

7.5CVSS5.8AI score0.00411EPSS
CVE
CVE
added 2026/03/11 2:19 a.m.19 views

CVE-2026-21286

CVE-2026-21286 affects Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier, due to an Incorrect Authorization vulnerability (CWE-863) that could bypass security features and allow limited unauthorized view access without user interaction. Multiple...

5.3CVSS5.8AI score0.00295EPSS
CVE
CVE
added 2026/03/11 2:19 a.m.19 views

CVE-2026-21359

CVE-2026-21359 (Adobe Commerce) affects multiple older Adobe Commerce builds (2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier) with an Incorrect Authorization vulnerability that can bypass security features, allowing limited impact to data integrity/availability. The...

4.7CVSS5.8AI score0.00211EPSS
CVE
CVE
added 2026/05/12 7:50 p.m.19 views

CVE-2026-34649

CVE-2026-34649 affects Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier. The issue is an Uncontrolled Resource Consumption vulnerability that can cause an application denial-of-service by exhausting system resources. Exploitation does not requir...

7.5CVSS5.8AI score0.14383EPSS
CVE
CVE
added 2026/05/12 7:50 p.m.19 views

CVE-2026-34651

Adobe Commerce is affected by CVE-2026-34651 across versions 2.4.4-p17 and earlier up to 2.4.9-beta1, with an Uncontrolled Resource Consumption issue that can cause application denial-of-service. The vulnerability enables resource exhaustion without user interaction (attack vector: network; compl...

7.5CVSS5.8AI score0.00675EPSS
Total number of security vulnerabilities64