Adobe Magento Open Source — known CVE vulnerabilities
Every CVE whose affected-product data names Adobe Magento Open Source, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (32)
CVE-2022-35698 — CVSS 10.0 (critical): Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by a Stored Cross-site Scripting vulnerability…
CVE-2021-36033 — CVSS 9.1 (critical): Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection…
CVE-2021-36022 — CVSS 9.1 (critical): Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection…
CVE-2021-36024 — CVSS 9.1 (critical): Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an Improper Neutralization of…
CVE-2021-36025 — CVSS 9.1 (critical): Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation…
CVE-2021-36028 — CVSS 9.1 (critical): Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection…
CVE-2021-36029 — CVSS 9.1 (critical): Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper improper…
CVE-2021-36034 — CVSS 9.1 (critical): Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation…
CVE-2021-36035 — CVSS 9.1 (critical): Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation…
CVE-2021-36040 — CVSS 9.1 (critical): Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation…
CVE-2021-36041 — CVSS 9.1 (critical): Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation…
CVE-2021-36042 — CVSS 9.1 (critical): Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation…
CVE-2022-24093 — CVSS 9.1 (critical): Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability…
CVE-2021-36032 — CVSS 8.3 (high): Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation…
CVE-2021-36020 — CVSS 8.2 (high): Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection…
CVE-2021-36043 — CVSS 8.0 (high): Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a blind SSRF vulnerability in…
CVE-2023-22247 — CVSS 7.5 (high): Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an XML Injection vulnerability that could lead to…
CVE-2021-36044 — CVSS 7.5 (high): Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation…
CVE-2021-36030 — CVSS 7.5 (high): Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation…
CVE-2021-36031 — CVSS 7.2 (high): Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a Path Traversal…
CVE-2021-36026 — CVSS 6.5 (medium): Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a stored cross-site scripting…
CVE-2021-36027 — CVSS 6.5 (medium): Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a stored cross-site scripting…
CVE-2021-39864 — CVSS 6.5 (medium): Adobe Commerce versions 2.4.2-p2 (and earlier), 2.4.3 (and earlier) and 2.3.7p1 (and earlier) are affected by a cross-site request forgery…
CVE-2021-36012 — CVSS 6.5 (medium): Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a business logic error in the…
CVE-2021-36037 — CVSS 6.5 (medium): Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper improper…
CVE-2021-36039 — CVSS 6.5 (medium): Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation…
CVE-2021-36038 — CVSS 6.5 (medium): Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation…
CVE-2021-21012 — CVSS 5.3 (medium): Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object…
CVE-2022-35689 — CVSS 5.3 (medium): Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by an Improper Access Control vulnerability that could…
CVE-2023-22250 — CVSS 5.3 (medium): Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Improper Access Control vulnerability that…
CVE-2023-22249 — CVSS 4.8 (medium): Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability…
CVE-2023-22251 — CVSS 4.3 (medium): Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Incorrect Authorization vulnerability. A…