Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/30243?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/30243?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7", "type": "composer", "namespace": "magento", "name": "community-edition", "version": "2.4.7", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.4.8-p3", "latest_non_vulnerable_version": "2.4.9-alpha3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40651?format=api", "vulnerability_id": "VCID-141w-faqu-w3ay", "summary": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45130", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24182", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24388", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24378", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29568", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45130" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", "reference_id": "apsb24-73.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T14:01:33Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45130", "reference_id": "CVE-2024-45130", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45130" }, { "reference_url": "https://github.com/advisories/GHSA-v3v6-jfvw-m576", "reference_id": "GHSA-v3v6-jfvw-m576", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v3v6-jfvw-m576" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34330?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" } ], "aliases": [ "CVE-2024-45130", "GHSA-v3v6-jfvw-m576" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-141w-faqu-w3ay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46533?format=api", "vulnerability_id": "VCID-158t-bqnb-83d4", "summary": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to gain access to files and directories that are outside the restricted directory. Exploitation of this issue does not require user interaction and scope is changed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39406", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00916", "scoring_system": "epss", "scoring_elements": "0.76439", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00916", "scoring_system": "epss", "scoring_elements": "0.76449", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00916", "scoring_system": "epss", "scoring_elements": "0.76369", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00916", "scoring_system": "epss", "scoring_elements": "0.76454", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39406" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "apsb24-61.html", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:12:23Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39406", "reference_id": "CVE-2024-39406", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39406" }, { "reference_url": "https://github.com/advisories/GHSA-6pxh-2557-5cj5", "reference_id": "GHSA-6pxh-2557-5cj5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6pxh-2557-5cj5" } ], "fixed_packages": [], "aliases": [ "CVE-2024-39406", "GHSA-6pxh-2557-5cj5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-158t-bqnb-83d4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40581?format=api", "vulnerability_id": "VCID-16es-u6cy-u3g8", "summary": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45149", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.33844", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.34043", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.34021", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40898", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45149" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", "reference_id": "apsb24-73.html", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T14:05:46Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45149", "reference_id": "CVE-2024-45149", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45149" }, { "reference_url": "https://github.com/advisories/GHSA-w7rg-7wq2-pjrw", "reference_id": "GHSA-w7rg-7wq2-pjrw", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w7rg-7wq2-pjrw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34330?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" } ], "aliases": [ "CVE-2024-45149", "GHSA-w7rg-7wq2-pjrw" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-16es-u6cy-u3g8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40690?format=api", "vulnerability_id": "VCID-1mpb-gzr2-53ar", "summary": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45121", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.25049", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24849", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.25066", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30306", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45121" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", "reference_id": "apsb24-73.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T13:55:50Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45121", "reference_id": "CVE-2024-45121", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45121" }, { "reference_url": "https://github.com/advisories/GHSA-2qhq-fw98-h6wg", "reference_id": "GHSA-2qhq-fw98-h6wg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2qhq-fw98-h6wg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34330?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" } ], "aliases": [ "CVE-2024-45121", "GHSA-2qhq-fw98-h6wg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1mpb-gzr2-53ar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/124324?format=api", "vulnerability_id": "VCID-1vq9-br2m-dbby", "summary": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24438", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04462", "scoring_system": "epss", "scoring_elements": "0.89368", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.04462", "scoring_system": "epss", "scoring_elements": "0.89375", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.04462", "scoring_system": "epss", "scoring_elements": "0.89331", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.04462", "scoring_system": "epss", "scoring_elements": "0.89376", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24438" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24438", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24438" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "apsb25-08.html", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:43Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://github.com/advisories/GHSA-8884-7rm9-mrx4", "reference_id": "GHSA-8884-7rm9-mrx4", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8884-7rm9-mrx4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376306?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-z97t-ffda-vfes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24438", "GHSA-8884-7rm9-mrx4" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1vq9-br2m-dbby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46780?format=api", "vulnerability_id": "VCID-2t3q-pmg5-qyhn", "summary": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39405", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46366", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46508", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46511", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46522", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39405" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "apsb24-61.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:13:21Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39405", "reference_id": "CVE-2024-39405", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39405" }, { "reference_url": "https://github.com/advisories/GHSA-5g9f-7gqc-8hj4", "reference_id": "GHSA-5g9f-7gqc-8hj4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5g9f-7gqc-8hj4" } ], "fixed_packages": [], "aliases": [ "CVE-2024-39405", "GHSA-5g9f-7gqc-8hj4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2t3q-pmg5-qyhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/124201?format=api", "vulnerability_id": "VCID-313z-h2v4-c3fr", "summary": "Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24436", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35573", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35556", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35373", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.3555", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24436" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24436", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24436" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "apsb25-08.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:48:53Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://github.com/advisories/GHSA-ghpr-6qhr-rpp8", "reference_id": "GHSA-ghpr-6qhr-rpp8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ghpr-6qhr-rpp8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376306?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-z97t-ffda-vfes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24436", "GHSA-ghpr-6qhr-rpp8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-313z-h2v4-c3fr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46531?format=api", "vulnerability_id": "VCID-368r-um85-k3d2", "summary": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures to view and edit low-sensitivity information. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39418", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.56177", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.563", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.56297", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.56311", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39418" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "apsb24-61.html", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:08:28Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39418", "reference_id": "CVE-2024-39418", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39418" }, { "reference_url": "https://github.com/advisories/GHSA-gvgf-pvh5-vjh4", "reference_id": "GHSA-gvgf-pvh5-vjh4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gvgf-pvh5-vjh4" } ], "fixed_packages": [], "aliases": [ "CVE-2024-39418", "GHSA-gvgf-pvh5-vjh4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-368r-um85-k3d2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/124669?format=api", "vulnerability_id": "VCID-3a8p-9krx-23e8", "summary": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access affecting Confidentiality and Integrity. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24411", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29113", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29099", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.28891", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29093", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24411" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24411", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24411" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "apsb25-08.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:40Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://github.com/advisories/GHSA-36hw-x3cc-m258", "reference_id": "GHSA-36hw-x3cc-m258", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-36hw-x3cc-m258" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376306?