cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-24422,https://securityvulnerability.io/vulnerability/CVE-2025-24422,Improper Access Control Vulnerability in Adobe Commerce,"Adobe Commerce versions 2.4.7-beta1 through 2.4.4-p11 and earlier are vulnerable to an Improper Access Control issue, allowing low-privileged attackers to potentially bypass security measures and gain unauthorized access. This vulnerability does not necessitate user interaction for exploitation, increasing its risk profile. Users are encouraged to apply necessary patches to mitigate potential threats.",Adobe,Adobe Commerce,6.5,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:37:55.917Z,0
CVE-2025-24414,https://securityvulnerability.io/vulnerability/CVE-2025-24414,Stored XSS Vulnerability in Adobe Commerce Products,"Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are susceptible to a stored Cross-Site Scripting (XSS) vulnerability. This flaw allows low-privileged attackers to inject malicious scripts into form fields that remain persistent on the server. As a result, when victims visit the affected pages, they may execute arbitrary JavaScript within their browsers. This exploitation potentially leads to session takeover and threatens both confidentiality and integrity of user data.",Adobe,Adobe Commerce,8.7,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:37:55.122Z,0
CVE-2025-24437,https://securityvulnerability.io/vulnerability/CVE-2025-24437,Improper Access Control in Adobe Commerce Products,"Adobe Commerce is affected by an Improper Access Control vulnerability that allows low-privileged attackers to bypass security measures and gain elevated privileges. Exploitation of this vulnerability does not require any user interaction, making it a significant risk for affected versions. The vulnerability can lead to unauthorized access and control over sensitive portions of the application, necessitating immediate attention and remediation.",Adobe,Adobe Commerce,5.4,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:37:54.305Z,0
CVE-2025-24434,https://securityvulnerability.io/vulnerability/CVE-2025-24434,Improper Authorization Flaw in Adobe Commerce Products,"Adobe Commerce versions are susceptible to an improper authorization vulnerability, allowing attackers to bypass security controls and escalate privileges without user interaction. This flaw could lead to unauthorized access and potential session takeover, posing risks to the confidentiality and integrity of sensitive data. Organizations using affected versions should prioritize patches and updates to mitigate the risk of exploitation.",Adobe,Adobe Commerce,9.1,CRITICAL,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:37:53.501Z,0
CVE-2025-24415,https://securityvulnerability.io/vulnerability/CVE-2025-24415,Stored Cross-Site Scripting Vulnerability in Adobe Commerce,"Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, and earlier are vulnerable to a stored Cross-Site Scripting (XSS) flaw. This security issue permits low-privileged attackers to inject harmful scripts into unprotected form fields, which may lead to the execution of malicious JavaScript in a user's browser. If exploited, this vulnerability allows an attacker to hijack user sessions, consequently jeopardizing sensitive data and undermining system integrity.",Adobe,Adobe Commerce,8.7,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:37:52.600Z,0
CVE-2025-24411,https://securityvulnerability.io/vulnerability/CVE-2025-24411,Improper Access Control in Adobe Commerce Products,"Adobe Commerce versions are susceptible to an improper access control vulnerability, allowing low-privileged attackers to exploit security feature bypasses without user interaction. This can lead to unauthorized access to sensitive areas of the application, highlighting the necessity for timely updates and security measures to safeguard user data.",Adobe,Adobe Commerce,8.1,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:37:51.772Z,0
CVE-2025-24416,https://securityvulnerability.io/vulnerability/CVE-2025-24416,Stored Cross-Site Scripting Vulnerability in Adobe Commerce,"Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, and earlier versions are susceptible to a stored Cross-Site Scripting (XSS) vulnerability. A low-privileged attacker can exploit this flaw by injecting malicious scripts into vulnerable form fields, which may then execute in a victim's browser when they access the affected page. This exploitation could lead to session takeover and compromise the confidentiality and integrity of user data.",Adobe,Adobe Commerce,8.7,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:37:50.979Z,0
CVE-2025-24420,https://securityvulnerability.io/vulnerability/CVE-2025-24420,Incorrect Authorization Vulnerability in Adobe Commerce,"Adobe Commerce, including versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, and 2.4.4-p11, is vulnerable to an Incorrect Authorization issue, allowing low-privileged attackers to bypass security features and execute unauthorized actions. This vulnerability does not necessitate user interaction, making it a potential risk for organizations using affected versions.",Adobe,Adobe Commerce,4.3,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:37:50.175Z,0
CVE-2025-24413,https://securityvulnerability.io/vulnerability/CVE-2025-24413,Stored Cross-Site Scripting Vulnerability in Adobe Commerce Products,"Adobe Commerce is vulnerable to a stored Cross-Site Scripting (XSS) issue that allows low-privileged attackers to inject malicious scripts into form fields. When users interact with affected pages, these scripts may execute in the context of their browser, potentially leading to session hijacking and compromising user data. This underscores the importance of timely updates and best practices in web security.",Adobe,Adobe Commerce,8.7,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:37:49.367Z,0
