📦 Commerce

CVE-2025-54236 is an improper input validation vulnerability in Adobe Commerce (Magento) that allows unauthenticated attackers to achieve session takeover. This enables attackers to hijack user sessio...

CVE-2025-24434 is an incorrect authorization vulnerability in Adobe Commerce that allows attackers to bypass security controls and escalate privileges without user interaction. This affects Adobe Comm...

CVE-2024-45115 is an improper authentication vulnerability in Adobe Commerce that allows attackers to bypass authentication mechanisms and gain elevated privileges without user interaction. This affec...

This vulnerability allows attackers to upload malicious files to Adobe Commerce servers, potentially leading to arbitrary code execution. It affects Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p...

This CVE describes an Improper Input Validation vulnerability in Adobe Commerce that allows authenticated users with admin privileges to execute arbitrary code on affected systems. The vulnerability a...

This critical XXE vulnerability in Adobe Commerce allows unauthenticated attackers to execute arbitrary code by sending malicious XML documents. It affects Adobe Commerce (formerly Magento) versions 2...

This CVE describes an Improper Input Validation vulnerability in Adobe Commerce that allows attackers to execute arbitrary code on the underlying filesystem. The vulnerability affects Adobe Commerce v...

This stored Cross-Site Scripting (XSS) vulnerability in Adobe Commerce allows an authenticated admin attacker to inject malicious JavaScript into admin pages. When other admin users view these pages, ...

CVE-2022-24093 is an improper input validation vulnerability in Adobe Commerce (formerly Magento) that allows authenticated attackers to execute arbitrary code on affected systems. This affects Adobe ...

This CVE describes an OS command injection vulnerability in Adobe Commerce (formerly Magento) that allows authenticated administrators to execute arbitrary commands on the server. Attackers with admin...

This vulnerability allows authenticated admin users in Adobe Commerce to execute arbitrary code through improper template engine neutralization. It affects Adobe Commerce versions 2.4.6 and earlier, 2...

CVE-2022-24086 is a critical improper input validation vulnerability in Adobe Commerce (formerly Magento) that allows unauthenticated attackers to execute arbitrary code during checkout. This affects ...

Adobe Commerce has an incorrect authorization vulnerability that allows low-privileged attackers to bypass security controls and maintain unauthorized access without user interaction. This affects Ado...

Adobe Commerce has an incorrect authorization vulnerability that allows attackers to bypass security measures and gain unauthorized read access to sensitive data. This affects Adobe Commerce versions ...

Adobe Commerce has an improper input validation vulnerability (CWE-20) that allows unauthenticated attackers to cause denial-of-service by sending specially crafted input. This affects Adobe Commerce ...

Adobe Commerce has an improper authorization vulnerability that allows attackers to bypass security measures and gain unauthorized access. This affects Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p...

A stored Cross-Site Scripting (XSS) vulnerability in Adobe Commerce allows low-privileged attackers to inject malicious JavaScript into vulnerable form fields. When victims browse pages containing the...

A stored Cross-Site Scripting (XSS) vulnerability in Adobe Commerce allows low-privileged attackers to inject malicious JavaScript into vulnerable form fields. When victims browse pages containing the...

A stored Cross-Site Scripting (XSS) vulnerability in Adobe Commerce allows low-privileged attackers to inject malicious scripts into form fields. When victims browse pages containing these fields, the...

Adobe Commerce has an improper access control vulnerability that allows low-privileged attackers to bypass security measures and gain unauthorized access to sensitive data or modify content. This affe...

A stored Cross-Site Scripting (XSS) vulnerability in Adobe Commerce allows low-privileged attackers to inject malicious JavaScript into vulnerable form fields. When victims browse pages containing the...

A stored Cross-Site Scripting (XSS) vulnerability in Adobe Commerce allows low-privileged attackers to inject malicious JavaScript into vulnerable form fields. When victims browse pages containing the...

A stored cross-site scripting (XSS) vulnerability in Adobe Commerce allows low-privileged attackers to inject malicious scripts into vulnerable form fields. When victims browse pages containing these ...