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-z97t-ffda-vfes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24411", "GHSA-36hw-x3cc-m258" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3a8p-9krx-23e8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47005?format=api", "vulnerability_id": "VCID-3s5p-wb18-13ge", "summary": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. A low-privileged attacker could exploit this vulnerability to gain access to files and directories that are outside the restricted directory. Exploitation of this issue does not require user interaction and scope is changed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39399", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.75184", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.75264", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.75268", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.75254", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39399" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "apsb24-61.html", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T14:09:03Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39399", "reference_id": "CVE-2024-39399", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39399" }, { "reference_url": "https://github.com/advisories/GHSA-7r99-8wqp-h7pc", "reference_id": "GHSA-7r99-8wqp-h7pc", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7r99-8wqp-h7pc" } ], "fixed_packages": [], "aliases": [ "CVE-2024-39399", "GHSA-7r99-8wqp-h7pc" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3s5p-wb18-13ge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46497?format=api", "vulnerability_id": "VCID-3uj4-thpr-cue1", "summary": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39407", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.48", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.48016", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47859", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39407" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "apsb24-61.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:10:04Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39407", "reference_id": "CVE-2024-39407", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39407" }, { "reference_url": "https://github.com/advisories/GHSA-cjm6-8mw8-2f8c", "reference_id": "GHSA-cjm6-8mw8-2f8c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cjm6-8mw8-2f8c" } ], "fixed_packages": [], "aliases": [ "CVE-2024-39407", "GHSA-cjm6-8mw8-2f8c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3uj4-thpr-cue1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46502?format=api", "vulnerability_id": "VCID-3ydj-usv4-47fq", "summary": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changes on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39410", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00515", "scoring_system": "epss", "scoring_elements": "0.67151", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00515", "scoring_system": "epss", "scoring_elements": "0.67137", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00515", "scoring_system": "epss", "scoring_elements": "0.67045", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39410" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "apsb24-61.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:09:47Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39410", "reference_id": "CVE-2024-39410", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39410" }, { "reference_url": "https://github.com/advisories/GHSA-4323-f82v-f6jr", "reference_id": "GHSA-4323-f82v-f6jr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4323-f82v-f6jr" } ], "fixed_packages": [], "aliases": [ "CVE-2024-39410", "GHSA-4323-f82v-f6jr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3ydj-usv4-47fq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/132289?format=api", "vulnerability_id": "VCID-466x-mpt9-gbgy", "summary": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38249", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01841", "scoring_system": "epss", "scoring_elements": "0.83433", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01841", "scoring_system": "epss", "scoring_elements": "0.83439", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01841", "scoring_system": "epss", "scoring_elements": "0.83373", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01841", "scoring_system": "epss", "scoring_elements": "0.83442", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38249" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38249", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38249" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html", "reference_id": "apsb23-50.html", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T21:49:36Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html" }, { "reference_url": "https://github.com/advisories/GHSA-rq36-9f5f-2gw7", "reference_id": "GHSA-rq36-9f5f-2gw7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rq36-9f5f-2gw7" } ], "fixed_packages": [], "aliases": [ "CVE-2023-38249", "GHSA-rq36-9f5f-2gw7" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-466x-mpt9-gbgy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46929?format=api", "vulnerability_id": "VCID-4b5p-wqtj-7kbe", "summary": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changes on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39409", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00515", "scoring_system": "epss", "scoring_elements": "0.67045", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00515", "scoring_system": "epss", "scoring_elements": "0.67151", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00515", "scoring_system": "epss", "scoring_elements": "0.67137", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39409" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "apsb24-61.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:11:00Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39409", "reference_id": "CVE-2024-39409", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39409" }, { "reference_url": "https://github.com/advisories/GHSA-rf4q-m23c-7q8r", "reference_id": "GHSA-rf4q-m23c-7q8r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rf4q-m23c-7q8r" } ], "fixed_packages": [], "aliases": [ "CVE-2024-39409", "GHSA-rf4q-m23c-7q8r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4b5p-wqtj-7kbe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88199?format=api", "vulnerability_id": "VCID-4nqq-nrne-17a2", "summary": "Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. Scope is changed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54266", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18174", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18336", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18338", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.1836", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54266" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html", "reference_id": "apsb25-94.html", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:24:32Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54266", "reference_id": "CVE-2025-54266", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54266" }, { "reference_url": "https://github.com/advisories/GHSA-pcrx-r49h-x2w5", "reference_id": "GHSA-pcrx-r49h-x2w5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pcrx-r49h-x2w5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34331?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/34328?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha3" } ], "aliases": [ "CVE-2025-54266", "GHSA-pcrx-r49h-x2w5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4nqq-nrne-17a2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49294?format=api", "vulnerability_id": "VCID-549e-3kmc-cyfw", "summary": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access, leading to both confidentiality and integrity impact. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34104", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.7054", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.70537", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.70435", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.70526", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34104" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799" }, { "reference_url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2" }, { "reference_url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c" }, { "reference_url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html", "reference_id": "apsb24-40.html", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-06-14T13:48:20Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34104", "reference_id": "CVE-2024-34104", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34104" }, { "reference_url": "https://github.com/advisories/GHSA-wwj3-573j-rvvm", "reference_id": "GHSA-wwj3-573j-rvvm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wwj3-573j-rvvm" } ], "fixed_packages": [], "aliases": [ "CVE-2024-34104", "GHSA-wwj3-573j-rvvm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-549e-3kmc-cyfw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/124340?format=api", "vulnerability_id": "VCID-5edy-fp8q-97fp", "summary": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24417", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01321", "scoring_system": "epss", "scoring_elements": "0.80377", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01321", "scoring_system": "epss", "scoring_elements": "0.80368", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01321", "scoring_system": "epss", "scoring_elements": "0.803", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01321", "scoring_system": "epss", "scoring_elements": "0.80361", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24417" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24417", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24417" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "apsb25-08.html", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:50Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://github.com/advisories/GHSA-g3j6-9753-8mp2", "reference_id": "GHSA-g3j6-9753-8mp2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g3j6-9753-8mp2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376306?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-z97t-ffda-vfes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24417", "GHSA-g3j6-9753-8mp2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5edy-fp8q-97fp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87661?format=api", "vulnerability_id": "VCID-6d1u-exkw-hbfu", "summary": "Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54236", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.72152", "scoring_system": "epss", "scoring_elements": "0.98772", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.72152", "scoring_system": "epss", "scoring_elements": "0.98779", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.72152", "scoring_system": "epss", "scoring_elements": "0.98777", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54236" }, { "reference_url": "https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nullsecurityx.codes/cve-2025-54236-sessionreaper-unauthenticated-rce-in-magento", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nullsecurityx.codes/cve-2025-54236-sessionreaper-unauthenticated-rce-in-magento" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54236", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54236" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-54236", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-54236" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-88.html", "reference_id": "apsb25-88.html", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-24T14:08:30Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-88.html" }, { "reference_url": "https://github.com/advisories/GHSA-wh92-6q6g-px7j", "reference_id": "GHSA-wh92-6q6g-px7j", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wh92-6q6g-px7j" } ], "fixed_packages": [], "aliases": [ "CVE-2025-54236", "GHSA-wh92-6q6g-px7j" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6d1u-exkw-hbfu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46833?format=api", "vulnerability_id": "VCID-6v47-xgpq-zkgf", "summary": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user interaction and scope is changed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39401", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0264", "scoring_system": "epss", "scoring_elements": "0.86044", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0264", "scoring_system": "epss", "scoring_elements": "0.86101", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0264", "scoring_system": "epss", "scoring_elements": "0.86105", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0264", "scoring_system": "epss", "scoring_elements": "0.86093", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39401" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "apsb24-61.html", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:10:32Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39401", "reference_id": "CVE-2024-39401", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39401" }, { "reference_url": "https://github.com/advisories/GHSA-8frp-pxq2-3gpq", "reference_id": "GHSA-8frp-pxq2-3gpq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8frp-pxq2-3gpq" } ], "fixed_packages": [], "aliases": [ "CVE-2024-39401", "GHSA-8frp-pxq2-3gpq" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6v47-xgpq-zkgf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40736?format=api", "vulnerability_id": "VCID-78hy-q8kh-kyh7", "summary": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45123", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01248", "scoring_system": "epss", "scoring_elements": "0.79788", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01248", "scoring_system": "epss", "scoring_elements": "0.79723", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01248", "scoring_system": "epss", "scoring_elements": "0.79806", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01686", "scoring_system": "epss", "scoring_elements": "0.82688", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45123" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", "reference_id": "apsb24-73.html", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T13:55:45Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45123", "reference_id": "CVE-2024-45123", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45123" }, { "reference_url": "https://github.com/advisories/GHSA-88x2-cq34-5fwc", "reference_id": "GHSA-88x2-cq34-5fwc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-88x2-cq34-5fwc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34330?