Filter

Versions

2.3.0
23
2.3.7
23
2.4.0
23
2.4.2
23
2.4.2-p1
23
1.3.3
22
1.3.3-p10
22
1.3.4
22
1.3.4-p9
22
1.3.5
22
1.3.5-p7
22
1.4.2
22
1.4.2-p1
22
1.4.2-p2
22
1.2.0
10
1.4.0
9

Adobe Magento CommerceAdobe Commerce | Improper Access Control (CWE-284)

critical
9.8
First published (updated )
CVE-2024-34107

Adobe Magento CommerceAdobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability

critical
9.8
Exploited
Trending
Year
First published (updated )
CVE-2024-34102

Adobe Magento CommerceAdobe Commerce | Improper Authentication (CWE-287)

critical
9.8
First published (updated )
CVE-2024-45115

Adobe CommerceMagento Commerce XML Injection Vulnerability In The 'City' Field Could Lead To Remote Code Execution

critical
9.8
First published (updated )
CVE-2021-36020

Adobe Magento CommerceLarge attack surface through legit webhook usage in Adobe Commerce

critical
9.1
First published (updated )
CVE-2024-34108

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Adobe CommerceMagento Commerce Improper Input Validation Could Lead To Remote Code Execution

critical
9.1
First published (updated )
CVE-2021-36034

Adobe CommerceMagento Commerce Customer Edition Improper Input Validation Could Lead To Remote Code Execution

critical
9.1
First published (updated )
CVE-2021-36025

Adobe CommerceMagento Commerce Stock Media Improper Input Validation Could Lead To Remote Code Execution

critical
9.1
First published (updated )
CVE-2021-36035

Adobe CommerceMagento Commerce Widgets Module XML Injection Vulnerability Could Lead To Remote Code Execution

critical
9.1
First published (updated )
CVE-2021-36033

Adobe CommerceMagento Commerce Improper Authorization Vulnerability Could Lead To Remote Code Execution

critical
9.1
First published (updated )
CVE-2021-36029

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Adobe CommerceMagento Commerce Improper Neutralization of Special Elements Used In A Command

critical
9.1
First published (updated )
CVE-2021-36024

Adobe CommerceMagento Commerce Widgets Update Layout XML Injection Vulnerability Could Lead To Remote Code Execution

critical
9.1
First published (updated )
CVE-2021-36022

Adobe CommerceMagento Commerce XML Injection Vulnerability Could Lead To Remote Code Execution

critical
9.1
First published (updated )
CVE-2021-36028

Adobe CommerceMagento Commerce Improper Input Validation Could Lead To Remote Code Execution

critical
9.1
First published (updated )
CVE-2021-36040

Adobe CommerceMagento Commerce Improper Input Validation Could Lead To Remote Code Execution

critical
9.1
First published (updated )
CVE-2021-36041

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Adobe CommerceMagento Commerce API File Option Upload Extension Improper Input Validation Vulnerability Could Lead To Remote Code Execution

critical
9.1
First published (updated )
CVE-2021-36042

Adobe Magento CommerceSSRF in service connector

high
8.8
First published (updated )
CVE-2024-34111

Adobe Magento CommerceAdobe Commerce | Improper Authentication (CWE-287)

high
8.8
First published (updated )
CVE-2024-45148

Adobe CommerceMagento Commerce Improper Input Validation Could Lead To Information Exposure and Privilege Escalation

high
8.8
First published (updated )
CVE-2021-36032

Adobe Magento CommerceAdobe Commerce | Improper Authorization (CWE-285)

high
8.2
First published (updated )
CVE-2024-34104

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Adobe Magento CommerceCustomer account takeover via web API call & subsequent password reset

high
8.1
First published (updated )
CVE-2024-34103

Adobe Magento CommerceAdobe Commerce | Cross-site Scripting (XSS) (CWE-79)

high
8.1
First published (updated )
CVE-2024-45116

Adobe CommerceMagento Commerce Authenticated Blind SSRF Could Lead To Remote Code Execution

high
8
First published (updated )
CVE-2021-36043

Adobe Magento CommerceAdobe Commerce | Improper Input Validation (CWE-20)

high
7.6
First published (updated )
CVE-2024-45117

Adobe CommerceMagento Commerce Improper Input Validation During Checkout Process Could Lead To Privilege Escalation

high
7.5
First published (updated )
CVE-2021-36030

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Adobe CommerceMagento Commerce GraphQL Improper Input Validation Could Lead To Denial Of Service

high
7.5
First published (updated )
CVE-2021-36044

Adobe Magento CommerceRCE in the Adobe Commerce Webhook module through a legit webhook definition

high
7.2
First published (updated )
CVE-2024-34110

Adobe Magento CommerceAdobe Commerce | Improper Input Validation (CWE-20)

high
7.2
First published (updated )
CVE-2024-34109

Adobe CommerceMagento Commerce Path Traversal In `theme[preview_image]` Parameter Could Lead To Remote Code Execution

high
7.2
First published (updated )
CVE-2021-36031

Adobe Magento CommerceAdobe Commerce | Incorrect Authorization (CWE-863)

medium
6.5
First published (updated )
CVE-2024-45132

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203