Adobe

Commerce

153 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2025-54267

  • EPSS 0.06%
  • Veröffentlicht 14.10.2025 20:27:57
  • Zuletzt bearbeitet 20.10.2025 13:47:32

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-privileged attacker could leverage this vulnerability to bypass security measures an...

8.1

CVE-2025-54263

  • EPSS 0.08%
  • Veröffentlicht 14.10.2025 20:27:56
  • Zuletzt bearbeitet 20.10.2025 13:47:20

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-privileged attacker could leverage this vulnerability to bypass security measures an...

4.8

CVE-2025-54266

  • EPSS 0.08%
  • Veröffentlicht 14.10.2025 20:27:56
  • Zuletzt bearbeitet 20.10.2025 13:47:38

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts int...

5.3

CVE-2025-54277

  • EPSS 0.07%
  • Veröffentlicht 14.10.2025 20:27:55
  • Zuletzt bearbeitet 17.10.2025 22:15:34

Rejected reason: This CVE ID was issued in error by its CVE Numbering Authority.

7.5

CVE-2025-54265

  • EPSS 0.14%
  • Veröffentlicht 14.10.2025 20:27:54
  • Zuletzt bearbeitet 20.10.2025 13:47:28

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain unautho...

8.1

CVE-2025-54264

  • EPSS 0.11%
  • Veröffentlicht 14.10.2025 20:27:53
  • Zuletzt bearbeitet 20.10.2025 13:47:24

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to i...

9.1

CVE-2025-54236

Warnung Medienbericht Exploit
  • EPSS 47.21%
  • Veröffentlicht 09.09.2025 13:20:17
  • Zuletzt bearbeitet 08.12.2025 02:00:02

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confide...

8.1

CVE-2025-49555

  • EPSS 0.06%
  • Veröffentlicht 12.08.2025 18:15:29
  • Zuletzt bearbeitet 15.08.2025 15:39:48

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in privilege escalation. A high-privileged attacker could trick ...

7.5

CVE-2025-49556

  • EPSS 0.15%
  • Veröffentlicht 12.08.2025 18:15:29
  • Zuletzt bearbeitet 15.08.2025 15:39:58

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerabili...

8.7

CVE-2025-49557

  • EPSS 0.06%
  • Veröffentlicht 12.08.2025 18:15:29
  • Zuletzt bearbeitet 02.10.2025 14:43:02

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts i...