2023-06-15 | CVE-2023-29290 | Unspecified vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. network low complexity adobe | 5.3 |
2023-06-15 | CVE-2023-29291 | Unspecified vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. network low complexity adobe | 4.9 |
2023-06-15 | CVE-2023-29297 | Unspecified vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. network low complexity adobe | 7.2 |
2023-03-27 | CVE-2023-22247 | Unspecified vulnerability in Adobe Commerce and Magento Open Source Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an XML Injection vulnerability that could lead to arbitrary file system read. network low complexity adobe | 7.5 |
2022-10-14 | CVE-2022-35698 | Unspecified vulnerability in Adobe Commerce and Magento Open Source Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by a Stored Cross-site Scripting vulnerability. network low complexity adobe | 5.4 |
2022-08-16 | CVE-2022-34253 | Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an XML Injection vulnerability in the Widgets Module. | 7.2 |
2022-08-16 | CVE-2022-34254 | Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could be abused by an attacker to inject malicious scripts into the vulnerable endpoint. | 8.8 |
2022-08-16 | CVE-2022-34255 | Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in Privilege escalation. | 8.8 |
2022-08-16 | CVE-2022-34256 | Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Authorization vulnerability that could result in Privilege escalation. | 9.8 |
2022-08-16 | CVE-2022-34259 | Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. | 5.3 |