magento
380 tracked vulnerabilities.
CVE-2025-54267
MEDIUM
Adobe Commerce 2.4.9-alpha2 2.4.8-p2 2.4.7-p7 2.4.6-p12 2.4.5-p14 2.4.4-p15 and earlier - Incorrect Authorization
Oct 14, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-54266
MEDIUM
Adobe Commerce <=2.4.4-p15 Stored XSS in Form Fields
Oct 14, 2025
CVSS 4.8
EPSS 0.00
CVE-2025-54265
MEDIUM
Adobe Commerce <=2.4.9-alpha2 - Incorrect Authorization leading to Unauthorized Read Access
Oct 14, 2025
CVSS 5.9
EPSS 0.00
CVE-2025-54264
HIGH
Adobe Commerce <=2.4.4-p15 Stored XSS in Form Fields
Oct 14, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-54263
HIGH
Adobe Commerce 2.4.9-alpha2 2.4.8-p2 2.4.7-p7 2.4.6-p12 2.4.5-p14 2.4.4-p15 and earlier - Incorrect Authorization
Oct 14, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-54236
CRITICAL
KEVNUCLEI
Magento SessionReaper
Sep 09, 2025
CVSS 9.1
EPSS 0.67
CVE-2025-49559
MEDIUM
Adobe Commerce < 2.4.4 - Path Traversal
Aug 12, 2025
CVSS 5.3
EPSS 0.01
CVE-2025-49558
MEDIUM
Adobe Commerce < 2.4.4 - Time-of-check Time-of-use Race Condition
Aug 12, 2025
CVSS 5.9
EPSS 0.00
CVE-2025-49557
HIGH
Adobe Commerce < 2.4.4 - Stored Cross-Site Scripting in Form Fields
Aug 12, 2025
CVSS 8.7
EPSS 0.00
CVE-2025-49556
HIGH
Adobe Commerce < 2.4.4 - Incorrect Authorization
Aug 12, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-49555
HIGH
Adobe Commerce < 2.4.4 - Cross-Site Request Forgery
Aug 12, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-49554
HIGH
Adobe Commerce < 2.4.4 - Denial of Service via Improper Input Validation
Aug 12, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-49550
MEDIUM
Adobe Commerce - Incorrect Authorization leading to Security Feature Bypass
Jun 25, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-49549
LOW
Adobe Commerce <= 2.4.8 - Incorrect Authorization
Jun 25, 2025
CVSS 2.7
EPSS 0.01
CVE-2025-47110
HIGH
Adobe Commerce 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier - Stored Cross-Site Scripting in Form Fields
Jun 10, 2025
CVSS 8.4
EPSS 0.01
CVE-2025-43585
HIGH
Adobe Commerce <=2.4.8 Security Feature Bypass via Improper Authorization
Jun 10, 2025
CVSS 8.2
EPSS 0.01
CVE-2025-27206
MEDIUM
Adobe Commerce <2.4.8 - Privilege Escalation
Jun 10, 2025
CVSS 5.3
EPSS 0.01
CVE-2025-27192
LOW
Adobe Commerce <2.4.8-beta2 - Insufficiently Protected Credentials
Apr 08, 2025
CVSS 2.7
EPSS 0.00
CVE-2025-27191
MEDIUM
Adobe Commerce <2.4.8-beta2 - Privilege Escalation
Apr 08, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-27190
MEDIUM
Adobe Commerce <2.4.8-beta2 - Privilege Escalation
Apr 08, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-27188
MEDIUM
Adobe Commerce < 2.4.4 - Improper Authorization
Apr 08, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-24438
HIGH
Adobe Commerce <=2.4.8-beta1 - Stored XSS in Form Fields
Feb 11, 2025
CVSS 8.7
EPSS 0.01
CVE-2025-24437
MEDIUM
Adobe Commerce 2.4.7-p3 2.4.6-p8 2.4.5-p10 2.4.4-p11 2.4.8-beta1 and earlier - Incorrect Authorization
Feb 11, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-24436
MEDIUM
Adobe Commerce 2.4.4-p11 2.4.5-p10 2.4.6-p8 2.4.7-p3 2.4.8-beta1 - Incorrect Authorization
Feb 11, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-24435
MEDIUM
Adobe Commerce <=2.4.8-beta1 - Authenticated Privilege Escalation via Improper Access Control
Feb 11, 2025
CVSS 4.3
EPSS 0.00