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" } ], "aliases": [ "CVE-2024-45123", "GHSA-88x2-cq34-5fwc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-78hy-q8kh-kyh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88207?format=api", "vulnerability_id": "VCID-7bmk-3ab2-9ba6", "summary": "Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to elevated privileges that increase integrity impact to high. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54267", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20657", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20679", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20479", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54267" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html", "reference_id": "apsb25-94.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-16T03:56:04Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54267", "reference_id": "CVE-2025-54267", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54267" }, { "reference_url": "https://github.com/advisories/GHSA-qvwr-p3hj-j6jf", "reference_id": "GHSA-qvwr-p3hj-j6jf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qvwr-p3hj-j6jf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34331?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/34328?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha3" } ], "aliases": [ "CVE-2025-54267", "GHSA-qvwr-p3hj-j6jf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7bmk-3ab2-9ba6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40263?format=api", "vulnerability_id": "VCID-7j68-gund-4qhp", "summary": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect confidentiality. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45132", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32503", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.3232", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32523", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00179", "scoring_system": "epss", "scoring_elements": "0.39531", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45132" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", "reference_id": "apsb24-73.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T14:02:03Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45132", "reference_id": "CVE-2024-45132", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45132" }, { "reference_url": "https://github.com/advisories/GHSA-5f64-ppmg-cvvm", "reference_id": "GHSA-5f64-ppmg-cvvm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5f64-ppmg-cvvm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34330?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" } ], "aliases": [ "CVE-2024-45132", "GHSA-5f64-ppmg-cvvm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7j68-gund-4qhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46839?format=api", "vulnerability_id": "VCID-8365-zgh2-w3cc", "summary": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39413", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.54261", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.54388", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.54386", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.54403", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39413" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "apsb24-61.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:08:47Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39413", "reference_id": "CVE-2024-39413", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39413" }, { "reference_url": "https://github.com/advisories/GHSA-8w5f-8992-g86j", "reference_id": "GHSA-8w5f-8992-g86j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8w5f-8992-g86j" } ], "fixed_packages": [], "aliases": [ "CVE-2024-39413", "GHSA-8w5f-8992-g86j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8365-zgh2-w3cc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40569?format=api", "vulnerability_id": "VCID-8gwb-c3ck-37f8", "summary": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45129", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24182", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24388", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24378", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29568", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45129" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", "reference_id": "apsb24-73.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T14:07:37Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45129", "reference_id": "CVE-2024-45129", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45129" }, { "reference_url": "https://github.com/advisories/GHSA-m58h-998x-66f3", "reference_id": "GHSA-m58h-998x-66f3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m58h-998x-66f3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34330?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" } ], "aliases": [ "CVE-2024-45129", "GHSA-m58h-998x-66f3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8gwb-c3ck-37f8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98404?format=api", "vulnerability_id": "VCID-9gb1-p5qf-3kd2", "summary": "Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability by manipulating the timing between the check of a resource's state and its use, allowing unauthorized write access. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49558", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01616", "scoring_system": "epss", "scoring_elements": "0.82277", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01616", "scoring_system": "epss", "scoring_elements": "0.8228", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01616", "scoring_system": "epss", "scoring_elements": "0.82215", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01616", "scoring_system": "epss", "scoring_elements": "0.82286", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49558" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49558", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49558" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html", "reference_id": "apsb25-71.html", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-13T15:04:13Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html" }, { "reference_url": "https://github.com/advisories/GHSA-wcmw-8xpp-rwfj", "reference_id": "GHSA-wcmw-8xpp-rwfj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wcmw-8xpp-rwfj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/377519?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/377518?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha2" } ], "aliases": [ "CVE-2025-49558", "GHSA-wcmw-8xpp-rwfj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9gb1-p5qf-3kd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/124633?format=api", "vulnerability_id": "VCID-9gbf-swtt-7bhz", "summary": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24424", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45476", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45464", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45317", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45466", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24424" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24424", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24424" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "apsb25-08.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:48:44Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://github.com/advisories/GHSA-539v-w87w-w62c", "reference_id": "GHSA-539v-w87w-w62c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-539v-w87w-w62c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376306?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-z97t-ffda-vfes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24424", "GHSA-539v-w87w-w62c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9gbf-swtt-7bhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40380?format=api", "vulnerability_id": "VCID-a6gj-zm14-aqhq", "summary": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity and availability. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45128", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.14085", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13962", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.14082", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.19175", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45128" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", "reference_id": "apsb24-73.html", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T13:53:58Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45128", "reference_id": "CVE-2024-45128", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45128" }, { "reference_url": "https://github.com/advisories/GHSA-qpp7-742q-58j3", "reference_id": "GHSA-qpp7-742q-58j3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qpp7-742q-58j3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34330?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" } ], "aliases": [ "CVE-2024-45128", "GHSA-qpp7-742q-58j3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a6gj-zm14-aqhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40470?format=api", "vulnerability_id": "VCID-ax9q-y1rb-33b2", "summary": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45124", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27116", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26913", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27134", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32618", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45124" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", "reference_id": "apsb24-73.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-10T13:54:17Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45124", "reference_id": "CVE-2024-45124", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45124" }, { "reference_url": "https://github.com/advisories/GHSA-w3p2-pc3h-69wv", "reference_id": "GHSA-w3p2-pc3h-69wv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w3p2-pc3h-69wv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34330?