CVE-2025-24419,https://securityvulnerability.io/vulnerability/CVE-2025-24419,Incorrect Authorization Vulnerability in Adobe Commerce,"Adobe Commerce contains an Incorrect Authorization vulnerability that allows low-privileged attackers to bypass security features and execute actions without proper permissions. This security flaw does not require user interaction, making it particularly concerning for system integrity. Users of affected versions should take immediate precautions to mitigate the risks associated with this vulnerability, as it opens the door for unauthorized actions within the system.",Adobe,Adobe Commerce,4.3,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:37:48.559Z,0
CVE-2025-24432,https://securityvulnerability.io/vulnerability/CVE-2025-24432,Race Condition Vulnerability in Adobe Commerce Products,"Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are susceptible to a time-of-check time-of-use (TOCTOU) race condition vulnerability, allowing a potential security feature bypass. This occurs when an attacker is able to exploit the timing difference between checking a condition and using it, which could potentially compromise security mechanisms. Successful exploitation requires user interaction, emphasizing the need for awareness and preventive measures to safeguard affected Adobe Commerce installations.",Adobe,Adobe Commerce,3.7,LOW,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:37:47.754Z,0
CVE-2025-24424,https://securityvulnerability.io/vulnerability/CVE-2025-24424,Improper Access Control in Adobe Commerce Products,"Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are vulnerable due to an improper access control issue. This flaw may allow a low-privileged attacker to bypass inherent security mechanisms without needing user interaction, potentially leading to unauthorized access. Organizations using affected versions should review security measures and apply appropriate updates to mitigate risks.",Adobe,Adobe Commerce,6.5,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:37:46.958Z,0
CVE-2025-24430,https://securityvulnerability.io/vulnerability/CVE-2025-24430,Race Condition Vulnerability in Adobe Commerce Software,"Adobe Commerce is affected by a Time-of-check Time-of-use (TOCTOU) race condition vulnerability that can allow an attacker to bypass security mechanisms. This vulnerability occurs when the system's check on a condition can be altered by an attacker after the check has been performed but before the condition is utilized. Successful exploitation of this vulnerability necessitates user interaction, providing an opportunity for potential exploitation if proper safeguards are not enforced. Organizations utilizing affected versions of Adobe Commerce are urged to review their security measures and stay updated with the vendor's recommendations.",Adobe,Adobe Commerce,3.7,LOW,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:37:46.142Z,0
CVE-2025-24429,https://securityvulnerability.io/vulnerability/CVE-2025-24429,Improper Access Control in Adobe Commerce Affects Multiple Versions,"Adobe Commerce is affected by an Improper Access Control vulnerability that allows a low-privileged attacker to bypass security features. This vulnerability grants unauthorized access without requiring user interaction, potentially leading to severe consequences for systems relying on these versions. It is crucial for organizations using affected versions to assess their exposure and apply necessary mitigations.",Adobe,Adobe Commerce,3.5,LOW,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:37:45.344Z,0
CVE-2025-24436,https://securityvulnerability.io/vulnerability/CVE-2025-24436,Improper Access Control Vulnerability in Adobe Commerce Products,"Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are susceptible to an Improper Access Control vulnerability. This flaw allows an attacker to escalate privileges, potentially granting them unauthorized access to sensitive resources. The vulnerability can be exploited without requiring any user interaction, making it critical for users to remain vigilant and apply the recommended remediation as detailed in the vendor's security advisory.",Adobe,Adobe Commerce,4.3,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:37:44.529Z,0
CVE-2025-24407,https://securityvulnerability.io/vulnerability/CVE-2025-24407,Incorrect Authorization Vulnerability in Adobe Commerce,"The Incorrect Authorization vulnerability in Adobe Commerce allows attackers to bypass security features, leading to unauthorized actions without requiring user interaction. This flaw affects multiple versions, including the beta and patches of 2.4.7, and may expose sensitive functionalities, risking the integrity and confidentiality of user data. Organizations using affected versions should prioritize applying security updates.",Adobe,Adobe Commerce,7.1,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:37:43.703Z,0
CVE-2025-24438,https://securityvulnerability.io/vulnerability/CVE-2025-24438,Stored Cross-Site Scripting Vulnerability in Adobe Commerce by Adobe,"Adobe Commerce is susceptible to a stored Cross-Site Scripting (XSS) vulnerability that allows low-privileged attackers to inject harmful scripts into susceptible form fields. When users visit a page containing the compromised field, malicious JavaScript may execute in their browsers, leading to potential session hijacking and undermining the integrity and confidentiality of user data. This vulnerability emphasizes the necessity for prompt updates and robust security practices to protect against such exploits.",Adobe,Adobe Commerce,8.7,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:37:42.877Z,0
