Magento Security Vulnerabilities and Issues — Magento CVE List

Lucene search

AdobeMagento

34 matches found

CVE•added 2023/10/13 7:15 a.m.•94 views

CVE-2023-26367

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker. Exploitation of this is...

4.9CVSS4.9AI score0.00331EPSS

CVE•added 2025/02/11 6:15 p.m.•65 views

CVE-2025-24421

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to read select data. Exploitation of this iss...

4.3CVSS5AI score0.00047EPSS

CVE•added 2025/02/11 6:15 p.m.•65 views

CVE-2025-24436

Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to view select information. Exploitation of t...

4.3CVSS6.2AI score0.00047EPSS

CVE•added 2025/04/08 9:15 p.m.•64 views

CVE-2025-27188

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploi...

4.3CVSS7.2AI score0.00076EPSS

CVE•added 2020/07/29 1:15 p.m.•62 views

CVE-2020-9690

Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.

4.2CVSS5.4AI score0.00346EPSS

CVE•added 2023/06/15 7:15 p.m.•62 views

CVE-2023-29288

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacker could leverage this vulnerability to modify a minor functionality of another ...

4.3CVSS4.3AI score0.00183EPSS

CVE•added 2023/06/15 7:15 p.m.•62 views

CVE-2023-29291

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requ...

4.9CVSS5.1AI score0.00413EPSS

CVE•added 2023/06/15 7:15 p.m.•57 views

CVE-2023-29295

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploi...

4.3CVSS4.4AI score0.00103EPSS

CVE•added 2024/08/14 12:15 p.m.•56 views

CVE-2024-39407

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Ex...

4.3CVSS4.5AI score0.00106EPSS

CVE•added 2024/06/13 9:15 a.m.•55 views

CVE-2024-34105

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser whe...

4.8CVSS4.6AI score0.00448EPSS

CVE•added 2023/06/15 7:15 p.m.•52 views

CVE-2023-29296

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to modify a minor functionality of anot...

4.3CVSS4.4AI score0.00103EPSS

CVE•added 2024/08/14 12:15 p.m.•52 views

CVE-2024-39405

4.3CVSS4.5AI score0.00102EPSS

CVE•added 2024/08/14 12:15 p.m.•52 views

CVE-2024-39415

4.3CVSS4.5AI score0.00097EPSS

CVE•added 2025/02/11 6:15 p.m.•52 views

CVE-2025-24435

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized...

4.3CVSS5.1AI score0.00071EPSS

CVE•added 2023/06/15 7:15 p.m.•50 views

CVE-2023-29294

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Business Logic Errors vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitat...

4.3CVSS4.4AI score0.00169EPSS

CVE•added 2024/10/10 10:15 a.m.•50 views

CVE-2024-45119

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injectio...

4.9CVSS5AI score0.00152EPSS

CVE•added 2023/06/15 7:15 p.m.•49 views

CVE-2023-29292

4.9CVSS5.5AI score0.00321EPSS

CVE•added 2024/08/14 12:15 p.m.•49 views

CVE-2024-39410

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changes on behalf of a user. The vulnerability could be exploited by tric...

4.3CVSS5.2AI score0.00129EPSS

CVE•added 2024/08/14 12:15 p.m.•49 views

CVE-2024-39413

4.3CVSS4.5AI score0.00097EPSS

CVE•added 2024/08/14 12:15 p.m.•49 views

CVE-2024-39417

4.3CVSS4.5AI score0.00097EPSS

CVE•added 2024/10/10 10:15 a.m.•49 views

CVE-2024-45127

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser...

4.8CVSS4.6AI score0.00311EPSS

CVE•added 2024/08/14 12:15 p.m.•48 views

CVE-2024-39411

4.3CVSS4.5AI score0.00097EPSS

CVE•added 2024/08/14 12:15 p.m.•47 views

CVE-2024-39408

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changeson behalf of a user. The vulnerability could be exploited by trick...

4.3CVSS5.8AI score0.00129EPSS

CVE•added 2024/08/14 12:15 p.m.•47 views

CVE-2024-39414

4.3CVSS4.5AI score0.00101EPSS

CVE•added 2024/08/14 12:15 p.m.•46 views

CVE-2024-39412

4.3CVSS5AI score0.00102EPSS

CVE•added 2024/08/14 12:15 p.m.•45 views

CVE-2024-39404

4.3CVSS4.5AI score0.00106EPSS

CVE•added 2024/08/14 12:15 p.m.•45 views

CVE-2024-39416

4.3CVSS4.5AI score0.00101EPSS

CVE•added 2024/08/14 12:15 p.m.•44 views

CVE-2024-39409

4.3CVSS5.8AI score0.00129EPSS

CVE•added 2024/08/14 12:15 p.m.•43 views

CVE-2024-39419

4.3CVSS4.5AI score0.00102EPSS

CVE•added 2024/10/10 10:15 a.m.•42 views

CVE-2024-45125

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to have a low impact on integrity. Exploitation of this iss...

4.3CVSS4.4AI score0.00074EPSS

CVE•added 2024/10/10 10:15 a.m.•40 views

CVE-2024-45121

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integ...

4.3CVSS4.8AI score0.00093EPSS

CVE•added 2024/10/10 10:15 a.m.•40 views

CVE-2024-45130

4.3CVSS4.8AI score0.00089EPSS

CVE•added 2024/10/10 10:15 a.m.•38 views

CVE-2024-45129

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity....

4.3CVSS4.9AI score0.00089EPSS

CVE•added 2024/10/10 10:15 a.m.•37 views

CVE-2024-45122

4.3CVSS4.4AI score0.00088EPSS