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" } ], "aliases": [ "CVE-2024-45124", "GHSA-w3p2-pc3h-69wv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ax9q-y1rb-33b2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40273?format=api", "vulnerability_id": "VCID-bfp1-cndf-d7d7", "summary": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45119", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00349", "scoring_system": "epss", "scoring_elements": "0.57792", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00349", "scoring_system": "epss", "scoring_elements": "0.5792", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00349", "scoring_system": "epss", "scoring_elements": "0.57905", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.65327", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45119" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", "reference_id": "apsb24-73.html", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T13:58:44Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45119", "reference_id": "CVE-2024-45119", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45119" }, { "reference_url": "https://github.com/advisories/GHSA-g9fm-wc6h-pvgj", "reference_id": "GHSA-g9fm-wc6h-pvgj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g9fm-wc6h-pvgj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34330?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" } ], "aliases": [ "CVE-2024-45119", "GHSA-g9fm-wc6h-pvgj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bfp1-cndf-d7d7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46971?format=api", "vulnerability_id": "VCID-bftg-2sea-57cv", "summary": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39419", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46366", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46508", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46511", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46522", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39419" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "apsb24-61.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:08:00Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39419", "reference_id": "CVE-2024-39419", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39419" }, { "reference_url": "https://github.com/advisories/GHSA-74w7-cr4v-wf2v", "reference_id": "GHSA-74w7-cr4v-wf2v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-74w7-cr4v-wf2v" } ], "fixed_packages": [], "aliases": [ "CVE-2024-39419", "GHSA-74w7-cr4v-wf2v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bftg-2sea-57cv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/117174?format=api", "vulnerability_id": "VCID-bvfd-gs5b-dyg7", "summary": "Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27190", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50533", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.5052", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50382", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50515", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27190" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27190", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27190" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-26.html", "reference_id": "apsb25-26.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-08T20:53:02Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-26.html" }, { "reference_url": "https://github.com/advisories/GHSA-6wq7-cg9h-mj6q", "reference_id": "GHSA-6wq7-cg9h-mj6q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6wq7-cg9h-mj6q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376306?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-z97t-ffda-vfes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-27190", "GHSA-6wq7-cg9h-mj6q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bvfd-gs5b-dyg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/124822?format=api", "vulnerability_id": "VCID-cyy2-3rr3-jkc8", "summary": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to read select data. Exploitation of this issue does not require user interaction", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24421", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.3555", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35556", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35373", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35573", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24421" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24421", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24421" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "apsb25-08.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:49:01Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://github.com/advisories/GHSA-v6r2-425c-hfrr", "reference_id": "GHSA-v6r2-425c-hfrr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v6r2-425c-hfrr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376306?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-z97t-ffda-vfes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24421", "GHSA-v6r2-425c-hfrr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cyy2-3rr3-jkc8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/124768?format=api", "vulnerability_id": "VCID-d9zc-rh9p-4bde", "summary": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass allowing read only access. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24429", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39865", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39878", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39695", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39889", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24429" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24429", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24429" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "apsb25-08.html", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:48:50Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://github.com/advisories/GHSA-656q-fx2w-8ccv", "reference_id": "GHSA-656q-fx2w-8ccv", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-656q-fx2w-8ccv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376306?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-z97t-ffda-vfes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24429", "GHSA-656q-fx2w-8ccv" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d9zc-rh9p-4bde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40181?format=api", "vulnerability_id": "VCID-dktm-v3jw-f7de", "summary": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to a security feature bypass. An attacker could exploit this vulnerability to alter a condition between the check and the use of a resource, having a low impact on integrity. Exploitation of this issue requires user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45120", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22698", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22503", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.2271", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27531", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45120" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", "reference_id": "apsb24-73.html", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T14:01:07Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45120", "reference_id": "CVE-2024-45120", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45120" }, { "reference_url": "https://github.com/advisories/GHSA-47jp-46c9-25vf", "reference_id": "GHSA-47jp-46c9-25vf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-47jp-46c9-25vf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34330?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" } ], "aliases": [ "CVE-2024-45120", "GHSA-47jp-46c9-25vf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dktm-v3jw-f7de" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46517?format=api", "vulnerability_id": "VCID-dsy7-gm7v-tqc8", "summary": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39415", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.54261", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.54388", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.54386", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.54403", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39415" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "apsb24-61.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:13:06Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39415", "reference_id": "CVE-2024-39415", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39415" }, { "reference_url": "https://github.com/advisories/GHSA-gj93-84g5-mcjq", "reference_id": "GHSA-gj93-84g5-mcjq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gj93-84g5-mcjq" } ], "fixed_packages": [], "aliases": [ "CVE-2024-39415", "GHSA-gj93-84g5-mcjq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dsy7-gm7v-tqc8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/124253?format=api", "vulnerability_id": "VCID-dytj-h56v-bke9", "summary": "Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to modify limited fields. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24435", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40682", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40668", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40491", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40659", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24435" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24435", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24435" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "apsb25-08.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:49:16Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://github.com/advisories/GHSA-82p4-55gj-956p", "reference_id": "GHSA-82p4-55gj-956p", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-82p4-55gj-956p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376306?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-z97t-ffda-vfes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24435", "GHSA-82p4-55gj-956p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dytj-h56v-bke9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40291?format=api", "vulnerability_id": "VCID-e2t8-b5yy-zkhn", "summary": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An admin attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45135", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34623", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34446", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34647", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41525", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45135" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", "reference_id": "apsb24-73.html", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T14:00:24Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45135", "reference_id": "CVE-2024-45135", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45135" }, { "reference_url": "https://github.com/advisories/GHSA-8pxg-gcp4-57ww", "reference_id": "GHSA-8pxg-gcp4-57ww", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8pxg-gcp4-57ww" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34330?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" } ], "aliases": [ "CVE-2024-45135", "GHSA-8pxg-gcp4-57ww" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e2t8-b5yy-zkhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49909?format=api", "vulnerability_id": "VCID-eban-ja9z-f7ep", "summary": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to gain unauthorized access or perform actions with the privileges of another user. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34106", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.71516", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.71514", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.71417", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.71504", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34106" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799" }, { "reference_url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2" }, { "reference_url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c" }, { "reference_url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html", "reference_id": "apsb24-40.