magento

380 tracked vulnerabilities.

CVE-2023-38251 MEDIUM
Adobe Commerce <2.4.7-beta1-2.4.4-p5 - DoS
Oct 13, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-38250 HIGH
Adobe Commerce SQL Injection (2.4.7-beta1, 2.4.6-p2, 2.4.5-p4, 2.4.4-p5)
Oct 13, 2023
CVSS 8.0
EPSS 0.02
CVE-2023-38249 HIGH
Adobe Commerce <=2.4.7-beta1, <=2.4.6-p2, <=2.4.5-p4, <=2.4.4-p5 - Authenticated SQL Injection
Oct 13, 2023
CVSS 8.0
EPSS 0.02
CVE-2023-38221 HIGH
Adobe Commerce <=2.4.7-beta1, <=2.4.6-p2, <=2.4.5-p4, <=2.4.4-p5 - Authenticated SQL Injection
Oct 13, 2023
CVSS 8.0
EPSS 0.02
CVE-2023-38220 HIGH
Adobe Commerce <2.4.7-beta1-2.4.4-p5 - Auth Bypass
Oct 13, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-38219 HIGH
Adobe Commerce <2.4.7-beta1-2.4.4-p5 - XSS
Oct 13, 2023
CVSS 8.7
EPSS 0.02
CVE-2023-38218 HIGH
Adobe Commerce <=2.4.7-beta1, <=2.4.6-p2, <=2.4.5-p4, <=2.4.4-p5 - Authenticated Info Exposure & Privilege Escalation
Oct 13, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-26367 MEDIUM
Adobe Commerce <2.4.7-beta1, 2.4.6-p2, 2.4.5-p4, 2.4.4-p5 - Info Di...
Oct 13, 2023
CVSS 4.9
EPSS 0.00
CVE-2023-26366 MEDIUM
Adobe Commerce <=2.4.7-beta1, <=2.4.6-p2, <=2.4.5-p4, <=2.4.4-p5 - SSRF
Oct 13, 2023
CVSS 6.8
EPSS 0.00
CVE-2023-38209 MEDIUM
Adobe Commerce <= 2.4.6-p1, <= 2.4.5-p3, <= 2.4.4-p4 - Incorrect Authorization
Aug 09, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-38208 CRITICAL
Adobe Commerce <2.4.6-p1, 2.4.5-p3, 2.4.4-p4 - Code Injection
Aug 09, 2023
CVSS 9.1
EPSS 0.04
CVE-2023-38207 HIGH
Adobe Commerce <2.4.6-p1, <2.4.5-p3, <2.4.4-p4 - XML Injection
Aug 09, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-29297 CRITICAL
Adobe Commerce <= 2.4.6, <= 2.4.5-p2, <= 2.4.4-p3 - Authenticated Remote Code Execution via Template Injection
Jun 15, 2023
CVSS 9.1
EPSS 0.09
CVE-2023-29296 MEDIUM
Adobe Commerce <2.4.6 - Auth Bypass
Jun 15, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-29295 MEDIUM
Adobe Commerce <2.4.6 - Auth Bypass
Jun 15, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-29294 MEDIUM
Adobe Commerce <2.4.6 - Security Feature Bypass
Jun 15, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-29293 LOW
Adobe Commerce <2.4.6-<2.4.5-p2-<2.4.4-p3 - Security Feature Bypass
Jun 15, 2023
CVSS 2.7
EPSS 0.00
CVE-2023-29292 MEDIUM
Adobe Commerce 2.4.6 and earlier - Authenticated Server-Side Request Forgery
Jun 15, 2023
CVSS 4.9
EPSS 0.00
CVE-2023-29291 MEDIUM
Adobe Commerce 2.4.6 and earlier - Authenticated Server-Side Request Forgery
Jun 15, 2023
CVSS 4.9
EPSS 0.01
CVE-2023-29290 MEDIUM
Adobe Commerce <2.4.6-<2.4.5-p2-<2.4.4-p3 - Auth Bypass
Jun 15, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-29289 MEDIUM
Adobe Commerce <2.4.6 - XML Injection
Jun 15, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-29288 MEDIUM
Adobe Commerce <2.4.6 - Auth Bypass
Jun 15, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-29287 MEDIUM
Adobe Commerce <2.4.6 - Info Disclosure
Jun 15, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-22248 HIGH
Adobe Commerce <2.4.6 - Auth Bypass
Jun 15, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-22251 MEDIUM
Adobe Commerce <2.4.4-p2, <2.4.5-p1 - Info Disclosure
Mar 27, 2023
CVSS 4.3
EPSS 0.00
Products
community-edition 355 magento 221 project-community-edition 161 core 24 product-community-edition 4 advanced_newsletter 1 magento1ce 1 magento1ee 1 magento2 1 upward_connector 1 upward_php 1
Quick Filters
Critical CVEs With Exploits In CISA KEV