VYPR

Packagist (Composer) package

magento/community-edition

pkg:composer/magento/community-edition

Vulnerabilities (355)

  • CVE-2025-54265MedOct 14, 2025
    affected >= 2.4.9-alpha1, < 2.4.9-alpha3fixed 2.4.9-alpha3

    Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploit dep

  • CVE-2025-54267Oct 14, 2025
    affected >= 2.4.9-alpha1, < 2.4.9-alpha3fixed 2.4.9-alpha3

    Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to

  • CVE-2025-54266Oct 14, 2025
    affected >= 2.4.9-alpha1, < 2.4.9-alpha3fixed 2.4.9-alpha3

    Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Mali

  • CVE-2025-54263Oct 14, 2025
    affected >= 2.4.9-alpha1, < 2.4.9-alpha3fixed 2.4.9-alpha3

    Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-privileged attacker could leverage this vulnerability to bypass security measures and maintain unauthorized access

  • CVE-2025-54264Oct 14, 2025
    affected >= 2.4.9-alpha1, < 2.4.9-alpha3fixed 2.4.9-alpha3

    Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into v

  • CVE-2025-54236CriKEVSep 9, 2025
    affected <= 2.4.5-p14

    Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact

  • CVE-2025-49556Aug 12, 2025
    affected >= 2.4.9-alpha1, < 2.4.9-alpha2fixed 2.4.9-alpha2

    Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass security measures

  • CVE-2025-49557Aug 12, 2025
    affected < 2.4.4-p15fixed 2.4.4-p15

    Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form fields. A

  • CVE-2025-49558Aug 12, 2025
    affected >= 2.4.9-alpha1, < 2.4.9-alpha2fixed 2.4.9-alpha2

    Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability by

  • CVE-2025-49554Aug 12, 2025
    affected >= 2.4.9-alpha1, < 2.4.9-alpha2fixed 2.4.9-alpha2

    Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability by providing specially c

  • CVE-2025-49559Aug 12, 2025
    affected >= 2.4.9-alpha1, < 2.4.9-alpha2fixed 2.4.9-alpha2

    Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a security feature bypass. An attacker could

  • CVE-2025-49555Aug 12, 2025
    affected >= 2.4.9-alpha1, < 2.4.9-alpha2fixed 2.4.9-alpha2

    Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in privilege escalation. A high-privileged attacker could trick a victim into executing uninte

  • CVE-2025-49550Jun 25, 2025
    affected >= 2.4.7-beta1, < 2.4.7-p6fixed 2.4.7-p6

    Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited

  • CVE-2025-49549Jun 25, 2025
    affected >= 2.4.7-beta1, < 2.4.7-p6fixed 2.4.7-p6

    Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures a

  • CVE-2025-27206Jun 10, 2025
    affected >= 2.4.7-beta1, < 2.4.7-p6fixed 2.4.7-p6

    Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited

  • CVE-2025-47110Jun 10, 2025
    affected >= 2.4.8-beta1, < 2.4.8-p1fixed 2.4.8-p1

    Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript

  • CVE-2025-43585Jun 10, 2025
    affected >= 2.4.7-beta1, < 2.4.7-p6fixed 2.4.7-p6

    Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthor

  • CVE-2025-27190Apr 8, 2025
    affected >= 2.4.7-beta1, < 2.4.7-p5fixed 2.4.7-p5

    Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain un

  • CVE-2025-27191Apr 8, 2025
    affected >= 2.4.7-beta1, < 2.4.7-p5fixed 2.4.7-p5

    Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain un

  • CVE-2025-27192Apr 8, 2025
    affected >= 2.4.7-beta1, < 2.4.7-p5fixed 2.4.7-p5

    Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to gain unauth

Page 1 of 18