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-13T16:21:10Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34106", "reference_id": "CVE-2024-34106", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34106" }, { "reference_url": "https://github.com/advisories/GHSA-p6h9-gx5g-wg64", "reference_id": "GHSA-p6h9-gx5g-wg64", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p6h9-gx5g-wg64" } ], "fixed_packages": [], "aliases": [ "CVE-2024-34106", "GHSA-p6h9-gx5g-wg64" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eban-ja9z-f7ep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/124732?format=api", "vulnerability_id": "VCID-esjc-zzqy-nycf", "summary": "Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Information Exposure vulnerability that could result in privilege escalation. A low-privileged attacker could gain unauthorized access to sensitive information. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24408", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.5984", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59831", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.5972", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59828", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24408" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24408", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24408" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "apsb25-08.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:49:13Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://github.com/advisories/GHSA-3cfg-w257-cgf8", "reference_id": "GHSA-3cfg-w257-cgf8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3cfg-w257-cgf8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376306?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-z97t-ffda-vfes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24408", "GHSA-3cfg-w257-cgf8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-esjc-zzqy-nycf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88335?format=api", "vulnerability_id": "VCID-eusf-bc81-9uhv", "summary": "Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-privileged attacker could leverage this vulnerability to bypass security measures and maintain unauthorized access. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54263", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25914", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.26115", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.2613", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.26114", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54263" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html", "reference_id": "apsb25-94.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:29Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54263", "reference_id": "CVE-2025-54263", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54263" }, { "reference_url": "https://github.com/advisories/GHSA-69x9-xp2j-w8g8", "reference_id": "GHSA-69x9-xp2j-w8g8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-69x9-xp2j-w8g8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34331?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/34328?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha3" } ], "aliases": [ "CVE-2025-54263", "GHSA-69x9-xp2j-w8g8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eusf-bc81-9uhv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/131725?format=api", "vulnerability_id": "VCID-fb5x-afrq-87aj", "summary": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Uncontrolled Resource Consumption vulnerability that could lead in minor application denial-of-service. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38251", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46298", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46296", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46154", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.4631", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38251" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38251", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38251" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html", "reference_id": "apsb23-50.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:50:04Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html" }, { "reference_url": "https://github.com/advisories/GHSA-7pfc-834q-h497", "reference_id": "GHSA-7pfc-834q-h497", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7pfc-834q-h497" } ], "fixed_packages": [], "aliases": [ "CVE-2023-38251", "GHSA-7pfc-834q-h497" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fb5x-afrq-87aj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/124891?format=api", "vulnerability_id": "VCID-ferd-u8gt-akds", "summary": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to a security feature bypass. An unauthenticated attacker could exploit this vulnerability to modify files that are stored outside the restricted directory. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24406", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46829", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46824", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46685", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46843", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24406" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24406", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24406" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "apsb25-08.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:51:36Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://github.com/advisories/GHSA-954p-ff72-327w", "reference_id": "GHSA-954p-ff72-327w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-954p-ff72-327w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376306?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-z97t-ffda-vfes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24406", "GHSA-954p-ff72-327w" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ferd-u8gt-akds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97905?format=api", "vulnerability_id": "VCID-fqkf-67fw-cyb8", "summary": "Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to modify limited data. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49559", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02291", "scoring_system": "epss", "scoring_elements": "0.8513", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02291", "scoring_system": "epss", "scoring_elements": "0.85122", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.02291", "scoring_system": "epss", "scoring_elements": "0.85068", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.02291", "scoring_system": "epss", "scoring_elements": "0.85121", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49559" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49559", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49559" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html", "reference_id": "apsb25-71.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-13T15:04:14Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html" }, { "reference_url": "https://github.com/advisories/GHSA-h4f4-gv6h-x824", "reference_id": "GHSA-h4f4-gv6h-x824", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h4f4-gv6h-x824" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/377519?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/377518?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha2" } ], "aliases": [ "CVE-2025-49559", "GHSA-h4f4-gv6h-x824" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fqkf-67fw-cyb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49820?format=api", "vulnerability_id": "VCID-frhp-vgpt-g7am", "summary": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction, but attack complexity is high.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34103", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01824", "scoring_system": "epss", "scoring_elements": "0.83355", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01824", "scoring_system": "epss", "scoring_elements": "0.8336", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01824", "scoring_system": "epss", "scoring_elements": "0.83294", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01824", "scoring_system": "epss", "scoring_elements": "0.83363", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34103" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799" }, { "reference_url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2" }, { "reference_url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c" }, { "reference_url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html", "reference_id": "apsb24-40.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-14T03:55:29Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34103", "reference_id": "CVE-2024-34103", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34103" }, { "reference_url": "https://github.com/advisories/GHSA-f7q4-9gwv-6774", "reference_id": "GHSA-f7q4-9gwv-6774", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f7q4-9gwv-6774" } ], "fixed_packages": [], "aliases": [ "CVE-2024-34103", "GHSA-f7q4-9gwv-6774" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-frhp-vgpt-g7am" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/124047?format=api", "vulnerability_id": "VCID-gac9-1nnp-67cc", "summary": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this race condition to alter a condition after it has been checked but before it is used, potentially bypassing rate limiting mechanisms. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24432", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.27912", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.27902", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.27686", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.27887", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24432" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24432", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24432" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "apsb25-08.html", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T19:09:50Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://github.com/advisories/GHSA-7jmr-43qj-pw47", "reference_id": "GHSA-7jmr-43qj-pw47", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7jmr-43qj-pw47" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376306?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-z97t-ffda-vfes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24432", "GHSA-7jmr-43qj-pw47" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gac9-1nnp-67cc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98222?format=api", "vulnerability_id": "VCID-gakd-m2af-z7c2", "summary": "Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized access. Exploitation of this issue requires user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49550", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.65051", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.6506", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64951", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.65062", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49550" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49550", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49550" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html", "reference_id": "apsb25-50.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T18:07:51Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html" }, { "reference_url": "https://github.com/advisories/GHSA-8hcx-xvww-6c6h", "reference_id": "GHSA-8hcx-xvww-6c6h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8hcx-xvww-6c6h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34330?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/34327?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha1" } ], "aliases": [ "CVE-2025-49550", "GHSA-8hcx-xvww-6c6h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gakd-m2af-z7c2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40168?format=api", "vulnerability_id": "VCID-ggtj-fbzy-87fx", "summary": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45122", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0012", "scoring_system": "epss", "scoring_elements": "0.30682", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0012", "scoring_system": "epss", "scoring_elements": "0.30485", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0012", "scoring_system": "epss", "scoring_elements": "0.30701", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.37192", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45122" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", "reference_id": "apsb24-73.