Magento

380 tracked vulnerabilities.

CVE-2025-54267 MEDIUM
Adobe Commerce < 2.4.9-alpha3 - Incorrect Authorization
Oct 14, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-54266 MEDIUM
Adobe Commerce < 2.4.9-alpha3 - XSS
Oct 14, 2025
CVSS 4.8
EPSS 0.00
CVE-2025-54265 MEDIUM
Adobe Commerce < 2.4.9-alpha3 - Incorrect Authorization
Oct 14, 2025
CVSS 5.9
EPSS 0.00
CVE-2025-54264 HIGH
Adobe Commerce < 2.4.9-alpha3 - XSS
Oct 14, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-54263 HIGH
Adobe Commerce < 2.4.9-alpha3 - Incorrect Authorization
Oct 14, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-54236 CRITICALKEVNUCLEI
Magento SessionReaper
Sep 09, 2025
CVSS 9.1
EPSS 0.74
CVE-2025-49559 MEDIUM
Adobe Commerce < 2.4.4 - Path Traversal
Aug 12, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-49558 MEDIUM
Adobe Commerce < 2.4.4 - TOCTOU Race Condition
Aug 12, 2025
CVSS 5.9
EPSS 0.00
CVE-2025-49557 HIGH
Adobe Commerce < 2.4.4 - XSS
Aug 12, 2025
CVSS 8.7
EPSS 0.00
CVE-2025-49556 HIGH
Adobe Commerce < 2.4.4 - Incorrect Authorization
Aug 12, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-49555 HIGH
Adobe Commerce < 2.4.4 - CSRF
Aug 12, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-49554 HIGH
Adobe Commerce < 2.4.4 - Improper Input Validation
Aug 12, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-49550 MEDIUM
Adobe Commerce B2b < 1.3.3 - Incorrect Authorization
Jun 25, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-49549 LOW
Adobe Commerce < 1.3.3 - Incorrect Authorization
Jun 25, 2025
CVSS 2.7
EPSS 0.00
CVE-2025-47110 HIGH
Adobe Commerce < 2.4.8-p1 - XSS
Jun 10, 2025
CVSS 8.4
EPSS 0.00
CVE-2025-43585 HIGH
Adobe Commerce < 2.4.7-p6 - Improper Authorization
Jun 10, 2025
CVSS 8.2
EPSS 0.00
CVE-2025-27206 MEDIUM
Adobe Commerce <2.4.8 - Privilege Escalation
Jun 10, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-27192 LOW
Adobe Commerce <2.4.8-beta2 - Insufficiently Protected Credentials
Apr 08, 2025
CVSS 2.7
EPSS 0.01
CVE-2025-27191 MEDIUM
Adobe Commerce <2.4.8-beta2 - Privilege Escalation
Apr 08, 2025
CVSS 5.3
EPSS 0.01
CVE-2025-27190 MEDIUM
Adobe Commerce <2.4.8-beta2 - Privilege Escalation
Apr 08, 2025
CVSS 5.3
EPSS 0.01
CVE-2025-27188 MEDIUM
Adobe Commerce < 2.4.4 - Incorrect Authorization
Apr 08, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-24438 HIGH
Adobe Commerce < 2.4.7-p4 - XSS
Feb 11, 2025
CVSS 8.7
EPSS 0.00
CVE-2025-24437 MEDIUM
Adobe Commerce < 2.4.7-p4 - Incorrect Authorization
Feb 11, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-24436 MEDIUM
Adobe Commerce < 2.4.7-p4 - Incorrect Authorization
Feb 11, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-24435 MEDIUM
Adobe Commerce < 2.4.7-p4 - Improper Access Control
Feb 11, 2025
CVSS 4.3
EPSS 0.00
Products
community-edition 355 magento 221 project-community-edition 161 core 24 product-community-edition 4 advanced_newsletter 1 upward_php 1 magento1ce 1 magento1ee 1 magento2 1 upward_connector 1
Quick Filters
Critical CVEs With Exploits In CISA KEV