Adobe

Commerce

147 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.1

CVE-2025-54236

Media report
  • EPSS 0.33%
  • Published 09.09.2025 13:20:17
  • Last modified 22.09.2025 18:15:43

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confide...

8.1

CVE-2025-49555

  • EPSS 0.05%
  • Published 12.08.2025 18:15:29
  • Last modified 15.08.2025 15:39:48

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in privilege escalation. A high-privileged attacker could trick ...

7.5

CVE-2025-49556

  • EPSS 0.14%
  • Published 12.08.2025 18:15:29
  • Last modified 15.08.2025 15:39:58

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerabili...

8.7

CVE-2025-49557

  • EPSS 0.05%
  • Published 12.08.2025 18:15:29
  • Last modified 02.10.2025 14:43:02

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts i...

5.9

CVE-2025-49558

  • EPSS 0.18%
  • Published 12.08.2025 18:15:29
  • Last modified 15.08.2025 15:40:51

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could ...

5.3

CVE-2025-49559

  • EPSS 0.25%
  • Published 12.08.2025 18:15:29
  • Last modified 15.08.2025 15:40:55

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a security feat...

7.5

CVE-2025-49554

  • EPSS 0.28%
  • Published 12.08.2025 18:15:28
  • Last modified 15.08.2025 15:37:34

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerab...

4.3

CVE-2025-49550

  • EPSS 0.09%
  • Published 25.06.2025 17:41:58
  • Last modified 24.07.2025 19:20:44

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass secu...

2.7

CVE-2025-49549

  • EPSS 0.08%
  • Published 25.06.2025 17:41:13
  • Last modified 24.07.2025 19:20:37

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability...

8.4

CVE-2025-47110

Media report
  • EPSS 0.13%
  • Published 10.06.2025 16:15:41
  • Last modified 15.07.2025 18:40:20

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form...