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T13:59:49Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45122", "reference_id": "CVE-2024-45122", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45122" }, { "reference_url": "https://github.com/advisories/GHSA-46fm-x82m-5f74", "reference_id": "GHSA-46fm-x82m-5f74", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-46fm-x82m-5f74" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34330?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" } ], "aliases": [ "CVE-2024-45122", "GHSA-46fm-x82m-5f74" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ggtj-fbzy-87fx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98053?format=api", "vulnerability_id": "VCID-gx3s-7cxk-pyfc", "summary": "Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction, and scope is unchanged.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49556", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01048", "scoring_system": "epss", "scoring_elements": "0.77994", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01048", "scoring_system": "epss", "scoring_elements": "0.78002", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01048", "scoring_system": "epss", "scoring_elements": "0.77927", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01048", "scoring_system": "epss", "scoring_elements": "0.78008", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49556" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49556", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49556" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html", "reference_id": "apsb25-71.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-13T14:18:25Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html" }, { "reference_url": "https://github.com/advisories/GHSA-7hrj-3c9x-xv5h", "reference_id": "GHSA-7hrj-3c9x-xv5h", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7hrj-3c9x-xv5h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/377519?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/377518?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha2" } ], "aliases": [ "CVE-2025-49556", "GHSA-7hrj-3c9x-xv5h" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gx3s-7cxk-pyfc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46736?format=api", "vulnerability_id": "VCID-gxbc-u5mr-f3c9", "summary": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Confidentiality impact is high due to the attacker being able to exfiltrate sensitive information.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39403", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02812", "scoring_system": "epss", "scoring_elements": "0.86453", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.02812", "scoring_system": "epss", "scoring_elements": "0.86512", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.02812", "scoring_system": "epss", "scoring_elements": "0.86514", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02812", "scoring_system": "epss", "scoring_elements": "0.86504", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39403" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "apsb24-61.html", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:08:14Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39403", "reference_id": "CVE-2024-39403", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39403" }, { "reference_url": "https://github.com/advisories/GHSA-mmp7-8cg4-9wrg", "reference_id": "GHSA-mmp7-8cg4-9wrg", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mmp7-8cg4-9wrg" } ], "fixed_packages": [], "aliases": [ "CVE-2024-39403", "GHSA-mmp7-8cg4-9wrg" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gxbc-u5mr-f3c9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/124171?format=api", "vulnerability_id": "VCID-gzga-qjaf-kugh", "summary": "Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24428", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0102", "scoring_system": "epss", "scoring_elements": "0.77716", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0102", "scoring_system": "epss", "scoring_elements": "0.77722", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0102", "scoring_system": "epss", "scoring_elements": "0.77648", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0102", "scoring_system": "epss", "scoring_elements": "0.7773", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24428" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24428", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24428" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "apsb25-08.html", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:49:10Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://github.com/advisories/GHSA-mm87-rrqx-94cr", "reference_id": "GHSA-mm87-rrqx-94cr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mm87-rrqx-94cr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376306?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-z97t-ffda-vfes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24428", "GHSA-mm87-rrqx-94cr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gzga-qjaf-kugh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87827?format=api", "vulnerability_id": "VCID-h2ju-dedu-fqad", "summary": "Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54265", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29491", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.2969", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29706", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29688", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54265" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html", "reference_id": "apsb25-94.html", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T20:35:42Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54265", "reference_id": "CVE-2025-54265", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54265" }, { "reference_url": "https://github.com/advisories/GHSA-r355-75hw-r8jf", "reference_id": "GHSA-r355-75hw-r8jf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r355-75hw-r8jf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34331?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/34328?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha3" } ], "aliases": [ "CVE-2025-54265", "GHSA-r355-75hw-r8jf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h2ju-dedu-fqad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46560?format=api", "vulnerability_id": "VCID-j9e4-4xta-6qc5", "summary": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39414", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55433", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55556", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55553", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55568", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39414" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "apsb24-61.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:11:42Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39414", "reference_id": "CVE-2024-39414", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39414" }, { "reference_url": "https://github.com/advisories/GHSA-x6f9-hv9r-fgq4", "reference_id": "GHSA-x6f9-hv9r-fgq4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x6f9-hv9r-fgq4" } ], "fixed_packages": [], "aliases": [ "CVE-2024-39414", "GHSA-x6f9-hv9r-fgq4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j9e4-4xta-6qc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/117136?format=api", "vulnerability_id": "VCID-jc6r-vmnc-r3g9", "summary": "Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27188", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36523", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36511", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36317", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36497", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27188" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27188", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27188" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-26.html", "reference_id": "apsb25-26.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T20:53:30Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-26.html" }, { "reference_url": "https://github.com/advisories/GHSA-rr2g-rrjj-xw86", "reference_id": "GHSA-rr2g-rrjj-xw86", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rr2g-rrjj-xw86" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34325?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-53sd-5nuj-e7d9" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8" } ], "aliases": [ "CVE-2025-27188", "GHSA-rr2g-rrjj-xw86" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jc6r-vmnc-r3g9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46412?format=api", "vulnerability_id": "VCID-jeur-3jww-dqee", "summary": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and perform a minor integrity change. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39412", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50751", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50755", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50617", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00269", "scoring_system": "epss", "scoring_elements": "0.50768", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39412" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "apsb24-61.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:11:56Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39412", "reference_id": "CVE-2024-39412", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39412" }, { "reference_url": "https://github.com/advisories/GHSA-7472-vw39-g2j3", "reference_id": "GHSA-7472-vw39-g2j3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7472-vw39-g2j3" } ], "fixed_packages": [], "aliases": [ "CVE-2024-39412", "GHSA-7472-vw39-g2j3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jeur-3jww-dqee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/132280?format=api", "vulnerability_id": "VCID-jkrp-j7st-27f3", "summary": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38250", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01841", "scoring_system": "epss", "scoring_elements": "0.83439", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01841", "scoring_system": "epss", "scoring_elements": "0.83373", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01841", "scoring_system": "epss", "scoring_elements": "0.83442", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01841", "scoring_system": "epss", "scoring_elements": "0.83433", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38250" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38250", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38250" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html", "reference_id": "apsb23-50.html", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T21:49:35Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html" }, { "reference_url": "https://github.com/advisories/GHSA-h3g9-cwr6-hphx", "reference_id": "GHSA-h3g9-cwr6-hphx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h3g9-cwr6-hphx" } ], "fixed_packages": [], "aliases": [ "CVE-2023-38250", "GHSA-h3g9-cwr6-hphx" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jkrp-j7st-27f3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46759?format=api", "vulnerability_id": "VCID-jyhf-huep-tya2", "summary": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to perform brute force attacks and potentially gain unauthorized access to accounts. Exploitation of this issue does not require user interaction, but attack complexity is high.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39398", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.47077", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.47214", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.47232", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.47218", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39398" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "apsb24-61.html", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:10:17Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39398", "reference_id": "CVE-2024-39398", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39398" }, { "reference_url": "https://github.com/advisories/GHSA-q628-54wg-4r5q", "reference_id": "GHSA-q628-54wg-4r5q", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q628-54wg-4r5q" } ], "fixed_packages": [], "aliases": [ "CVE-2024-39398", "GHSA-q628-54wg-4r5q" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jyhf-huep-tya2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49778?format=api", "vulnerability_id": "VCID-kf6b-mshs-23fa", "summary": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and view minor unauthorised information. