magento

380 tracked vulnerabilities.

CVE-2024-39409 MEDIUM
Adobe Commerce < 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 - Cross-Site Request Forgery
Aug 14, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-39408 MEDIUM
Adobe Commerce 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier - Cross-Site Request Forgery
Aug 14, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-39407 MEDIUM
Adobe Commerce < 2.4.3 - Improper Authorization
Aug 14, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-39406 MEDIUM
Adobe Commerce 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier - Authenticated Path Traversal and Arbitrary File Read
Aug 14, 2024
CVSS 6.8
EPSS 0.01
CVE-2024-39405 MEDIUM
Adobe Commerce 2.4.7-p1 2.4.6-p6 2.4.5-p8 2.4.4-p9 and earlier - Security Feature Bypass via Improper Authorization
Aug 14, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-39404 MEDIUM
Adobe Commerce < 2.4.3 - Improper Authorization
Aug 14, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-39403 HIGH
Adobe Commerce 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier - Stored Cross-Site Scripting in Form Fields
Aug 14, 2024
CVSS 7.6
EPSS 0.03
CVE-2024-39402 HIGH
Adobe Commerce < 2.4.3 - Authenticated OS Command Injection
Aug 14, 2024
CVSS 8.4
EPSS 0.03
CVE-2024-39401 HIGH
Adobe Commerce 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier - Authenticated OS Command Injection
Aug 14, 2024
CVSS 8.4
EPSS 0.03
CVE-2024-39400 HIGH
Adobe Commerce 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier - DOM-based Cross-Site Scripting
Aug 14, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-39399 HIGH
Adobe Commerce < 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 - Path Traversal and Arbitrary File Read
Aug 14, 2024
CVSS 7.7
EPSS 0.01
CVE-2024-39398 HIGH
Adobe Commerce < 2.4.3 - Improper Restriction of Excessive Authentication Attempts
Aug 14, 2024
CVSS 7.4
EPSS 0.00
CVE-2024-34111 MEDIUM
Adobe Commerce 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier - Authenticated Server-Side Request Forgery
Jun 13, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-34107 MEDIUM
Adobe Commerce <2.4.7 - Privilege Escalation
Jun 13, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-34106 MEDIUM
Adobe Commerce <2.4.7 - Auth Bypass
Jun 13, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-34105 MEDIUM
Adobe Commerce 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier - Stored Cross-Site Scripting in Form Fields
Jun 13, 2024
CVSS 4.8
EPSS 0.02
CVE-2024-34104 HIGH
Adobe Commerce <2.4.7 - Auth Bypass
Jun 13, 2024
CVSS 8.2
EPSS 0.01
CVE-2024-34103 HIGH
Adobe Commerce <2.4.7 - Privilege Escalation
Jun 13, 2024
CVSS 8.1
EPSS 0.02
CVE-2024-34102 CRITICAL KEVNUCLEI
Adobe Commerce and Magento - XML External Entity Injection to Code Execution
Jun 13, 2024
CVSS 9.8
EPSS 0.94
CVE-2024-20759 HIGH
Adobe Commerce 2.4.4-p7 2.4.5-p6 2.4.6-p4 2.4.7-beta3 - Stored Cross-Site Scripting in Form Fields
Apr 10, 2024
CVSS 8.1
EPSS 0.02
CVE-2024-20758 CRITICAL
Adobe Commerce <2.4.6-p4-2.4.7-beta3 - RCE
Apr 10, 2024
CVSS 9.0
EPSS 0.02
CVE-2024-20720 CRITICAL
Adobe Commerce <2.4.6-p3, 2.4.5-p5, 2.4.4-p6 - Code Injection
Feb 15, 2024
CVSS 9.1
EPSS 0.07
CVE-2024-20719 CRITICAL
Adobe Commerce <2.4.6-p3-2.4.4-p6 - XSS
Feb 15, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-20718 MEDIUM
Adobe Commerce <2.4.6-p3-2.4.4-p6 - CSRF
Feb 15, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-20716 MEDIUM
Adobe Commerce 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier - Denial of Service via Uncontrolled Resource Consumption
Feb 15, 2024
CVSS 4.9
EPSS 0.00
Products
community-edition 355 magento 221 project-community-edition 161 core 24 product-community-edition 4 advanced_newsletter 1 magento1ce 1 magento1ee 1 magento2 1 upward_connector 1 upward_php 1
Quick Filters
Critical CVEs With Exploits In CISA KEV