cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-45127,https://securityvulnerability.io/vulnerability/CVE-2024-45127,Adobe Commerce Vulnerable to Stored XSS Attacks,"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.",Adobe,Adobe Commerce,4.8,MEDIUM,0.0006300000241026282,false,false,false,false,,false,false,2024-10-10T09:58:06.189Z,0
CVE-2024-45128,https://securityvulnerability.io/vulnerability/CVE-2024-45128,Adobe Commerce Vulnerable to Improper Authorization Attacks,"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity and availability. Exploitation of this issue does not require user interaction.",Adobe,Adobe Commerce,5.4,MEDIUM,0.00046999999904073775,false,false,false,false,,false,false,2024-10-10T09:58:05.408Z,0
CVE-2024-45133,https://securityvulnerability.io/vulnerability/CVE-2024-45133,Adobe Commerce Vulnerability Could Lead to Information Exposure,"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction.",Adobe,Adobe Commerce,2.7,LOW,0.0006300000241026282,false,false,false,false,,false,false,2024-10-10T09:58:04.630Z,0
CVE-2024-45124,https://securityvulnerability.io/vulnerability/CVE-2024-45124,Adobe Commerce vulnerable to Improper Access Control vulnerability,"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.",Adobe,Adobe Commerce,5.3,MEDIUM,0.0006500000017695129,false,false,false,false,,false,false,2024-10-10T09:58:03.845Z,0
CVE-2024-45123,https://securityvulnerability.io/vulnerability/CVE-2024-45123,Reflected Cross-Site Scripting (XSS) Vulnerability Affects Adobe Commerce Versions,"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.",Adobe,Adobe Commerce,6.1,MEDIUM,0.0006500000017695129,false,false,false,false,,false,false,2024-10-10T09:58:03.098Z,0
CVE-2024-45121,https://securityvulnerability.io/vulnerability/CVE-2024-45121,Adobe Commerce Vulnerable to Improper Access Control,"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.",Adobe,Adobe Commerce,4.3,MEDIUM,0.00046999999904073775,false,false,false,false,,false,false,2024-10-10T09:58:02.296Z,0
CVE-2024-45115,https://securityvulnerability.io/vulnerability/CVE-2024-45115,Adobe Commerce Vulnerable to Improper Authentication and Privilege Escalation,"Adobe Commerce is susceptible to an improper authentication vulnerability that facilitates privilege escalation. This security flaw allows an attacker to exploit the system and gain unauthorized access or enhanced privileges within the application without requiring any user interaction. The vulnerability affects various versions of Adobe Commerce, making it essential for users and administrators to prioritize security updates and mitigate potential risks.",Adobe,Adobe Commerce,9.8,CRITICAL,0.0009800000116229057,false,false,false,false,,false,false,2024-10-10T09:58:01.453Z,0
CVE-2024-45117,https://securityvulnerability.io/vulnerability/CVE-2024-45117,Adobe Commerce Flaws Put Sensitive Data at Risk,"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, and 2.4.4-p10 are susceptible to an Improper Input Validation vulnerability. This flaw enables an administrator with malicious intent to exploit the improperly validated input, allowing unauthorized access to read sensitive files outside the designated directories. The exploitation can occur via a PHP filter chain without the need for user interaction, potentially leading to low availability of the affected service as well. The impact of this vulnerability underscores the need for immediate attention and remediation among affected users.",Adobe,Adobe Commerce,7.6,HIGH,0.0008999999845400453,false,false,false,false,,false,false,2024-10-10T09:58:00.638Z,0
CVE-2024-45116,https://securityvulnerability.io/vulnerability/CVE-2024-45116,Adobe Commerce Impacted by XSS Vulnerability Requiring User Interaction,"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, and earlier exhibit a Cross-Site Scripting vulnerability that allows attackers to execute arbitrary code. This vulnerability can be exploited if an administrator tricks a legitimate user into clicking a specially crafted link or submitting a malicious form. The exploitation relies on user interaction, which can result in unauthorized script execution within the user's browser, significantly compromising the confidentiality and integrity of the system. Organizations using affected versions should prioritize the implementation of available security updates to mitigate the potential risks associated.",Adobe,Adobe Commerce,8.1,HIGH,0.0005200000014156103,false,false,false,false,,false,false,2024-10-10T09:57:59.730Z,0
CVE-2024-45119,https://securityvulnerability.io/vulnerability/CVE-2024-45119,Adobe Commerce under attack: SSRF vulnerability exposed,"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.",Adobe,Adobe Commerce,4.9,MEDIUM,0.0006300000241026282,false,false,false,false,,false,false,2024-10-10T09:57:58.983Z,0
CVE-2024-45122,https://securityvulnerability.io/vulnerability/CVE-2024-45122,Adobe Commerce Vulnerable to Improper Access Control,"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction.",Adobe,Adobe Commerce,4.3,MEDIUM,0.00046999999904073775,false,false,false,false,,false,false,2024-10-10T09:57:58.231Z,0
CVE-2024-45135,https://securityvulnerability.io/vulnerability/CVE-2024-45135,Adobe Commerce Vulnerable to Improper Access Control,"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An admin attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.",Adobe,Adobe Commerce,2.7,LOW,0.0006300000241026282,false,false,false,false,,false,false,2024-10-10T09:57:57.455Z,0
