Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Adobe Commerce — Vulnerabilities & Security Advisories 169

All 169 CVE vulnerabilities found in Adobe Commerce, with AI-generated Chinese analysis, references, and POCs.

Vendor: Adobe

CVE IDTitleCVSSSeverityPublished
CVE-2024-20719 [Adobe Commerce] Stored XSS from low privileged admin user on every admin page, bypassing CVE-2023-29297 CWE-79 9.1 Critical2024-02-15
CVE-2024-20720 Command injection in data collector backup due to insufficient patching of CVE-2023-38208 CWE-78 9.1 Critical2024-02-15
CVE-2023-38251 Adobe Commerce | Uncontrolled Resource Consumption (CWE-400) CWE-400 5.3 Medium2023-10-13
CVE-2023-38219 Validate Your Inputs | Cross-site Scripting (Stored XSS) (CWE-79) - Customer to Admin stored XSS with Gift wrapping CWE-79 8.7 High2023-10-13
CVE-2023-38220 Full page cache enumeration via cookie X-Magento-Vary CWE-285 7.5 High2023-10-13
CVE-2023-26367 Error based file extraction via PHP filter chains during product bulk import logic CWE-20 4.9 Medium2023-10-13
CVE-2023-26366 Validate Your Inputs | Server-Side Request Forgery (SSRF) (CWE-918) CWE-918 6.8 Medium2023-10-13
CVE-2023-38218 Incorrect Authorization - Customer account takeover CWE-863 8.8 High2023-10-13
CVE-2023-38250 Adobe Commerce | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89) CWE-89 8.0 High2023-10-13
CVE-2023-38249 Adobe Commerce | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89) CWE-89 8.0 High2023-10-13
CVE-2023-38221 Adobe Commerce | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89) CWE-89 8.0 High2023-10-13
CVE-2022-24093 Adobe Commerce post-auth improper input validation leads to remote code execution CWE-20 9.1 Critical2023-09-12
CVE-2021-36036 Magento Commerce Media Gallery Upload Improper Access Control Could Lead To Remote Code Execution CWE-284 7.2 High2023-09-06
CVE-2021-36021 Magento Commerce CMS Page Improper Input Validation Could Lead To Remote Code Execution CWE-20 7.2 High2023-09-06
CVE-2021-36023 Magento Commerce Widgets Update Layout XML Injection Vulnerability Could Lead To Remote Code Execution CWE-78 9.1 Critical2023-09-06
CVE-2023-38207 Adobe Commerce XML Injection (aka Blind XPath Injection) Arbitrary file system read CWE-91 7.5 High2023-08-09
CVE-2023-29293 Adobe Commerce | Improper Input Validation (CWE-20) CWE-20 2.7 Low2023-06-15
CVE-2023-29288 Adobe Commerce | Incorrect Authorization (CWE-863) CWE-863 4.3 Medium2023-06-15
CVE-2022-42344 [CVE-2021-36032] Magento IDOR Leads to Account Takeover CWE-863 8.8 High2022-10-20

All 169 known CVE vulnerabilities affecting Adobe Commerce with full Chinese analysis, references, and POCs where available.