📦 Commerce B2b

CVE-2025-54236 is an improper input validation vulnerability in Adobe Commerce (Magento) that allows unauthenticated attackers to achieve session takeover. This enables attackers to hijack user sessio...

CVE-2025-24434 is an incorrect authorization vulnerability in Adobe Commerce that allows attackers to bypass security controls and escalate privileges without user interaction. This affects Adobe Comm...

CVE-2024-45115 is an improper authentication vulnerability in Adobe Commerce that allows attackers to bypass authentication mechanisms and gain elevated privileges without user interaction. This affec...

Adobe Commerce has an incorrect authorization vulnerability that allows low-privileged attackers to bypass security controls and maintain unauthorized access without user interaction. This affects Ado...

Adobe Commerce has an incorrect authorization vulnerability that allows attackers to bypass security measures and gain unauthorized read access to sensitive data. This affects Adobe Commerce versions ...

Adobe Commerce has an improper input validation vulnerability (CWE-20) that allows unauthenticated attackers to cause denial-of-service by sending specially crafted input. This affects Adobe Commerce ...

Adobe Commerce has an improper authorization vulnerability that allows attackers to bypass security measures and gain unauthorized access. This affects Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p...

A stored Cross-Site Scripting (XSS) vulnerability in Adobe Commerce allows low-privileged attackers to inject malicious JavaScript into vulnerable form fields. When victims browse pages containing the...

CVE-2025-24418 is an improper authorization vulnerability in Adobe Commerce that allows low-privileged attackers to bypass security controls and escalate privileges without user interaction. This affe...

A stored Cross-Site Scripting (XSS) vulnerability in Adobe Commerce allows low-privileged attackers to inject malicious JavaScript into vulnerable form fields. When victims browse pages containing the...

A stored Cross-Site Scripting (XSS) vulnerability in Adobe Commerce allows low-privileged attackers to inject malicious scripts into form fields. When victims browse pages containing these fields, the...

Adobe Commerce has an improper access control vulnerability that allows low-privileged attackers to bypass security measures and gain unauthorized access to sensitive data or modify content. This affe...

A stored Cross-Site Scripting (XSS) vulnerability in Adobe Commerce allows low-privileged attackers to inject malicious JavaScript into vulnerable form fields. When victims browse pages containing the...

A stored Cross-Site Scripting (XSS) vulnerability in Adobe Commerce allows low-privileged attackers to inject malicious JavaScript into vulnerable form fields. When victims browse pages containing the...

A stored cross-site scripting (XSS) vulnerability in Adobe Commerce allows low-privileged attackers to inject malicious scripts into vulnerable form fields. When victims browse pages containing these ...

A stored Cross-Site Scripting (XSS) vulnerability in Adobe Commerce allows low-privileged attackers to inject malicious JavaScript into vulnerable form fields. When victims browse pages containing the...

A stored Cross-Site Scripting (XSS) vulnerability in Adobe Commerce allows low-privileged attackers to inject malicious JavaScript into vulnerable form fields. When victims browse pages containing the...

This CVE describes a path traversal vulnerability in Adobe Commerce that allows unauthenticated attackers to modify files outside restricted directories. This security feature bypass affects Adobe Com...

Adobe Commerce has an incorrect authorization vulnerability (CWE-863) that allows low-privileged attackers to bypass security features and perform unauthorized actions. This affects versions 2.4.8-bet...

This CVE describes an incorrect authorization vulnerability in Adobe Commerce that allows attackers to bypass security measures and gain unauthorized access to sensitive data. Affected versions includ...

CVE-2024-45148 is an improper authentication vulnerability in Adobe Commerce that allows low-privileged attackers to bypass security features and gain unauthorized access without valid credentials. Th...

This CVE describes an Improper Input Validation vulnerability in Adobe Commerce that allows authenticated admin attackers to read arbitrary files from the server filesystem using PHP filter chain tech...

Adobe Commerce (Magento) versions 2.4.9-alpha2 through 2.4.4-p15 and earlier contain an incorrect authorization vulnerability (CWE-863) that allows attackers to bypass security controls and gain unaut...

A stored cross-site scripting (XSS) vulnerability in Adobe Commerce allows high-privileged attackers to inject malicious JavaScript into vulnerable form fields. When victims browse to pages containing...

This CVE describes an incorrect authorization vulnerability in Adobe Commerce that allows low-privileged attackers to bypass security controls and gain unauthorized elevated privileges. The vulnerabil...

This CVE describes a Time-of-check Time-of-use (TOCTOU) race condition vulnerability in Adobe Commerce that allows attackers to bypass security features and gain unauthorized write access. The vulnera...

This CVE describes a path traversal vulnerability in Adobe Commerce that allows attackers to bypass security restrictions and modify limited data without user interaction. Affected versions include Ad...

Adobe Commerce has an incorrect authorization vulnerability (CWE-863) that allows attackers to bypass security features and gain limited unauthorized access. This affects versions 2.4.8, 2.4.7-p5, 2.4...

This CVE describes an Improper Access Control vulnerability in Adobe Commerce that allows attackers to bypass security measures and gain limited write access without user interaction. Affected version...

CVE-2025-27188 is an improper authorization vulnerability in Adobe Commerce that allows attackers to bypass security controls and escalate privileges without user interaction. This affects Adobe Comme...

This CVE describes an Improper Access Control vulnerability in Adobe Commerce that allows attackers to bypass security measures and gain unauthorized access without user interaction. It affects Adobe ...

Adobe Commerce has an incorrect authorization vulnerability that allows low-privileged attackers to bypass security features and view select information without user interaction. This affects Adobe Co...

CVE-2025-24427 is an improper access control vulnerability in Adobe Commerce that allows low-privileged attackers to bypass security measures and gain unauthorized write access without user interactio...

Adobe Commerce has an incorrect authorization vulnerability that allows low-privileged attackers to bypass security features and read select data without user interaction. This affects Adobe Commerce ...

Adobe Commerce has an improper access control vulnerability (CWE-284) that allows low-privileged attackers to escalate privileges and modify select data without user interaction. This affects Adobe Co...

This CVE describes a business logic error in Adobe Commerce that allows attackers to bypass security features and modify limited data without user interaction. Affected versions include Adobe Commerce...

CVE-2025-24419 is an incorrect authorization vulnerability in Adobe Commerce that allows low-privileged attackers to bypass security features and modify select data without user interaction. This affe...

Adobe Commerce has an information exposure vulnerability that allows low-privileged attackers to access sensitive data without user interaction. This could lead to privilege escalation by exposing cre...

CVE-2024-45132 is an improper authorization vulnerability in Adobe Commerce that allows low-privileged attackers to bypass security controls and escalate privileges. This affects Adobe Commerce versio...

This CVE describes an Improper Authorization vulnerability in Adobe Commerce that allows low-privileged attackers to bypass security measures. The vulnerability affects Adobe Commerce versions 2.4.7-p...

This CVE describes an Improper Access Control vulnerability in Adobe Commerce that allows low-privileged attackers to bypass security measures. Affected versions include Adobe Commerce 2.4.7-p2, 2.4.6...

This reflected Cross-Site Scripting (XSS) vulnerability in Adobe Commerce allows attackers to execute malicious JavaScript in victims' browsers by tricking them into visiting specially crafted URLs. T...

Adobe Commerce has an incorrect authorization vulnerability that allows low-privileged attackers to bypass security features and potentially modify data. This affects Adobe Commerce versions 2.4.7-p2,...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Adobe Commerce that allows authenticated administrators to force the application to make arbitrary HTTP requests to internal sy...

CVE-2024-45121 is an Improper Access Control vulnerability in Adobe Commerce that allows low-privileged attackers to bypass security features. This affects Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, ...