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34107", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00729", "scoring_system": "epss", "scoring_elements": "0.7321", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00729", "scoring_system": "epss", "scoring_elements": "0.73208", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00729", "scoring_system": "epss", "scoring_elements": "0.73117", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00729", "scoring_system": "epss", "scoring_elements": "0.73195", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34107" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799" }, { "reference_url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2" }, { "reference_url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c" }, { "reference_url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html", "reference_id": "apsb24-40.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-06-14T13:30:50Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34107", "reference_id": "CVE-2024-34107", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34107" }, { "reference_url": "https://github.com/advisories/GHSA-r7cm-g469-wm4g", "reference_id": "GHSA-r7cm-g469-wm4g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r7cm-g469-wm4g" } ], "fixed_packages": [], "aliases": [ "CVE-2024-34107", "GHSA-r7cm-g469-wm4g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kf6b-mshs-23fa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40170?format=api", "vulnerability_id": "VCID-kfct-k5af-n7fu", "summary": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code. If an admin attacker can trick a user into clicking a specially crafted link or submitting a form, malicious scripts may be executed within the context of the victim's browser and have high impact on confidentiality and integrity. Exploitation of this issue requires user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45116", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01833", "scoring_system": "epss", "scoring_elements": "0.83391", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01833", "scoring_system": "epss", "scoring_elements": "0.8333", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01833", "scoring_system": "epss", "scoring_elements": "0.834", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0247", "scoring_system": "epss", "scoring_elements": "0.85647", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45116" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "6.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", "reference_id": "apsb24-73.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "6.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-10T13:56:29Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45116", "reference_id": "CVE-2024-45116", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "6.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45116" }, { "reference_url": "https://github.com/advisories/GHSA-873m-72g6-853g", "reference_id": "GHSA-873m-72g6-853g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-873m-72g6-853g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34330?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" } ], "aliases": [ "CVE-2024-45116", "GHSA-873m-72g6-853g" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kfct-k5af-n7fu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/124493?format=api", "vulnerability_id": "VCID-kjc9-vrhf-hfav", "summary": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24427", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40682", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40668", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40491", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40659", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24427" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24427", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24427" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "apsb25-08.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:49:04Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://github.com/advisories/GHSA-v3hq-g424-5mgg", "reference_id": "GHSA-v3hq-g424-5mgg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v3hq-g424-5mgg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376306?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-z97t-ffda-vfes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24427", "GHSA-v3hq-g424-5mgg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kjc9-vrhf-hfav" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97819?format=api", "vulnerability_id": "VCID-ktnj-j4xu-uufs", "summary": "Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in privilege escalation. A high-privileged attacker could trick a victim into executing unintended actions on a web application where the victim is authenticated, potentially allowing unauthorized access or modification of sensitive data. Exploitation of this issue requires user interaction in that a victim must visit a malicious website or click on a crafted link. Scope is changed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49555", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.59265", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.59149", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.59261", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.59273", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49555" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49555", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49555" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html", "reference_id": "apsb25-71.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-13T15:04:10Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html" }, { "reference_url": "https://github.com/advisories/GHSA-5777-jj7p-mpqw", "reference_id": "GHSA-5777-jj7p-mpqw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5777-jj7p-mpqw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/377519?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/377518?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha2" } ], "aliases": [ "CVE-2025-49555", "GHSA-5777-jj7p-mpqw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ktnj-j4xu-uufs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/116898?format=api", "vulnerability_id": "VCID-kxjv-xm7r-hkhs", "summary": "Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27191", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50533", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.5052", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50382", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50515", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27191" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27191", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27191" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-26.html", "reference_id": "apsb25-26.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-08T20:53:08Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-26.html" }, { "reference_url": "https://github.com/advisories/GHSA-vhcq-4xrm-2cr2", "reference_id": "GHSA-vhcq-4xrm-2cr2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vhcq-4xrm-2cr2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376306?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-z97t-ffda-vfes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-27191", "GHSA-vhcq-4xrm-2cr2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kxjv-xm7r-hkhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40233?format=api", "vulnerability_id": "VCID-mccb-abc5-9yfs", "summary": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have high impact on integrity. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45118", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.25049", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24849", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.25066", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30306", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45118" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", "reference_id": "apsb24-73.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T13:45:03Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45118", "reference_id": "CVE-2024-45118", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45118" }, { "reference_url": "https://github.com/advisories/GHSA-cg52-68fv-94qq", "reference_id": "GHSA-cg52-68fv-94qq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cg52-68fv-94qq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34330?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" } ], "aliases": [ "CVE-2024-45118", "GHSA-cg52-68fv-94qq" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mccb-abc5-9yfs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40506?format=api", "vulnerability_id": "VCID-ngx2-ewzf-xbd4", "summary": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to read files from the system outside of the intended directories via PHP filter chain and also can have a low-availability impact on the service. Exploitation of this issue does not require user interaction and scope is changed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45117", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0026", "scoring_system": "epss", "scoring_elements": "0.49812", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0026", "scoring_system": "epss", "scoring_elements": "0.49675", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0026", "scoring_system": "epss", "scoring_elements": "0.49831", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.58204", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45117" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L" }, { "value": "6.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", "reference_id": "apsb24-73.html", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L" }, { "value": "6.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T14:07:29Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45117", "reference_id": "CVE-2024-45117", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L" }, { "value": "6.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45117" }, { "reference_url": "https://github.com/advisories/GHSA-3fr3-gcqh-3m2g", "reference_id": "GHSA-3fr3-gcqh-3m2g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3fr3-gcqh-3m2g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34330?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" } ], "aliases": [ "CVE-2024-45117", "GHSA-3fr3-gcqh-3m2g" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ngx2-ewzf-xbd4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/124632?format=api", "vulnerability_id": "VCID-ntst-nee5-63d3", "summary": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24410", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01784", "scoring_system": "epss", "scoring_elements": "0.83207", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01784", "scoring_system": "epss", "scoring_elements": "0.83202", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01784", "scoring_system": "epss", "scoring_elements": "0.83137", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01784", "scoring_system": "epss", "scoring_elements": "0.83198", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24410" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24410", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24410" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "apsb25-08.html", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:38Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://github.com/advisories/GHSA-gjxp-46rq-wg4q", "reference_id": "GHSA-gjxp-46rq-wg4q", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gjxp-46rq-wg4q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376306?