High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-09-06	CVE-2021-36021	Improper Input Validation vulnerability in Magento Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an Improper input validation vulnerability within the CMS page scheduled update feature. network low complexity magento CWE-20	7.2
2023-09-06	CVE-2021-36023	OS Command Injection vulnerability in Magento Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Update Layout. network low complexity magento CWE-78	7.2
2023-09-06	CVE-2021-36036	Improper Access Control vulnerability in Magento Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper access control vulnerability within Magento's Media Gallery Upload workflow. network low complexity magento CWE-284	7.2
2022-10-20	CVE-2022-42344	Incorrect Authorization vulnerability in multiple products Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Incorrect Authorization vulnerability. network low complexity magento adobe CWE-863	8.8
2022-08-16	CVE-2022-34253	XML Injection (aka Blind XPath Injection) vulnerability in multiple products Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an XML Injection vulnerability in the Widgets Module. network low complexity adobe magento CWE-91	7.2
2022-08-16	CVE-2022-34254	Path Traversal vulnerability in multiple products Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could be abused by an attacker to inject malicious scripts into the vulnerable endpoint. network low complexity adobe magento CWE-22	8.8
2020-07-29	CVE-2020-9692	Incorrect Authorization vulnerability in Magento Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a security mitigation bypass vulnerability. network magento CWE-863	8.5
2020-07-29	CVE-2020-9689	Path Traversal vulnerability in Magento Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a path traversal vulnerability. network magento CWE-22	8.5
2020-07-22	CVE-2020-9664	Code Injection vulnerability in Magento Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a php object injection vulnerability. network low complexity magento CWE-94	7.5
2020-06-26	CVE-2020-9630	Improper Privilege Management vulnerability in Magento Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a business logic error vulnerability. network low complexity magento CWE-269	7.5