CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39415 – An unauthorized user can export the Tax Sales Report
https://notcve.org/view.php?id=CVE-2024-39415
14 Aug 2024 — Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction. • https://helpx.adobe.com/security/products/magento/apsb24-61.html • CWE-285: Improper Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39405 – Adobe Commerce | Improper Authorization (CWE-285)
https://notcve.org/view.php?id=CVE-2024-39405
14 Aug 2024 — Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction. • https://helpx.adobe.com/security/products/magento/apsb24-61.html • CWE-285: Improper Authorization •
CVSS: 9.0EPSS: 2%CPEs: 1EXPL: 0CVE-2024-20758 – Adobe Commerce | Improper Input Validation (CWE-20)
https://notcve.org/view.php?id=CVE-2024-20758
10 Apr 2024 — Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but the attack complexity is high. Las versiones 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de validación de entrada incorrecta que podría provocar la ejecución ... • https://helpx.adobe.com/security/products/magento/apsb24-18.html • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20759 – Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)
https://notcve.org/view.php?id=CVE-2024-20759
10 Apr 2024 — Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Confidentiality and integrity are considered high due to having admin impact. Las versiones 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 y ant... • https://helpx.adobe.com/security/products/magento/apsb24-18.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 0CVE-2021-36044 – Magento Commerce GraphQL Improper Input Validation Could Lead To Denial Of Service
https://notcve.org/view.php?id=CVE-2021-36044
01 Sep 2021 — Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An unauthenticated attacker could abuse this vulnerability to cause a server-side denial-of-service using a GraphQL field. Magento Commerce versiones 2.4.2 (y anteriores), versiones 2.4.2-p1 (y anteriores), y versiones 2.3.7 (y anteriores), están afectadas por una vulnerabilidad de comprobación Inapropiada de Entrada. Un atacante no autenticado podría abus... • https://helpx.adobe.com/security/products/magento/apsb21-64.html • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 3%CPEs: 6EXPL: 0CVE-2021-36027 – Magento Commerce Stored Cross-site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2021-36027
01 Sep 2021 — Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a stored cross-site scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Magento Commerce versiones 2.4.2 (y anteriores), versiones 2.4.2-p1 (y anteriores), y versiones 2.3.7 (y anteriores), están afectadas por una vu... • https://helpx.adobe.com/security/products/magento/apsb21-64.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 2%CPEs: 6EXPL: 0CVE-2021-36043 – Magento Commerce Authenticated Blind SSRF Could Lead To Remote Code Execution
https://notcve.org/view.php?id=CVE-2021-36043
01 Sep 2021 — Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a blind SSRF vulnerability in the bundled dotmailer extension. An attacker with admin privileges could abuse this to achieve remote code execution should Redis be enabled. Magento Commerce versiones 2.4.2 (y anteriores), versiones 2.4.2-p1 (y anteriores), y versiones 2.3.7 (y anteriores), están afectadas por una vulnerabilidad de tipo SSRF ciega en la extensión dotmailer incluida. Un atacante con pr... • https://helpx.adobe.com/security/products/magento/apsb21-64.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.1EPSS: 4%CPEs: 6EXPL: 0CVE-2021-36042 – Magento Commerce API File Option Upload Extension Improper Input Validation Vulnerability Could Lead To Remote Code Execution
https://notcve.org/view.php?id=CVE-2021-36042
01 Sep 2021 — Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the API File Option Upload Extension. An attacker with Admin privileges can achieve unrestricted file upload which can result in remote code execution. Magento Commerce versiones 2.4.2 (y anteriores), versiones 2.4.2-p1 (y anteriores), y versiones 2.3.7 (y anteriores), están afectadas por una vulnerabilidad de comprobación Inapropiada de Entrada en la ex... • https://helpx.adobe.com/security/products/magento/apsb21-64.html • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0CVE-2021-36030 – Magento Commerce Improper Input Validation During Checkout Process Could Lead To Privilege Escalation
https://notcve.org/view.php?id=CVE-2021-36030
01 Sep 2021 — Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability during the checkout process. An unauthenticated attacker can leverage this vulnerability to alter the price of items. Magento Commerce versiones 2.4.2 (y anteriores), versiones 2.4.2-p1 (y anteriores), y versiones 2.3.7 (y anteriores), están afectadas por una vulnerabilidad de comprobación Inapropiada de Entrada durante el proceso de compra. Un atacante no ... • https://helpx.adobe.com/security/products/magento/apsb21-64.html • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 5%CPEs: 6EXPL: 0CVE-2021-36041 – Magento Commerce Improper Input Validation Could Lead To Remote Code Execution
https://notcve.org/view.php?id=CVE-2021-36041
01 Sep 2021 — Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges could upload a specially crafted file in the 'pub/media` directory could lead to remote code execution. Magento Commerce versiones 2.4.2 (y anteriores), versiones 2.4.2-p1 (y anteriores), y versiones 2.3.7 (y anteriores), están afectadas por una vulnerabilidad de comprobación Inapropiada de Entrada. Un atacante con privile... • https://helpx.adobe.com/security/products/magento/apsb21-64.html • CWE-20: Improper Input Validation •