cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-49521,https://securityvulnerability.io/vulnerability/CVE-2024-49521,SSRF Vulnerability in Adobe Commerce Affecting Earlier Versions,"A vulnerability exists in Adobe Commerce versions 3.2.5 and earlier, characterized as a Server-Side Request Forgery (SSRF). This flaw permits low privileged attackers to send crafted requests from the compromised server to internal systems. This capability can allow them to circumvent established security protocols, such as firewalls, revealing potential exposure of sensitive resources. Notably, exploitation of this vulnerability does not require any user interaction, making the risk particularly concerning.",Adobe,"Commerce,Magento",7.7,HIGH,0.0005099999834783375,false,,false,false,false,,,false,false,,2024-11-12T17:15:00.000Z,0
CVE-2023-38208,https://securityvulnerability.io/vulnerability/CVE-2023-38208,Validate Your Inputs | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78),"Adobe Commerce is susceptible to an OS Command Injection vulnerability, affecting versions 2.4.6-p1 and earlier, as well as 2.4.5-p3 and earlier, and 2.4.4-p4 and earlier. This vulnerability allows authenticated users with admin privileges to exploit the system and execute arbitrary code without requiring any user interaction. The flaw arises from improper handling of special elements in OS commands, which may lead to severe security implications if left unaddressed.",Adobe,Magento Commerce,7.2,HIGH,0.0016400000313296914,false,,false,false,false,,,false,false,,2023-08-09T08:15:00.000Z,0
CVE-2023-38209,https://securityvulnerability.io/vulnerability/CVE-2023-38209,Adobe Commerce Incorrect Authorization Security feature bypass,"Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Incorrect Authorization vulnerability that could lead to a Security feature bypass. A low-privileged attacker could leverage this vulnerability to access other user's data. Exploitation of this issue does not require user interaction.",Adobe,Magento Commerce,6.5,MEDIUM,0.0007900000200606883,false,,false,false,false,,,false,false,,2023-08-09T08:15:00.000Z,0
CVE-2023-29290,https://securityvulnerability.io/vulnerability/CVE-2023-29290,"Adobe Commerce Guest Cart Shipping Address Overwrite IDOR ","Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction.",Adobe,Magento Commerce,5.3,MEDIUM,0.0009399999980814755,false,,false,false,false,,,false,false,,2023-06-15T00:00:00.000Z,0
CVE-2023-29292,https://securityvulnerability.io/vulnerability/CVE-2023-29292,Server Side Request Forgery (SSRF) in FedEx carrier integration configuration,"Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.",Adobe,Magento Commerce,4.9,MEDIUM,0.000699999975040555,false,,false,false,false,,,false,false,,2023-06-15T00:00:00.000Z,0
CVE-2023-29291,https://securityvulnerability.io/vulnerability/CVE-2023-29291,Server Side Request Forgery (SSRF) in USPS carrier integration configuration,"Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.",Adobe,Magento Commerce,4.9,MEDIUM,0.000859999970998615,false,,false,false,false,,,false,false,,2023-06-15T00:00:00.000Z,0
CVE-2023-29295,https://securityvulnerability.io/vulnerability/CVE-2023-29295,Insecure Direct Object Reference (IDOR) in Create Quote Function,"Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction.",Adobe,Magento Commerce,4.3,MEDIUM,0.0006699999794363976,false,,false,false,false,,,false,false,,2023-06-15T00:00:00.000Z,0
CVE-2023-29297,https://securityvulnerability.io/vulnerability/CVE-2023-29297,Admin-to-admin stored XSS via cache poisoning,"Adobe Commerce is susceptible to an improper neutralization vulnerability in its template engine. This flaw allows an authenticated attacker with admin privileges to execute arbitrary code without requiring any user interaction. Affected versions include 2.4.6 and earlier, 2.4.5-p2 and earlier, and 2.4.4-p3 and earlier. It is crucial for administrators to apply security patches and monitor their systems to mitigate potential risks associated with this vulnerability.",Adobe,Magento Commerce,7.2,HIGH,0.0013099999632686377,false,,false,false,false,,,false,false,,2023-06-15T00:00:00.000Z,0
CVE-2023-22248,https://securityvulnerability.io/vulnerability/CVE-2023-22248,Adobe Commerce Incorrect Authorization Security feature bypass,"Adobe Commerce versions 2.4.6 and earlier, including 2.4.5-p2 and 2.4.4-p3, are affected by an Incorrect Authorization vulnerability that allows attackers to bypass security features. This issue can lead to unauthorized data leakage of another user's information without requiring any user interaction. Administrators should take immediate action to apply the necessary security updates to safeguard their systems from potential exploitation.",Adobe,Magento Commerce,7.5,HIGH,0.0006699999794363976,false,,false,false,false,,,false,false,,2023-06-15T00:00:00.000Z,0
CVE-2023-29287,https://securityvulnerability.io/vulnerability/CVE-2023-29287,Adobe Commerce Information Exposure Security feature bypass,"Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Information Exposure vulnerability that could lead to a security feature bypass. An attacker could leverage this vulnerability to leak minor user data. Exploitation of this issue does not require user interaction..",Adobe,Magento Commerce,5.3,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2023-06-15T00:00:00.000Z,0
CVE-2023-29294,https://securityvulnerability.io/vulnerability/CVE-2023-29294,Bypass Purchase Order Approval using Company User in Adobe Commerce B2B,"Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Business Logic Errors vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction.",Adobe,Magento Commerce,4.3,MEDIUM,0.0006699999794363976,false,,false,false,false,,,false,false,,2023-06-15T00:00:00.000Z,0