CVE-2024-45120,https://securityvulnerability.io/vulnerability/CVE-2024-45120,Adobe Commerce Vulnerable to Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability,"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to a security feature bypass. An attacker could exploit this vulnerability to alter a condition between the check and the use of a resource, having a low impact on integrity. Exploitation of this issue requires user interaction.",Adobe,Adobe Commerce,3.1,LOW,0.0006500000017695129,false,false,false,false,,false,false,2024-10-10T09:57:56.691Z,0
CVE-2024-45130,https://securityvulnerability.io/vulnerability/CVE-2024-45130,Adobe Commerce Vulnerable to Improper Access Control Flaw,"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.",Adobe,Adobe Commerce,4.3,MEDIUM,0.00046999999904073775,false,false,false,false,,false,false,2024-10-10T09:57:55.895Z,0
CVE-2024-45132,https://securityvulnerability.io/vulnerability/CVE-2024-45132,Adobe Commerce Versions Affected by Improper Authorization Vulnerability,"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect confidentiality. Exploitation of this issue does not require user interaction.",Adobe,Adobe Commerce,6.5,MEDIUM,0.0005099999834783375,false,false,false,false,,false,false,2024-10-10T09:57:55.112Z,0
CVE-2024-45131,https://securityvulnerability.io/vulnerability/CVE-2024-45131,Adobe Commerce Vulnerabilities Could Lead to Security Feature Bypass,"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality and integrity. Exploitation of this issue does not require user interaction.",Adobe,Adobe Commerce,5.4,MEDIUM,0.00046999999904073775,false,false,false,false,,false,false,2024-10-10T09:57:54.346Z,0
CVE-2024-45148,https://securityvulnerability.io/vulnerability/CVE-2024-45148,Adobe Commerce Vulnerable to Improper Authentication Attacks,"An improper authentication vulnerability exists in Adobe Commerce affecting several versions, potentially allowing low-privileged attackers to bypass security mechanisms and gain unauthorized access to sensitive data and system functionalities. This vulnerability can be exploited without user interaction, making it easier for malevolent actors to leverage it for nefarious purposes. Organizations using the affected versions are urged to review their security measures and apply necessary patches to mitigate risks associated with this vulnerability.",Adobe,Adobe Commerce,8.8,HIGH,0.0005200000014156103,false,false,false,false,,false,false,2024-10-10T09:57:53.566Z,0
CVE-2024-45134,https://securityvulnerability.io/vulnerability/CVE-2024-45134,Adobe Commerce Under Attack: Vulnerability Could Lead to Security Feature Bypass,"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction.",Adobe,Adobe Commerce,2.7,LOW,0.0018899999558925629,false,false,false,false,,false,false,2024-10-10T09:57:52.772Z,0
CVE-2024-45129,https://securityvulnerability.io/vulnerability/CVE-2024-45129,"Adobe Commerce vulnerable to Improper Access Control, Privilege Escalation","Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.",Adobe,Adobe Commerce,4.3,MEDIUM,0.00046999999904073775,false,false,false,false,,false,false,2024-10-10T09:57:51.997Z,0
CVE-2024-45118,https://securityvulnerability.io/vulnerability/CVE-2024-45118,Adobe Commerce Vulnerable to Improper Access Control,"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have high impact on integrity. Exploitation of this issue does not require user interaction.",Adobe,Adobe Commerce,6.5,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2024-10-10T09:57:51.201Z,0
CVE-2024-45149,https://securityvulnerability.io/vulnerability/CVE-2024-45149,Adobe Commerce Vulnerable to Improper Access Control,"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction.",Adobe,Adobe Commerce,2.7,LOW,0.0006300000241026282,false,false,false,false,,false,false,2024-10-10T09:57:50.452Z,0
CVE-2024-45125,https://securityvulnerability.io/vulnerability/CVE-2024-45125,Adobe Commerce Faces Incorrect Authorization Vulnerability,"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to have a low impact on integrity. Exploitation of this issue does not require user interaction.",Adobe,Adobe Commerce,4.3,MEDIUM,0.00046999999904073775,false,false,false,false,,false,false,2024-10-10T09:57:49.672Z,0
CVE-2024-39419,https://securityvulnerability.io/vulnerability/CVE-2024-39419,Adobe Commerce Vulnerable to Improper Authorization Attacks,"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction.",Adobe,Adobe Commerce,4.3,MEDIUM,0.00046999999904073775,false,false,false,false,,false,false,2024-08-14T11:57:22.405Z,0
CVE-2024-39403,https://securityvulnerability.io/vulnerability/CVE-2024-39403,Adobe Commerce Stored XSS Vulnerability Affects Multiple Versions,"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9, and earlier are susceptible to a stored Cross-Site Scripting (XSS) vulnerability. This flaw allows attackers with low privileges to exploit vulnerable form fields by injecting malicious JavaScript, which can subsequently be executed in the browsers of users who access the compromised page. The potential impact includes the unauthorized exfiltration of sensitive information, posing serious confidentiality risks. Organizations using affected versions should take immediate steps to remediate this vulnerability.",Adobe,Adobe Commerce,7.6,HIGH,0.0005099999834783375,false,false,false,false,,false,false,2024-08-14T11:57:21.660Z,0
CVE-2024-39418,https://securityvulnerability.io/vulnerability/CVE-2024-39418,Adobe Commerce Vulnerable to Improper Authorization Bypass,"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures to view and edit low-sensitivity information. Exploitation of this issue does not require user interaction.",Adobe,Adobe Commerce,5.4,MEDIUM,0.00046999999904073775,false,false,false,false,,false,false,2024-08-14T11:57:20.916Z,0