Magento@* Security Vulnerabilities and Issues — Page 2 of Magento@* CVE List

Lucene search

AdobeMagento*

74 matches found

CVE•added 2021/01/13 11:15 p.m.•52 views

CVE-2021-21013

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module. Successful exploitation could lead to sensitive information disclosure and update arbitrary information on another user's...

8.1CVSS7.5AI score0.00645EPSS

CVE•added 2024/08/14 12:15 p.m.•52 views

CVE-2024-39405

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Ex...

4.3CVSS4.5AI score0.00102EPSS

CVE•added 2024/08/14 12:15 p.m.•52 views

CVE-2024-39415

4.3CVSS4.5AI score0.00097EPSS

CVE•added 2024/11/12 5:15 p.m.•51 views

CVE-2024-49521

Adobe Commerce versions 3.2.5 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to a security feature bypass. A low privileged attacker could exploit this vulnerability to send crafted requests from the vulnerable server to internal systems, which could ...

7.7CVSS7.4AI score0.00162EPSS

CVE•added 2025/04/08 9:15 p.m.•51 views

CVE-2025-27192

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to gain unauthorized access to pr...

2.7CVSS6.9AI score0.00088EPSS

CVE•added 2024/08/14 12:15 p.m.•49 views

CVE-2024-39403

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s ...

7.6CVSS6.5AI score0.00254EPSS

CVE•added 2024/08/14 12:15 p.m.•49 views

CVE-2024-39410

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changes on behalf of a user. The vulnerability could be exploited by tric...

4.3CVSS5.2AI score0.00129EPSS

CVE•added 2024/08/14 12:15 p.m.•49 views

CVE-2024-39413

4.3CVSS4.5AI score0.00097EPSS

CVE•added 2024/08/14 12:15 p.m.•49 views

CVE-2024-39417

4.3CVSS4.5AI score0.00097EPSS

CVE•added 2020/06/26 9:15 p.m.•48 views

CVE-2020-9580

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

9.8CVSS9.5AI score0.05576EPSS

CVE•added 2020/07/29 1:15 p.m.•48 views

CVE-2020-9692

Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

8.5CVSS6.9AI score0.00168EPSS

CVE•added 2024/08/14 12:15 p.m.•48 views

CVE-2024-39398

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to perform brute force attacks and poten...

7.4CVSS7.5AI score0.00271EPSS

CVE•added 2024/08/14 12:15 p.m.•48 views

CVE-2024-39411

4.3CVSS4.5AI score0.00097EPSS

CVE•added 2024/08/14 12:15 p.m.•48 views

CVE-2024-39418

5.4CVSS5.4AI score0.00097EPSS

CVE•added 2024/08/14 12:15 p.m.•47 views

CVE-2024-39400

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an admin attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session. Exploit...

8.1CVSS7.1AI score0.00587EPSS

CVE•added 2024/08/14 12:15 p.m.•47 views

CVE-2024-39408

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changeson behalf of a user. The vulnerability could be exploited by trick...

4.3CVSS5.8AI score0.00129EPSS

CVE•added 2024/08/14 12:15 p.m.•47 views

CVE-2024-39414

4.3CVSS4.5AI score0.00101EPSS

CVE•added 2024/08/14 12:15 p.m.•46 views

CVE-2024-39412

4.3CVSS5AI score0.00102EPSS

CVE•added 2024/08/14 12:15 p.m.•45 views

CVE-2024-39404

4.3CVSS4.5AI score0.00106EPSS

CVE•added 2024/08/14 12:15 p.m.•45 views

CVE-2024-39416

4.3CVSS4.5AI score0.00101EPSS

CVE•added 2024/08/14 12:15 p.m.•44 views

CVE-2024-39409

4.3CVSS5.8AI score0.00129EPSS

CVE•added 2024/08/14 12:15 p.m.•43 views

CVE-2024-39419

4.3CVSS4.5AI score0.00102EPSS

CVE•added 2025/04/08 9:15 p.m.•43 views

CVE-2025-27191

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. ...

5.3CVSS7.1AI score0.00127EPSS

CVE•added 2020/07/22 8:15 p.m.•39 views

CVE-2020-9665

Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

6.1CVSS5.7AI score0.00575EPSS

Total number of security vulnerabilities74