CVE-2025-24423,https://securityvulnerability.io/vulnerability/CVE-2025-24423,Improper Access Control in Adobe Commerce Could Lead to Privilege Escalation,"Adobe Commerce is vulnerable due to an Improper Access Control issue that may allow low-privileged attackers to bypass security measures and gain unauthorized access. The exploitation of this vulnerability does not necessitate user interaction, making it especially concerning. Users of Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, and earlier should take immediate action to mitigate the associated risks as outlined in the vendor's advisory.",Adobe,Adobe Commerce,4.3,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:37:42.046Z,0
CVE-2025-24418,https://securityvulnerability.io/vulnerability/CVE-2025-24418,Improper Authorization Vulnerability in Adobe Commerce by Adobe,"Adobe Commerce is affected by an improper authorization vulnerability that may lead to privilege escalation. This issue allows a low-privileged attacker to bypass established security measures, thereby gaining unauthorized access to restricted functionalities. The exploitation of this vulnerability does not require any user interaction, making it a potential risk for organizations using the impacted versions.",Adobe,Adobe Commerce,8.1,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:37:41.236Z,0
CVE-2025-24406,https://securityvulnerability.io/vulnerability/CVE-2025-24406,Path Traversal Vulnerability in Adobe Commerce Products,"An improper limitation of a pathname to a restricted directory vulnerability exists in Adobe Commerce, allowing attackers to bypass security features. Malicious actors can exploit this flaw to alter files located outside the intended restricted directories without any user interaction. This vulnerability affects multiple versions of Adobe Commerce, highlighting the need for immediate assessment and remediation to protect sensitive data.",Adobe,Adobe Commerce,7.5,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:37:40.430Z,0
CVE-2025-24417,https://securityvulnerability.io/vulnerability/CVE-2025-24417,Stored Cross-Site Scripting Vulnerability in Adobe Commerce,"Adobe Commerce is susceptible to a stored Cross-Site Scripting (XSS) vulnerability that allows low-privileged attackers to inject malicious scripts into form fields. If exploited, this vulnerability can result in malicious JavaScript being executed in the browser of users who visit a page containing the compromised field. The implications include potential session hijacking, posing serious risks to the confidentiality and integrity of user data.",Adobe,Adobe Commerce,8.7,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:37:39.575Z,0
CVE-2025-24409,https://securityvulnerability.io/vulnerability/CVE-2025-24409,Improper Authorization Vulnerability in Adobe Commerce,"Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, and 2.4.4-p11, along with earlier versions, are susceptible to a vulnerability that enables attackers to bypass security measures due to improper authorization controls. This flaw could potentially allow unauthorized access, posing risks to both confidentiality and data integrity. Importantly, exploiting this vulnerability does not necessitate any user interaction, thereby increasing the threat profile for affected systems.",Adobe,Adobe Commerce,8.2,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:37:38.725Z,0
CVE-2025-24425,https://securityvulnerability.io/vulnerability/CVE-2025-24425,Business Logic Error in Adobe Commerce Affects Multiple Versions,"Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, and earlier are compromised by a Business Logic Error vulnerability. This issue allows attackers to exploit application logic, leading to potential security feature bypass. Through this manipulation, an attacker can alter the application’s operations, resulting in limited modifications to data without any user interaction required. It’s crucial for users to assess their systems and apply necessary updates to mitigate the risk posed by this vulnerability.",Adobe,Adobe Commerce,5.3,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:37:37.917Z,0
CVE-2025-24421,https://securityvulnerability.io/vulnerability/CVE-2025-24421,Incorrect Authorization in Adobe Commerce Products,"Adobe Commerce versions up to 2.4.7-beta1 contain an Incorrect Authorization vulnerability that allows low-privileged attackers to bypass security features and perform unauthorized actions. This vulnerability does not require user interaction, making it critical for users of affected versions to apply necessary updates to mitigate potential exploits.",Adobe,Adobe Commerce,4.3,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:37:37.036Z,0
CVE-2025-24412,https://securityvulnerability.io/vulnerability/CVE-2025-24412,Stored Cross-Site Scripting Vulnerability in Adobe Commerce Product,"A stored Cross-Site Scripting vulnerability in Adobe Commerce allows attackers with low privileges to inject malicious scripts into vulnerable form fields. When users access pages containing these fields, the injected JavaScript executes in their browsers. This can potentially lead to session hijacking, compromising user confidentiality and integrity.",Adobe,Adobe Commerce,8.7,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T17:37:36.216Z,0