Vulnerabilities > Adobe > Magento

DATE CVE VULNERABILITY TITLE RISK
2023-10-13 CVE-2023-38221 Unspecified vulnerability in Adobe Commerce and Magento
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker.
network
high complexity
adobe
6.6
2023-10-13 CVE-2023-38249 Unspecified vulnerability in Adobe Commerce and Magento
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker.
network
high complexity
adobe
6.6
2023-10-13 CVE-2023-38250 Unspecified vulnerability in Adobe Commerce and Magento
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker.
network
high complexity
adobe
6.6
2023-06-15 CVE-2023-29289 Unspecified vulnerability in Adobe Commerce and Magento
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an XML Injection vulnerability.
network
low complexity
adobe
6.5
2023-06-15 CVE-2023-29290 Unspecified vulnerability in Adobe Commerce and Magento
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass.
network
low complexity
adobe
5.3
2023-06-15 CVE-2023-29291 Unspecified vulnerability in Adobe Commerce and Magento
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read.
network
low complexity
adobe
4.9
2023-06-15 CVE-2023-29297 Unspecified vulnerability in Adobe Commerce and Magento
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker.
network
low complexity
adobe
7.2
2021-01-13 CVE-2021-21013 Unspecified vulnerability in Adobe Magento
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module.
network
low complexity
adobe
8.1
2020-02-25 CVE-2020-8818 Origin Validation Error vulnerability in multiple products
An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2.
network
low complexity
cardgate adobe CWE-346
8.1