Filter
AND
AND

Adobe CommerceAdobe Commerce | Improper Access Control (CWE-284)

critical
9.8
First published (updated )
CVE-2024-34107

Adobe CommerceAdobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability

critical
9.8
Exploited
First published (updated )
CVE-2024-34102

Adobe CommerceAdobe Commerce | Improper Authentication (CWE-287)

critical
9.8
First published (updated )
CVE-2024-45115

Adobe Commerce[Adobe Commerce] Stored XSS from low privileged admin user on every admin page, bypassing CVE-2023-29297

critical
9.1
First published (updated )
CVE-2024-20719

Adobe CommerceCommand injection in data collector backup due to insufficient patching of CVE-2023-38208

critical
9.1
First published (updated )
CVE-2024-20720

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Adobe CommerceLarge attack surface through legit webhook usage in Adobe Commerce

critical
9.1
First published (updated )
CVE-2024-34108

Adobe CommerceAdobe Commerce | Unrestricted Upload of File with Dangerous Type (CWE-434)

critical
9
First published (updated )
CVE-2024-39397

Adobe CommerceSSRF in service connector

high
8.8
First published (updated )
CVE-2024-34111

Adobe CommerceAdobe Commerce | Improper Authentication (CWE-287)

high
8.8
First published (updated )
CVE-2024-45148

Adobe CommerceAdobe Commerce | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)

high
8.4
First published (updated )
CVE-2024-39402

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Adobe CommerceAdobe Commerce | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)

high
8.4
First published (updated )
CVE-2024-39401

Adobe CommerceAdobe Commerce | Improper Authorization (CWE-285)

high
8.2
First published (updated )
CVE-2024-34104

Adobe CommerceCustomer account takeover via web API call & subsequent password reset

high
8.1
First published (updated )
CVE-2024-34103

Adobe CommerceDOM XSS through integrations can impact other admins

high
8.1
First published (updated )
CVE-2024-39400

Adobe CommerceAdobe Commerce | Cross-site Scripting (XSS) (CWE-79)

high
8.1
First published (updated )
CVE-2024-45116

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Adobe Commerce[Paris] Path Traversal lead to local file read

high
7.7
First published (updated )
CVE-2024-39399

Adobe CommerceAdobe Commerce | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

high
7.7
First published (updated )
CVE-2024-39406

Adobe CommerceStored XSS through Webhook module public key configuration

high
7.6
First published (updated )
CVE-2024-39403

Adobe CommerceAdobe Commerce | Improper Input Validation (CWE-20)

high
7.6
First published (updated )
CVE-2024-45117

Adobe CommerceOTP 2FA can be bruteforced

high
7.4
First published (updated )
CVE-2024-39398

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Adobe CommerceRCE in the Adobe Commerce Webhook module through a legit webhook definition

high
7.2
First published (updated )
CVE-2024-34110

Adobe CommerceAdobe Commerce | Improper Input Validation (CWE-20)

high
7.2
First published (updated )
CVE-2024-34109

Adobe Commerce[Spain] CSRF to delete Requisition Lists at Adobe Commerce

medium
6.5
First published (updated )
CVE-2024-20718

Adobe CommerceAdobe Commerce | Incorrect Authorization (CWE-863)

medium
6.5
First published (updated )
CVE-2024-45132

Adobe CommerceAdobe Commerce | Improper Access Control (CWE-284)

medium
6.5
First published (updated )
CVE-2024-45118

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Adobe CommerceAdobe Commerce | Cross-Site Request Forgery (CSRF) (CWE-352)

medium
6.3
First published (updated )
CVE-2024-39409

Adobe CommerceAdobe Commerce | Cross-Site Request Forgery (CSRF) (CWE-352)

medium
6.3
First published (updated )
CVE-2024-39408

Adobe CommerceAdobe Commerce | Cross-site Scripting (Reflected XSS) (CWE-79)

medium
6.1
First published (updated )
CVE-2024-45123

Adobe CommerceAdobe Commerce | Cross-Site Request Forgery (CSRF) (CWE-352)

medium
5.5
First published (updated )
CVE-2024-39410

Adobe CommerceAdobe Commerce | Server-Side Request Forgery (SSRF) (CWE-918)

medium
5.5
First published (updated )
CVE-2024-45119

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203