magento

380 tracked vulnerabilities.

CVE-2024-45131 MEDIUM
Adobe Commerce <2.4.7-p2 - Auth Bypass
Oct 10, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-45130 MEDIUM
Adobe Commerce <2.4.7-p2 - Auth Bypass
Oct 10, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-45129 MEDIUM
Adobe Commerce <2.4.7-p2 - Privilege Escalation
Oct 10, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-45128 MEDIUM
Adobe Commerce <2.4.7-p2 - Auth Bypass
Oct 10, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-45127 MEDIUM
Adobe Commerce 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier - Stored Cross-Site Scripting in Form Fields
Oct 10, 2024
CVSS 4.8
EPSS 0.01
CVE-2024-45125 MEDIUM
Adobe Commerce <2.4.7-p2 - Auth Bypass
Oct 10, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-45124 MEDIUM
Adobe Commerce <2.4.7-p2 - Auth Bypass
Oct 10, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-45123 MEDIUM
Adobe Commerce 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier - Reflected Cross-Site Scripting
Oct 10, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-45122 MEDIUM
Adobe Commerce <2.4.7-p2 - Auth Bypass
Oct 10, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-45121 MEDIUM
Adobe Commerce <2.4.7-p2 - Privilege Escalation
Oct 10, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-45120 LOW
Adobe Commerce 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier - Time-of-check Time-of-use (TOCTOU) Race Condition
Oct 10, 2024
CVSS 3.1
EPSS 0.00
CVE-2024-45119 MEDIUM
Adobe Commerce 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier - Authenticated Server-Side Request Forgery
Oct 10, 2024
CVSS 4.9
EPSS 0.00
CVE-2024-45118 MEDIUM
Adobe Commerce <2.4.7-p2 - Privilege Escalation
Oct 10, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-45117 HIGH
Adobe Commerce <2.4.7-p2 - Info Disclosure
Oct 10, 2024
CVSS 7.6
EPSS 0.00
CVE-2024-45116 HIGH
Adobe Commerce <2.4.7-p2-2.4.4-p10 - XSS
Oct 10, 2024
CVSS 8.1
EPSS 0.02
CVE-2024-39419 MEDIUM
Adobe Commerce 2.4.7-p1/2.4.6-p6/2.4.5-p8/2.4.4-p9 and earlier - Security Feature Bypass via Improper Authorization
Aug 14, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-39418 MEDIUM
Adobe Commerce < 2.4.7-p1, < 2.4.6-p6, < 2.4.5-p8, < 2.4.4-p9 - Improper Authorization
Aug 14, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-39417 MEDIUM
Adobe Commerce < 2.4.3 - Improper Authorization
Aug 14, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-39416 MEDIUM
Adobe Commerce < 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 - Security Feature Bypass via Improper Authorization
Aug 14, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-39415 MEDIUM
Adobe Commerce 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier - Security Feature Bypass via Improper Authorization
Aug 14, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-39414 MEDIUM
Adobe Commerce <=2.4.7-p1 - Improper Authorization leading to Security Feature Bypass
Aug 14, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-39413 MEDIUM
Adobe Commerce 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier - Security Feature Bypass via Improper Authorization
Aug 14, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-39412 MEDIUM
Adobe Commerce 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier - Improper Authorization
Aug 14, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-39411 MEDIUM
Adobe Commerce 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier - Security Feature Bypass via Improper Authorization
Aug 14, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-39410 MEDIUM
Adobe Commerce < 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 - Cross-Site Request Forgery
Aug 14, 2024
CVSS 4.3
EPSS 0.00
Products
community-edition 355 magento 221 project-community-edition 161 core 24 product-community-edition 4 advanced_newsletter 1 magento1ce 1 magento1ee 1 magento2 1 upward_connector 1 upward_php 1
Quick Filters
Critical CVEs With Exploits In CISA KEV