magento
380 tracked vulnerabilities.
CVE-2025-24434
CRITICAL
Adobe Commerce <=2.4.8-beta1 Incorrect Authorization Privilege Escalation
Feb 11, 2025
CVSS 9.1
EPSS 0.00
CVE-2025-24432
LOW
Adobe Commerce < 2.4.4 - Time-of-check Time-of-use Race Condition
Feb 11, 2025
CVSS 3.7
EPSS 0.00
CVE-2025-24430
LOW
Adobe Commerce < 2.4.4 - Time-of-check Time-of-use Race Condition
Feb 11, 2025
CVSS 3.7
EPSS 0.00
CVE-2025-24429
LOW
Adobe Commerce < 2.4.4 - Improper Access Control
Feb 11, 2025
CVSS 3.5
EPSS 0.00
CVE-2025-24428
MEDIUM
Adobe Commerce < 2.4.4 - Stored Cross-Site Scripting in Form Fields
Feb 11, 2025
CVSS 5.4
EPSS 0.01
CVE-2025-24427
MEDIUM
Adobe Commerce < 2.4.4 - Improper Access Control
Feb 11, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-24425
MEDIUM
Adobe Commerce <2.4.8-beta1-2.4.4-p11 - Info Disclosure
Feb 11, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-24424
MEDIUM
Adobe Commerce < 2.4.7-p4 - Improper Access Control
Feb 11, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-24421
MEDIUM
Adobe Commerce <= 2.4.8-beta1, <= 2.4.7-p3, <= 2.4.6-p8, <= 2.4.5-p10, <= 2.4.4-p11 - Incorrect Authorization
Feb 11, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-24417
HIGH
Adobe Commerce < 2.4.4 - Stored Cross-Site Scripting in Form Fields
Feb 11, 2025
CVSS 8.7
EPSS 0.01
CVE-2025-24416
HIGH
Adobe Commerce <= 2.4.4-p11 - Stored Cross-Site Scripting in Form Fields
Feb 11, 2025
CVSS 8.7
EPSS 0.01
CVE-2025-24415
HIGH
Adobe Commerce < 2.4.4 - Stored Cross-Site Scripting in Form Fields
Feb 11, 2025
CVSS 8.7
EPSS 0.01
CVE-2025-24414
HIGH
Adobe Commerce < 2.4.4 - Stored Cross-Site Scripting in Form Fields
Feb 11, 2025
CVSS 8.7
EPSS 0.01
CVE-2025-24413
HIGH
Adobe Commerce < 2.4.4 - Stored Cross-Site Scripting in Form Fields
Feb 11, 2025
CVSS 8.7
EPSS 0.01
CVE-2025-24412
HIGH
Adobe Commerce < 2.4.4 - Stored Cross-Site Scripting in Form Fields
Feb 11, 2025
CVSS 8.7
EPSS 0.01
CVE-2025-24411
HIGH
Adobe Commerce < 2.4.4 - Security Feature Bypass via Improper Access Control
Feb 11, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-24410
HIGH
Adobe Commerce < 2.4.4 - Stored Cross-Site Scripting in Form Fields
Feb 11, 2025
CVSS 8.7
EPSS 0.02
CVE-2025-24409
HIGH
Adobe Commerce < 2.4.4 - Incorrect Authorization
Feb 11, 2025
CVSS 8.2
EPSS 0.00
CVE-2025-24408
MEDIUM
Adobe Commerce <= 2.4.8-beta1 - Information Exposure
Feb 11, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-24406
HIGH
Adobe Commerce < 2.4.4 - Unauthenticated Path Traversal and Arbitrary File Write
Feb 11, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-45149
LOW
Adobe Commerce <2.4.7-p2 - Privilege Escalation
Oct 10, 2024
CVSS 2.7
EPSS 0.00
CVE-2024-45135
LOW
Adobe Commerce <2.4.7-p2 - Privilege Escalation
Oct 10, 2024
CVSS 2.7
EPSS 0.00
CVE-2024-45134
LOW
Adobe Commerce <2.4.7-p2 - Info Disclosure
Oct 10, 2024
CVSS 2.7
EPSS 0.00
CVE-2024-45133
LOW
Adobe Commerce <2.4.7-p2 - Info Disclosure
Oct 10, 2024
CVSS 2.7
EPSS 0.00
CVE-2024-45132
MEDIUM
Adobe Commerce <2.4.7-p2 - Privilege Escalation
Oct 10, 2024
CVSS 6.5
EPSS 0.00