Magento Security Vulnerabilities and Issues — Magento CVE List

Lucene search

AdobeMagento

18 matches found

CVE•added 2024/06/13 9:15 a.m.•251 views

CVE-2024-34102

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that r...

9.8CVSS9.6AI score0.94335EPSS

CVE•added 2025/02/11 6:15 p.m.•233 views

CVE-2025-24434

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Explo...

9.1CVSS9.2AI score0.00227EPSS

CVE•added 2024/04/10 12:15 p.m.•149 views

CVE-2024-20758

Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution on the underlying filesystem. Exploitation of this issue does not require user interaction, but the attack complexit...

9CVSS9AI score0.00892EPSS

CVE•added 2024/08/14 12:15 p.m.•117 views

CVE-2024-39397

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution by an attacker. An attacker could exploit this vulnerability by uploading a malicious file which ...

9CVSS9.2AI score0.06658EPSS

CVE•added 2023/06/15 7:15 p.m.•112 views

CVE-2023-29297

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation...

9.1CVSS8.3AI score0.06202EPSS

CVE•added 2020/06/26 9:15 p.m.•79 views

CVE-2020-9582

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

9.8CVSS9.7AI score0.02882EPSS

CVE•added 2020/06/26 9:15 p.m.•75 views

CVE-2020-9583

9.8CVSS9.7AI score0.02766EPSS

CVE•added 2020/06/26 9:15 p.m.•69 views

CVE-2020-9576

9.8CVSS9.7AI score0.02766EPSS

CVE•added 2020/06/26 9:15 p.m.•62 views

CVE-2020-9630

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a business logic error vulnerability. Successful exploitation could lead to privilege escalation.

9.8CVSS9.2AI score0.00844EPSS

CVE•added 2020/06/26 9:15 p.m.•60 views

CVE-2020-9579

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

9.8CVSS9.5AI score0.05576EPSS

CVE•added 2020/06/26 9:15 p.m.•60 views

CVE-2020-9585

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to arbitrary code execution.

9.8CVSS9.5AI score0.05576EPSS

CVE•added 2024/06/13 9:15 a.m.•59 views

CVE-2024-34107

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and view minor unauthorised information. Exploit...

9.8CVSS7.2AI score0.00195EPSS

CVE•added 2020/06/26 9:15 p.m.•55 views

CVE-2020-9578

9.8CVSS9.7AI score0.02882EPSS

CVE•added 2024/06/13 9:15 a.m.•55 views

CVE-2024-34108

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but admin privileges are...

9.1CVSS8.6AI score0.0199EPSS

CVE•added 2020/07/22 8:15 p.m.•54 views

CVE-2020-9664

Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a php object injection vulnerability. Successful exploitation could lead to arbitrary code execution.

9.8CVSS9.7AI score0.12559EPSS

CVE•added 2020/07/29 1:15 p.m.•53 views

CVE-2020-9691

Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a dom-based cross-site scripting vulnerability. Successful exploitation could lead to arbitrary code execution.

9.6CVSS8.8AI score0.00631EPSS

CVE•added 2020/06/26 9:15 p.m.•48 views

CVE-2020-9580

9.8CVSS9.5AI score0.05576EPSS

CVE•added 2024/10/10 10:15 a.m.•44 views

CVE-2024-45115

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exp...

9.8CVSS9.7AI score0.00342EPSS