Packagist (Composer) package
magento/community-edition
pkg:composer/magento/community-edition
Vulnerabilities (355)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-24427 | — | >= 2.4.7-beta1, < 2.4.7-p4 | 2.4.7-p4 | Feb 11, 2025 | Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measur | ||
| CVE-2025-24428 | — | >= 2.4.7-beta1, < 2.4.7-p4 | 2.4.7-p4 | Feb 11, 2025 | Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScr | ||
| CVE-2025-24410 | — | >= 2.4.7-beta1, < 2.4.7-p4 | 2.4.7-p4 | Feb 11, 2025 | Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScr | ||
| CVE-2025-24408 | — | >= 2.4.7-beta1, < 2.4.7-p4 | 2.4.7-p4 | Feb 11, 2025 | Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Information Exposure vulnerability that could result in privilege escalation. A low-privileged attacker could gain unauthorized access to sensitive information. Exploitati | ||
| CVE-2025-24435 | — | >= 2.4.7-beta1, < 2.4.7-p4 | 2.4.7-p4 | Feb 11, 2025 | Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures an | ||
| CVE-2024-45127 | — | >= 2.4.7-beta1, < 2.4.7-p3 | 2.4.7-p3 | Oct 10, 2024 | Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in | ||
| CVE-2024-45128 | — | >= 2.4.7-beta1, < 2.4.7-p3 | 2.4.7-p3 | Oct 10, 2024 | Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a l | ||
| CVE-2024-45133 | — | >= 2.4.7-beta1, < 2.4.7-p3 | 2.4.7-p3 | Oct 10, 2024 | Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may | ||
| CVE-2024-45124 | — | >= 2.4.7-beta1, < 2.4.7-p3 | 2.4.7-p3 | Oct 10, 2024 | Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and have a low impact on | ||
| CVE-2024-45123 | — | >= 2.4.7-beta1, < 2.4.7-p3 | 2.4.7-p3 | Oct 10, 2024 | Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed | ||
| CVE-2024-45121 | — | >= 2.4.7-beta1, < 2.4.7-p3 | 2.4.7-p3 | Oct 10, 2024 | Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a | ||
| CVE-2024-45117 | — | >= 2.4.7-beta1, < 2.4.7-p3 | 2.4.7-p3 | Oct 10, 2024 | Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to read files from the system outside of the in | ||
| CVE-2024-45116 | — | >= 2.4.7-beta1, < 2.4.7-p3 | 2.4.7-p3 | Oct 10, 2024 | Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code. If an admin attacker can trick a user into clicking a specially crafted link or submitting a f | ||
| CVE-2024-45119 | — | >= 2.4.7-beta1, < 2.4.7-p3 | 2.4.7-p3 | Oct 10, 2024 | Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary re | ||
| CVE-2024-45122 | — | >= 2.4.7-beta1, < 2.4.7-p3 | 2.4.7-p3 | Oct 10, 2024 | Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a | ||
| CVE-2024-45135 | — | >= 2.4.7-beta1, < 2.4.7-p3 | 2.4.7-p3 | Oct 10, 2024 | Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An admin attacker could leverage this vulnerability to bypass security measures and have a low impa | ||
| CVE-2024-45120 | — | >= 2.4.7-beta1, < 2.4.7-p3 | 2.4.7-p3 | Oct 10, 2024 | Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to a security feature bypass. An attacker could exploit this vulnerability to alter a condition between th | ||
| CVE-2024-45130 | — | >= 2.4.7-beta1, < 2.4.7-p3 | 2.4.7-p3 | Oct 10, 2024 | Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a | ||
| CVE-2024-45132 | — | >= 2.4.7-beta1, < 2.4.7-p3 | 2.4.7-p3 | Oct 10, 2024 | Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect confid | ||
| CVE-2024-45131 | — | >= 2.4.7-beta1, < 2.4.7-p3 | 2.4.7-p3 | Oct 10, 2024 | Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a l |
- CVE-2025-24427Feb 11, 2025affected >= 2.4.7-beta1, < 2.4.7-p4fixed 2.4.7-p4
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measur
- CVE-2025-24428Feb 11, 2025affected >= 2.4.7-beta1, < 2.4.7-p4fixed 2.4.7-p4
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScr
- CVE-2025-24410Feb 11, 2025affected >= 2.4.7-beta1, < 2.4.7-p4fixed 2.4.7-p4
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScr
- CVE-2025-24408Feb 11, 2025affected >= 2.4.7-beta1, < 2.4.7-p4fixed 2.4.7-p4
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Information Exposure vulnerability that could result in privilege escalation. A low-privileged attacker could gain unauthorized access to sensitive information. Exploitati
- CVE-2025-24435Feb 11, 2025affected >= 2.4.7-beta1, < 2.4.7-p4fixed 2.4.7-p4
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures an
- CVE-2024-45127Oct 10, 2024affected >= 2.4.7-beta1, < 2.4.7-p3fixed 2.4.7-p3
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in
- CVE-2024-45128Oct 10, 2024affected >= 2.4.7-beta1, < 2.4.7-p3fixed 2.4.7-p3
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a l
- CVE-2024-45133Oct 10, 2024affected >= 2.4.7-beta1, < 2.4.7-p3fixed 2.4.7-p3
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may
- CVE-2024-45124Oct 10, 2024affected >= 2.4.7-beta1, < 2.4.7-p3fixed 2.4.7-p3
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and have a low impact on
- CVE-2024-45123Oct 10, 2024affected >= 2.4.7-beta1, < 2.4.7-p3fixed 2.4.7-p3
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed
- CVE-2024-45121Oct 10, 2024affected >= 2.4.7-beta1, < 2.4.7-p3fixed 2.4.7-p3
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a
- CVE-2024-45117Oct 10, 2024affected >= 2.4.7-beta1, < 2.4.7-p3fixed 2.4.7-p3
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to read files from the system outside of the in
- CVE-2024-45116Oct 10, 2024affected >= 2.4.7-beta1, < 2.4.7-p3fixed 2.4.7-p3
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code. If an admin attacker can trick a user into clicking a specially crafted link or submitting a f
- CVE-2024-45119Oct 10, 2024affected >= 2.4.7-beta1, < 2.4.7-p3fixed 2.4.7-p3
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary re
- CVE-2024-45122Oct 10, 2024affected >= 2.4.7-beta1, < 2.4.7-p3fixed 2.4.7-p3
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a
- CVE-2024-45135Oct 10, 2024affected >= 2.4.7-beta1, < 2.4.7-p3fixed 2.4.7-p3
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An admin attacker could leverage this vulnerability to bypass security measures and have a low impa
- CVE-2024-45120Oct 10, 2024affected >= 2.4.7-beta1, < 2.4.7-p3fixed 2.4.7-p3
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to a security feature bypass. An attacker could exploit this vulnerability to alter a condition between th
- CVE-2024-45130Oct 10, 2024affected >= 2.4.7-beta1, < 2.4.7-p3fixed 2.4.7-p3
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a
- CVE-2024-45132Oct 10, 2024affected >= 2.4.7-beta1, < 2.4.7-p3fixed 2.4.7-p3
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect confid
- CVE-2024-45131Oct 10, 2024affected >= 2.4.7-beta1, < 2.4.7-p3fixed 2.4.7-p3
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a l
Page 3 of 18