VYPR

Packagist (Composer) package

magento/community-edition

pkg:composer/magento/community-edition

Vulnerabilities (355)

  • CVE-2025-27188Apr 8, 2025
    affected < 2.4.4-p13fixed 2.4.4-p13

    Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthor

  • CVE-2025-24414Feb 11, 2025
    affected >= 2.4.7-beta1, < 2.4.7-p4fixed 2.4.7-p4

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScr

  • CVE-2025-24437Feb 11, 2025
    affected >= 2.4.7-beta1, < 2.4.7-p4fixed 2.4.7-p4

    Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to view or modify select i

  • CVE-2025-24434Feb 11, 2025
    affected >= 2.4.8-beta1, < 2.4.8-beta2fixed 2.4.8-beta2

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unautho

  • CVE-2025-24415Feb 11, 2025
    affected >= 2.4.7-beta1, < 2.4.7-p4fixed 2.4.7-p4

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScr

  • CVE-2025-24411Feb 11, 2025
    affected >= 2.4.7-beta1, < 2.4.7-p4fixed 2.4.7-p4

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measur

  • CVE-2025-24416Feb 11, 2025
    affected >= 2.4.7-beta1, < 2.4.7-p4fixed 2.4.7-p4

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScr

  • CVE-2025-24413Feb 11, 2025
    affected >= 2.4.7-beta1, < 2.4.7-p4fixed 2.4.7-p4

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScr

  • CVE-2025-24432Feb 11, 2025
    affected >= 2.4.7-beta1, < 2.4.7-p4fixed 2.4.7-p4

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this race condition to alter a con

  • CVE-2025-24424Feb 11, 2025
    affected >= 2.4.7-beta1, < 2.4.7-p4fixed 2.4.7-p4

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measur

  • CVE-2025-24430Feb 11, 2025
    affected >= 2.4.7-beta1, < 2.4.7-p4fixed 2.4.7-p4

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this race condition to alter a con

  • CVE-2025-24429Feb 11, 2025
    affected >= 2.4.7-beta1, < 2.4.7-p4fixed 2.4.7-p4

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass allowing read only access. A low-privileged attacker could leverage this vulnerability

  • CVE-2025-24436Feb 11, 2025
    affected >= 2.4.7-beta1, < 2.4.7-p4fixed 2.4.7-p4

    Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to view select information

  • CVE-2025-24438Feb 11, 2025
    affected >= 2.4.7-beta1, < 2.4.7-p4fixed 2.4.7-p4

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScr

  • CVE-2025-24406Feb 11, 2025
    affected >= 2.4.7-beta1, < 2.4.7-p4fixed 2.4.7-p4

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to a security feature bypass. An unauthenticated attacker coul

  • CVE-2025-24417Feb 11, 2025
    affected >= 2.4.7-beta1, < 2.4.7-p4fixed 2.4.7-p4

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScr

  • CVE-2025-24409Feb 11, 2025
    affected >= 2.4.7-beta1, < 2.4.7-p4fixed 2.4.7-p4

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain u

  • CVE-2025-24425Feb 11, 2025
    affected >= 2.4.7-beta1, < 2.4.7-p4fixed 2.4.7-p4

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Business Logic Error vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to circumvent intended security mechanisms b

  • CVE-2025-24421Feb 11, 2025
    affected >= 2.4.7-beta1, < 2.4.7-p4fixed 2.4.7-p4

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to read select data. Explo

  • CVE-2025-24412Feb 11, 2025
    affected >= 2.4.7-beta1, < 2.4.7-p4fixed 2.4.7-p4

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScr

Page 2 of 18