CVE-2023-29297
- EPSS 1.22%
- Veröffentlicht 15.06.2023 19:15:11
- Zuletzt bearbeitet 21.11.2024 07:56:49
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability that could lead to arbitrary code execution by an adm...
CVE-2023-22248
- EPSS 0.92%
- Veröffentlicht 15.06.2023 19:15:10
- Zuletzt bearbeitet 21.11.2024 07:44:23
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to l...
CVE-2023-29287
- EPSS 0.64%
- Veröffentlicht 15.06.2023 19:15:10
- Zuletzt bearbeitet 21.11.2024 07:56:48
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Information Exposure vulnerability that could lead to a security feature bypass. An attacker could leverage this vulnerability to leak m...
CVE-2023-29288
- EPSS 0.59%
- Veröffentlicht 15.06.2023 19:15:10
- Zuletzt bearbeitet 21.11.2024 07:56:48
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacker could leverage this vulnerab...
CVE-2023-29289
- EPSS 0.79%
- Veröffentlicht 15.06.2023 19:15:10
- Zuletzt bearbeitet 21.11.2024 07:56:48
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an XML Injection vulnerability. An attacker with low privileges can trigger a specially crafted script to a security feature bypass. Exploi...
CVE-2023-29290
- EPSS 0.57%
- Veröffentlicht 15.06.2023 19:15:10
- Zuletzt bearbeitet 21.11.2024 07:56:48
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to b...
CVE-2023-29291
- EPSS 0.99%
- Veröffentlicht 15.06.2023 19:15:10
- Zuletzt bearbeitet 21.11.2024 07:56:48
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker...
CVE-2023-29292
- EPSS 0.86%
- Veröffentlicht 15.06.2023 19:15:10
- Zuletzt bearbeitet 21.11.2024 07:56:48
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker...
- EPSS 99.2%
- Veröffentlicht 16.02.2022 17:15:13
- Zuletzt bearbeitet 23.10.2025 14:51:16
Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitra...
CVE-2021-21013
- EPSS 3.18%
- Veröffentlicht 13.01.2021 23:15:14
- Zuletzt bearbeitet 21.11.2024 05:47:24
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module. Successful exploitation could lead to sensitive information disclosure a...