CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27190 – Adobe Commerce | Improper Access Control (CWE-284)
https://notcve.org/view.php?id=CVE-2025-27190
08 Apr 2025 — Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. • https://helpx.adobe.com/security/products/magento/apsb25-26.html • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27191 – Adobe Commerce | Improper Access Control (CWE-284)
https://notcve.org/view.php?id=CVE-2025-27191
08 Apr 2025 — Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. • https://helpx.adobe.com/security/products/magento/apsb25-26.html • CWE-284: Improper Access Control •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27192 – Adobe Commerce | Insufficiently Protected Credentials (CWE-522)
https://notcve.org/view.php?id=CVE-2025-27192
08 Apr 2025 — Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to gain unauthorized access to protected resources by obtaining sensitive credential information. Exploitation of this issue does not require user interaction. • https://helpx.adobe.com/security/products/magento/apsb25-26.html • CWE-522: Insufficiently Protected Credentials •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27188 – Adobe Commerce | Improper Authorization (CWE-285)
https://notcve.org/view.php?id=CVE-2025-27188
08 Apr 2025 — Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. • https://helpx.adobe.com/security/products/magento/apsb25-26.html • CWE-285: Improper Authorization •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27189 – Adobe Commerce | Cross-Site Request Forgery (CSRF) (CWE-352)
https://notcve.org/view.php?id=CVE-2025-27189
08 Apr 2025 — Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could be exploited to cause a denial-of-service condition. An attacker could trick a logged-in user into submitting a forged request to the vulnerable application, which may disrupt service availability. Exploitation of this issue requires user interaction, typically in the form of clicking a malicious link or visiting an attacker-controlled website... • https://helpx.adobe.com/security/products/magento/apsb25-26.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24422 – Adobe Commerce | Improper Access Control (CWE-284)
https://notcve.org/view.php?id=CVE-2025-24422
11 Feb 2025 — Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vuln... • https://helpx.adobe.com/security/products/magento/apsb25-08.html • CWE-284: Improper Access Control •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24414 – Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)
https://notcve.org/view.php?id=CVE-2025-24414
11 Feb 2025 — Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. A... • https://helpx.adobe.com/security/products/magento/apsb25-08.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24437 – Adobe Commerce | Improper Access Control (CWE-284)
https://notcve.org/view.php?id=CVE-2025-24437
11 Feb 2025 — Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain elevated privileges. Exploitation of this issue does not require user interaction. Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerabi... • https://helpx.adobe.com/security/products/magento/apsb25-08.html • CWE-284: Improper Access Control •
CVSS: 9.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24434 – Adobe Commerce | Incorrect Authorization (CWE-863)
https://notcve.org/view.php?id=CVE-2025-24434
11 Feb 2025 — Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. Adobe Commerce versions 2.4.8-... • https://helpx.adobe.com/security/products/magento/apsb25-08.html • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24415 – Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)
https://notcve.org/view.php?id=CVE-2025-24415
11 Feb 2025 — Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. A... • https://helpx.adobe.com/security/products/magento/apsb25-08.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •