magento

380 tracked vulnerabilities.

CVE-2023-22250 MEDIUM
Adobe Commerce <2.4.4-p2, 2.4.5-p1 - Auth Bypass
Mar 27, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-22249 MEDIUM
Adobe Commerce < 2.4.4-p2 and 2.4.5-p1 - Stored Cross-Site Scripting in Form Fields
Mar 27, 2023
CVSS 4.8
EPSS 0.05
CVE-2023-22247 HIGH
Adobe Commerce <2.4.4-p2, 2.4.5-p1 - XML Injection
Mar 27, 2023
CVSS 7.5
EPSS 0.05
CVE-2022-24093 CRITICAL
Adobe Commerce <2.4.3-p1, <2.3.7-p2 - Code Injection
Sep 12, 2023
CVSS 9.1
EPSS 0.01
CVE-2022-42344 HIGH
Adobe Commerce < 2.3.7-p4 - Authenticated Incorrect Authorization
Oct 20, 2022
CVSS 8.8
EPSS 0.00
CVE-2022-35698 CRITICAL
Adobe Commerce <2.4.4-p1, <2.4.5 - XSS
Oct 14, 2022
CVSS 10.0
EPSS 0.02
CVE-2022-35689 MEDIUM
Adobe Commerce <2.4.4-p1, 2.4.5 - Auth Bypass
Oct 14, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-35692 MEDIUM
Adobe Commerce <2.4.3-p2, 2.3.7-p3, 2.4.4 - Info Disclosure
Aug 19, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-34259 MEDIUM
Adobe Commerce <2.4.3-p2, 2.3.7-p3, 2.4.4 - Security Feature Bypass
Aug 16, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-34258 MEDIUM
Adobe Commerce <2.4.3-p2, 2.3.7-p3, 2.4.4 - XSS
Aug 16, 2022
CVSS 4.8
EPSS 0.16
CVE-2022-34257 MEDIUM
Adobe Commerce <2.4.3-p2, 2.3.7-p3, 2.4.4 - XSS
Aug 16, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-34256 HIGH
Adobe Commerce <2.4.3-p2, 2.3.7-p3, 2.4.4 - Privilege Escalation
Aug 16, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-34255 HIGH
Adobe Commerce <2.4.3-p2, 2.3.7-p3, 2.4.4 - Privilege Escalation
Aug 16, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-34254 HIGH
Adobe Commerce <2.4.3-p2, 2.3.7-p3, 2.4.4 - Path Traversal
Aug 16, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-34253 HIGH
Adobe Commerce <2.4.3-p2, 2.3.7-p3, 2.4.4 - Code Injection
Aug 16, 2022
CVSS 7.2
EPSS 0.37
CVE-2022-24086 CRITICAL KEVNUCLEI
Adobe Commerce <2.4.3-p1, <2.3.7-p2 - RCE
Feb 16, 2022
CVSS 9.8
EPSS 0.94
CVE-2021-36036 HIGH
Magento <2.4.2-2.3.7 - Privilege Escalation
Sep 06, 2023
CVSS 7.2
EPSS 0.01
CVE-2021-36023 CRITICAL
Magento Commerce <2.4.2-2.3.7 - Code Injection
Sep 06, 2023
CVSS 9.1
EPSS 0.13
CVE-2021-36021 HIGH
Magento < 2.3.7-p1 - Authenticated Remote Code Execution via CMS Page Scheduled Update
Sep 06, 2023
CVSS 7.2
EPSS 0.01
CVE-2021-39864 MEDIUM
Adobe Commerce < 2.3.7 and 2.4.2-p1-2.4.3 - Cross-Site Request Forgery via Wishlist Share Link
Oct 15, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-28567 MEDIUM
Magento < 2.4.2 - Authenticated Improper Authorization in Customers Module
Sep 08, 2021
CVSS 6.5
EPSS 0.00
CVE-2021-28566 LOW
Magento < 2.4.2 - Authenticated Information Disclosure via Product Image Upload
Sep 08, 2021
CVSS 3.7
EPSS 0.01
CVE-2021-36044 HIGH
Magento Commerce <2.4.2-2.3.7 - DoS
Sep 01, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-36043 HIGH
Magento Commerce <2.4.2-2.3.7 - Blind SSRF
Sep 01, 2021
CVSS 8.0
EPSS 0.03
CVE-2021-36042 CRITICAL
Adobe Commerce/Magento Open Source <=2.4.2-p1 - Admin File Upload Code Execution
Sep 01, 2021
CVSS 9.1
EPSS 0.04
Products
community-edition 355 magento 221 project-community-edition 161 core 24 product-community-edition 4 advanced_newsletter 1 magento1ce 1 magento1ee 1 magento2 1 upward_connector 1 upward_php 1
Quick Filters
Critical CVEs With Exploits In CISA KEV