Filter
AND
AND
AND
Adobe CommerceAdobe Commerce | Improper Input Validation (CWE-20)
7.6
First published (updated )
Adobe CommerceAdobe Commerce | Cross-site Scripting (XSS) (CWE-79)
8.1
First published (updated )
Adobe CommerceAdobe Commerce | Improper Authentication (CWE-287)
8.8
First published (updated )
Adobe CommerceStored XSS through Webhook module public key configuration
7.6
First published (updated )
Adobe Commerce[Paris] Path Traversal lead to local file read
7.7
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Adobe CommerceAdobe Commerce | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
8.4
First published (updated )
Adobe CommerceAdobe Commerce | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
8.4
First published (updated )
Adobe CommerceAdobe Commerce | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
7.7
First published (updated )
Adobe CommerceDOM XSS through integrations can impact other admins
8.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Adobe CommerceCustomer account takeover via web API call & subsequent password reset
8.1
First published (updated )
Adobe CommerceAdobe Commerce | Improper Input Validation (CWE-20)
7.2
First published (updated )
Adobe CommerceRCE in the Adobe Commerce Webhook module through a legit webhook definition
7.2
First published (updated )
Adobe CommerceAdobe Commerce | Improper Authorization (CWE-285)
8.2
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Adobe CommerceAdobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) an…
7.5
First published (updated )
Adobe CommerceAdobe Commerce | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)
8
First published (updated )
Adobe CommerceAdobe Commerce | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)
8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Adobe CommerceAdobe Commerce | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)
8
First published (updated )
Adobe CommerceAdobe Commerce Incorrect Authorization Security feature bypass
7.5
First published (updated )
Adobe Commerce[CVE-2021-36032] Magento IDOR Leads to Account Takeover
8.8
First published (updated )
Adobe CommerceAdobe Commerce Improper Access Control Privilege escalation
8.8
First published (updated )
Adobe CommerceAdobe Commerce Improper Limitation of a Pathname to a Restricted Directory Arbitrary code execution
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.