A stored Cross-Site Scripting (XSS) vulnerability in Adobe Commerce allows low-privileged attackers to inject malicious JavaScript into vulnerable form fields. When victims browse pages containing the...

A stored Cross-Site Scripting (XSS) vulnerability in Adobe Commerce allows low-privileged attackers to inject malicious JavaScript into vulnerable form fields. When victims browse pages containing the...

This CVE describes a path traversal vulnerability in Adobe Commerce that allows unauthenticated attackers to modify files outside restricted directories. This security feature bypass affects Adobe Com...

This CVE describes an incorrect authorization vulnerability in Adobe Commerce that allows attackers to bypass security measures and gain unauthorized access to sensitive data. Affected versions includ...

Adobe Commerce versions 3.2.5 and earlier contain a Server-Side Request Forgery (SSRF) vulnerability that allows low-privileged attackers to send crafted requests from the vulnerable server to interna...

CVE-2024-45148 is an improper authentication vulnerability in Adobe Commerce that allows low-privileged attackers to bypass security features and gain unauthorized access without valid credentials. Th...

This CVE describes an Improper Input Validation vulnerability in Adobe Commerce that allows authenticated admin attackers to read arbitrary files from the server filesystem using PHP filter chain tech...

This CVE describes an OS command injection vulnerability in Adobe Commerce that allows authenticated admin users to execute arbitrary commands on the server. The vulnerability requires user interactio...

A stored Cross-Site Scripting (XSS) vulnerability in Adobe Commerce allows low-privileged attackers to inject malicious JavaScript into vulnerable form fields. When victims browse pages containing the...

CVE-2024-39399 is a path traversal vulnerability in Adobe Commerce that allows low-privileged attackers to read arbitrary files from the server's filesystem without user interaction. This affects Adob...

This vulnerability allows high-privilege attackers to upload malicious files to Adobe Commerce systems, potentially leading to arbitrary code execution. Affected versions include Adobe Commerce 2.4.7,...

This CVE describes an Improper Authorization vulnerability in Adobe Commerce that allows attackers to bypass security measures without user interaction. Affected systems include Adobe Commerce version...

This SQL injection vulnerability in Adobe Commerce allows authenticated attackers with admin privileges to execute arbitrary code on affected systems. It affects multiple Adobe Commerce versions up to...

This CVE-2023-38218 vulnerability in Adobe Commerce allows authenticated attackers to bypass authorization controls, potentially exposing sensitive information and escalating privileges. It affects mu...

CVE-2023-38220 is an improper authorization vulnerability in Adobe Commerce (formerly Magento) that allows attackers to bypass security controls and access unauthorized data without user interaction. ...

This CVE describes an incorrect authorization vulnerability in Adobe Commerce that allows attackers to bypass security features and access other users' data without requiring any user interaction. It ...

CVE-2023-22247 is an XML injection vulnerability in Adobe Commerce that allows unauthenticated attackers to read arbitrary files from the server. This affects Adobe Commerce versions 2.4.4-p2 and earl...

Adobe Commerce (Magento) versions 2.4.9-alpha2 through 2.4.4-p15 and earlier contain an incorrect authorization vulnerability (CWE-863) that allows attackers to bypass security controls and gain unaut...

A stored cross-site scripting (XSS) vulnerability in Adobe Commerce allows high-privileged attackers to inject malicious JavaScript into vulnerable form fields. When victims browse to pages containing...

This CVE describes an incorrect authorization vulnerability in Adobe Commerce that allows low-privileged attackers to bypass security controls and gain unauthorized elevated privileges. The vulnerabil...

This CVE describes a Time-of-check Time-of-use (TOCTOU) race condition vulnerability in Adobe Commerce that allows attackers to bypass security features and gain unauthorized write access. The vulnera...

This CVE describes a path traversal vulnerability in Adobe Commerce that allows attackers to bypass security restrictions and modify limited data without user interaction. Affected versions include Ad...