CVE-2023-29296,https://securityvulnerability.io/vulnerability/CVE-2023-29296,[Cloud] Customer suspects IDOR vulnerability,"Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to modify a minor functionality of another user's data. Exploitation of this issue does not require user interaction.",Adobe,Magento Commerce,4.3,MEDIUM,0.0006699999794363976,false,,false,false,false,,,false,false,,2023-06-15T00:00:00.000Z,0
CVE-2023-29289,https://securityvulnerability.io/vulnerability/CVE-2023-29289,Adobe Commerce XML Injection Security feature bypass,"Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an XML Injection vulnerability. An attacker with low privileges can trigger a specially crafted script to a security feature bypass. Exploitation of this issue does not require user interaction.",Adobe,Magento Commerce,6.5,MEDIUM,0.0010900000343099236,false,,false,false,false,,,false,false,,2023-06-15T00:00:00.000Z,0
CVE-2023-22251,https://securityvulnerability.io/vulnerability/CVE-2023-22251,Adobe Commerce Incorrect Authorization Security feature bypass,Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Incorrect Authorization vulnerability. A low-privileged authenticated attacker could leverage this vulnerability to achieve minor information disclosure.,Adobe,Magento Commerce,4.3,MEDIUM,0.0008099999977275729,false,,false,false,false,,,false,false,,2023-03-27T00:00:00.000Z,0
CVE-2023-22249,https://securityvulnerability.io/vulnerability/CVE-2023-22249,Adobe Commerce Stored XSS Arbitrary code execution,Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.,Adobe,Magento Commerce,4.8,MEDIUM,0.0008099999977275729,false,,false,false,false,,,false,false,,2023-03-27T00:00:00.000Z,0
CVE-2023-22250,https://securityvulnerability.io/vulnerability/CVE-2023-22250,Adobe Commerce Improper Access Control Security feature bypass,Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction.,Adobe,Magento Commerce,5.3,MEDIUM,0.0009500000160187483,false,,false,false,false,,,false,false,,2023-03-27T00:00:00.000Z,0
CVE-2023-22247,https://securityvulnerability.io/vulnerability/CVE-2023-22247,Adobe Commerce XML Injection Arbitrary file system read,"A vulnerability in Adobe Commerce allows unauthenticated attackers to exploit XML Injection, leading to potential arbitrary file system read access. By injecting malicious URLs, attackers can induce the application to make unauthorized requests, compromising system integrity without requiring user interaction.",Adobe,Magento Commerce,7.5,HIGH,0.0020000000949949026,false,,false,false,false,,,false,false,,2023-03-27T00:00:00.000Z,0
CVE-2022-35689,https://securityvulnerability.io/vulnerability/CVE-2022-35689,Adobe Commerce Improper Access Control Security feature bypass,Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction.,Adobe,Magento Commerce,5.3,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2022-10-14T20:15:00.000Z,0
CVE-2022-35698,https://securityvulnerability.io/vulnerability/CVE-2022-35698,Adobe Commerce Stored XSS Arbitrary code execution,Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by a Stored Cross-site Scripting vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution.,Adobe,Magento Commerce,10,CRITICAL,0.0006200000061653554,false,,false,false,true,2022-10-14T04:58:26.000Z,true,false,false,,2022-10-11T00:00:00.000Z,0
CVE-2022-35692,https://securityvulnerability.io/vulnerability/CVE-2022-35692,Adobe Commerce Improper Access Control Security feature bypass,"Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to leak minor information of another user's account detials. Exploitation of this issue does not require user interaction.",Adobe,Magento Commerce,5.3,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2022-08-19T23:15:00.000Z,0
CVE-2022-34258,https://securityvulnerability.io/vulnerability/CVE-2022-34258,Adobe Commerce Stored XSS Arbitrary code execution,"Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker with admin privileges to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.",Adobe,Magento Commerce,4.8,MEDIUM,0.0008500000112690032,false,,false,false,false,,,false,false,,2022-08-16T21:15:00.000Z,0
CVE-2022-34257,https://securityvulnerability.io/vulnerability/CVE-2022-34257,Adobe Commerce Stored XSS Arbitrary code execution,"Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.",Adobe,Magento Commerce,6.1,MEDIUM,0.0007300000288523734,false,,false,false,false,,,false,false,,2022-08-16T21:15:00.000Z,0
CVE-2022-34259,https://securityvulnerability.io/vulnerability/CVE-2022-34259,Adobe Commerce Improper Access Control Security feature bypass,"Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction.",Adobe,Magento Commerce,5.3,MEDIUM,0.0011500000255182385,false,,false,false,false,,,false,false,,2022-08-16T21:15:00.000Z,0
CVE-2022-34254,https://securityvulnerability.io/vulnerability/CVE-2022-34254,Adobe Commerce Improper Limitation of a Pathname to a Restricted Directory Arbitrary code execution,"Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could be abused by an attacker to inject malicious scripts into the vulnerable endpoint. A low privileged attacker could leverage this vulnerability to read local files and to perform Stored XSS. Exploitation of this issue does not require user interaction.",Adobe,Magento Commerce,8.5,HIGH,0.002139999996870756,false,,false,false,false,,,false,false,,2022-08-16T21:15:00.000Z,0
CVE-2022-34253,https://securityvulnerability.io/vulnerability/CVE-2022-34253,Adobe Commerce XML Injection Arbitrary code execution,"Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an XML Injection vulnerability in the Widgets Module. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution. Exploitation of this issue does not require user interaction.",Adobe,Magento Commerce,9.1,CRITICAL,0.0021699999924749136,false,,false,false,false,,,false,false,,2022-08-16T21:15:00.000Z,0