CVE-2024-34104
- EPSS 0.79%
- Veröffentlicht 13.06.2024 09:15:11
- Zuletzt bearbeitet 21.11.2024 09:18:06
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures ...
CVE-2024-34105
- EPSS 0.67%
- Veröffentlicht 13.06.2024 09:15:11
- Zuletzt bearbeitet 21.11.2024 09:18:06
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious Jav...
CVE-2024-34106
- EPSS 0.85%
- Veröffentlicht 13.06.2024 09:15:11
- Zuletzt bearbeitet 21.11.2024 09:18:06
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to gain unauthorized access ...
CVE-2024-34102
- EPSS 99.99%
- Veröffentlicht 13.06.2024 09:15:10
- Zuletzt bearbeitet 23.10.2025 14:51:28
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulne...
CVE-2024-34103
- EPSS 0.78%
- Veröffentlicht 13.06.2024 09:15:10
- Zuletzt bearbeitet 21.11.2024 09:18:06
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or el...
- EPSS 1.42%
- Veröffentlicht 10.04.2024 12:15:08
- Zuletzt bearbeitet 16.04.2025 14:53:40
Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution on the underlying filesystem. Exploitation of this issue does not r...
CVE-2024-20759
- EPSS 1.03%
- Veröffentlicht 10.04.2024 12:15:08
- Zuletzt bearbeitet 11.02.2025 15:59:16
Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields...
CVE-2023-38249
- EPSS 0.83%
- Veröffentlicht 13.10.2023 07:15:41
- Zuletzt bearbeitet 21.11.2024 08:13:10
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that co...
CVE-2023-38250
- EPSS 0.83%
- Veröffentlicht 13.10.2023 07:15:41
- Zuletzt bearbeitet 21.11.2024 08:13:10
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that co...
CVE-2023-38251
- EPSS 0.67%
- Veröffentlicht 13.10.2023 07:15:41
- Zuletzt bearbeitet 21.11.2024 08:13:11
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Uncontrolled Resource Consumption vulnerability that could lead in minor application denial-of-service. Exp...