Adobe Commerce has an incorrect authorization vulnerability (CWE-863) that allows attackers to bypass security features and gain limited unauthorized access. This affects versions 2.4.8, 2.4.7-p5, 2.4...

This CVE describes an Improper Access Control vulnerability in Adobe Commerce that allows attackers to bypass security measures and gain limited write access without user interaction. Affected version...

CVE-2025-27188 is an improper authorization vulnerability in Adobe Commerce that allows attackers to bypass security controls and escalate privileges without user interaction. This affects Adobe Comme...

This CVE describes an Improper Access Control vulnerability in Adobe Commerce that allows attackers to bypass security measures and gain unauthorized access without user interaction. It affects Adobe ...

Adobe Commerce has an incorrect authorization vulnerability that allows low-privileged attackers to bypass security features and view select information without user interaction. This affects Adobe Co...

CVE-2025-24427 is an improper access control vulnerability in Adobe Commerce that allows low-privileged attackers to bypass security measures and gain unauthorized write access without user interactio...

Adobe Commerce has an incorrect authorization vulnerability that allows low-privileged attackers to bypass security features and read select data without user interaction. This affects Adobe Commerce ...

This CVE describes a business logic error in Adobe Commerce that allows attackers to bypass security features and modify limited data without user interaction. Affected versions include Adobe Commerce...

Adobe Commerce has an information exposure vulnerability that allows low-privileged attackers to access sensitive data without user interaction. This could lead to privilege escalation by exposing cre...

CVE-2024-45132 is an improper authorization vulnerability in Adobe Commerce that allows low-privileged attackers to bypass security controls and escalate privileges. This affects Adobe Commerce versio...

This CVE describes an Improper Authorization vulnerability in Adobe Commerce that allows low-privileged attackers to bypass security measures. The vulnerability affects Adobe Commerce versions 2.4.7-p...

This CVE describes an Improper Access Control vulnerability in Adobe Commerce that allows low-privileged attackers to bypass security measures. Affected versions include Adobe Commerce 2.4.7-p2, 2.4.6...

This reflected Cross-Site Scripting (XSS) vulnerability in Adobe Commerce allows attackers to execute malicious JavaScript in victims' browsers by tricking them into visiting specially crafted URLs. T...

Adobe Commerce has an incorrect authorization vulnerability that allows low-privileged attackers to bypass security features and potentially modify data. This affects Adobe Commerce versions 2.4.7-p2,...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Adobe Commerce that allows authenticated administrators to force the application to make arbitrary HTTP requests to internal sy...

CVE-2024-45121 is an Improper Access Control vulnerability in Adobe Commerce that allows low-privileged attackers to bypass security features. This affects Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, ...

CVE-2024-39419 is an improper authorization vulnerability in Adobe Commerce that allows low-privileged attackers to bypass security measures and modify minor information without user interaction. This...

CVE-2024-39415 is an improper authorization vulnerability in Adobe Commerce that allows low-privileged attackers to bypass security measures and access minor information without user interaction. This...

CVE-2024-39417 is an improper authorization vulnerability in Adobe Commerce that allows low-privileged attackers to bypass security measures and access minor information without user interaction. This...

CVE-2024-39411 is an improper authorization vulnerability in Adobe Commerce that allows low-privileged attackers to bypass security measures and access minor information without user interaction. This...

Adobe Commerce has an improper authorization vulnerability that allows low-privileged attackers to bypass security features and access minor information without user interaction. This affects Adobe Co...

Adobe Commerce has an improper authorization vulnerability that allows low-privileged attackers to bypass security features and modify minor information without user interaction. This affects Adobe Co...

CVE-2024-39407 is an improper authorization vulnerability in Adobe Commerce that allows low-privileged attackers to bypass security measures and modify minor information without user interaction. This...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in Adobe Commerce that allows attackers to bypass security features and make minor integrity changes on behalf of authenticated use...

This CVE describes an incorrect authorization vulnerability in Adobe Commerce that allows attackers to bypass security features and perform unauthorized actions with another user's privileges. It affe...