Vulnerabilities > Adobe > Commerce > High

DATE CVE VULNERABILITY TITLE RISK
2024-06-13 CVE-2024-34108 Unspecified vulnerability in Adobe Commerce and Magento
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user.
network
low complexity
adobe
7.2
2024-06-13 CVE-2024-34111 Server-Side Request Forgery (SSRF) vulnerability in Adobe Commerce and Magento
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read.
network
low complexity
adobe CWE-918
8.8
2023-10-13 CVE-2023-38219 Unspecified vulnerability in Adobe Commerce and Magento
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.
network
low complexity
adobe
8.7
2023-09-12 CVE-2022-24093 Unspecified vulnerability in Adobe Commerce and Magento Open Source
Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability.
network
low complexity
adobe
7.2
2023-08-09 CVE-2023-38208 Unspecified vulnerability in Adobe Commerce
Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker.
network
low complexity
adobe
7.2
2023-06-15 CVE-2023-29297 Unspecified vulnerability in Adobe Commerce and Magento
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker.
network
low complexity
adobe
7.2
2023-03-27 CVE-2023-22247 Unspecified vulnerability in Adobe Commerce and Magento Open Source
Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an XML Injection vulnerability that could lead to arbitrary file system read.
network
low complexity
adobe
7.5
2022-08-16 CVE-2022-34253 Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an XML Injection vulnerability in the Widgets Module.
network
low complexity
adobe magento
7.2
2022-08-16 CVE-2022-34254 Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could be abused by an attacker to inject malicious scripts into the vulnerable endpoint.
network
low complexity
adobe magento
8.8
2022-08-16 CVE-2022-34255 Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in Privilege escalation.
network
low complexity
adobe magento
8.8