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-z97t-ffda-vfes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24410", "GHSA-gjxp-46rq-wg4q" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ntst-nee5-63d3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40624?format=api", "vulnerability_id": "VCID-pb4n-m8cv-9bb7", "summary": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to have a low impact on integrity. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45125", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21237", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21432", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21419", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.2624", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45125" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", "reference_id": "apsb24-73.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T14:06:28Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45125", "reference_id": "CVE-2024-45125", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45125" }, { "reference_url": "https://github.com/advisories/GHSA-xg36-8c2v-jpxh", "reference_id": "GHSA-xg36-8c2v-jpxh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xg36-8c2v-jpxh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34330?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" } ], "aliases": [ "CVE-2024-45125", "GHSA-xg36-8c2v-jpxh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pb4n-m8cv-9bb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87743?format=api", "vulnerability_id": "VCID-pcm6-819d-6uhm", "summary": "Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. Scope is changed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54264", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.44038", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.44198", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.44191", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.4421", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54264" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html", "reference_id": "apsb25-94.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:28Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54264", "reference_id": "CVE-2025-54264", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54264" }, { "reference_url": "https://github.com/advisories/GHSA-2768-5wmv-cfff", "reference_id": "GHSA-2768-5wmv-cfff", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2768-5wmv-cfff" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34331?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/34328?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha3" } ], "aliases": [ "CVE-2025-54264", "GHSA-2768-5wmv-cfff" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pcm6-819d-6uhm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/124042?format=api", "vulnerability_id": "VCID-pfvk-8q6r-e7c5", "summary": "Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain elevated privileges. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24437", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35907", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35894", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35704", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35884", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24437" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24437", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24437" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "apsb25-08.html", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:48:35Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://github.com/advisories/GHSA-469f-wf4f-3jjv", "reference_id": "GHSA-469f-wf4f-3jjv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-469f-wf4f-3jjv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376306?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-z97t-ffda-vfes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24437", "GHSA-469f-wf4f-3jjv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pfvk-8q6r-e7c5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/124216?format=api", "vulnerability_id": "VCID-psnm-zaza-tuf9", "summary": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24414", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01321", "scoring_system": "epss", "scoring_elements": "0.80377", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01321", "scoring_system": "epss", "scoring_elements": "0.80368", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01321", "scoring_system": "epss", "scoring_elements": "0.803", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01321", "scoring_system": "epss", "scoring_elements": "0.80361", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24414" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24414", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24414" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "apsb25-08.html", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:45Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://github.com/advisories/GHSA-fhw6-3mj5-w9gv", "reference_id": "GHSA-fhw6-3mj5-w9gv", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fhw6-3mj5-w9gv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376306?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-z97t-ffda-vfes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24414", "GHSA-fhw6-3mj5-w9gv" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-psnm-zaza-tuf9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/124011?format=api", "vulnerability_id": "VCID-pu8a-r3v2-g7h9", "summary": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24416", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01321", "scoring_system": "epss", "scoring_elements": "0.80377", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01321", "scoring_system": "epss", "scoring_elements": "0.80368", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01321", "scoring_system": "epss", "scoring_elements": "0.803", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01321", "scoring_system": "epss", "scoring_elements": "0.80361", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24416" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24416", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24416" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "apsb25-08.html", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:48Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://github.com/advisories/GHSA-rjjw-g6hw-7pc9", "reference_id": "GHSA-rjjw-g6hw-7pc9", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rjjw-g6hw-7pc9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376306?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-z97t-ffda-vfes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24416", "GHSA-rjjw-g6hw-7pc9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pu8a-r3v2-g7h9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/135957?format=api", "vulnerability_id": "VCID-q12a-kwpk-yufv", "summary": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privileged authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction, scope is changed due to the fact that an attacker can enforce file read outside the application's path boundary.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-26366", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.58358", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.58346", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.5823", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.58342", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-26366" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N" }, { "value": "5.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26366", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N" }, { "value": "5.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26366" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html", "reference_id": "apsb23-50.html", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N" }, { "value": "5.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:49:13Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html" }, { "reference_url": "https://github.com/advisories/GHSA-8jxc-5f94-22vh", "reference_id": "GHSA-8jxc-5f94-22vh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8jxc-5f94-22vh" } ], "fixed_packages": [], "aliases": [ "CVE-2023-26366", "GHSA-8jxc-5f94-22vh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q12a-kwpk-yufv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/116851?format=api", "vulnerability_id": "VCID-q68u-w433-tqb9", "summary": "Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to gain unauthorized access to protected resources by obtaining sensitive credential information. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27192", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28281", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28067", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28266", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.2829", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27192" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27192", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27192" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-26.html", "reference_id": "apsb25-26.html", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T20:53:23Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-26.html" }, { "reference_url": "https://github.com/advisories/GHSA-2r94-wm5v-4prx", "reference_id": "GHSA-2r94-wm5v-4prx", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2r94-wm5v-4prx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376306?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-z97t-ffda-vfes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-27192", "GHSA-2r94-wm5v-4prx" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q68u-w433-tqb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46597?format=api", "vulnerability_id": "VCID-qbx1-jqke-v7hf", "summary": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user interaction and scope is changed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39402", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0264", "scoring_system": "epss", "scoring_elements": "0.86093", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0264", "scoring_system": "epss", "scoring_elements": "0.86101", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0264", "scoring_system": "epss", "scoring_elements": "0.86044", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0264", "scoring_system": "epss", "scoring_elements": "0.86105", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39402" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "apsb24-61.html", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:12:09Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39402", "reference_id": "CVE-2024-39402", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39402" }, { "reference_url": "https://github.com/advisories/GHSA-2ff6-837j-hg5x", "reference_id": "GHSA-2ff6-837j-hg5x", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2ff6-837j-hg5x" } ], "fixed_packages": [], "aliases": [ "CVE-2024-39402", "GHSA-2ff6-837j-hg5x" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qbx1-jqke-v7hf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/124648?format=api", "vulnerability_id": "VCID-qh9p-8b9r-mufh", "summary": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24412", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01321", "scoring_system": "epss", "scoring_elements": "0.80377", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01321", "scoring_system": "epss", "scoring_elements": "0.80368", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01321", "scoring_system": "epss", "scoring_elements": "0.803", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01321", "scoring_system": "epss", "scoring_elements": "0.80361", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24412" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24412", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24412" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "apsb25-08.html", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:41Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://github.com/advisories/GHSA-m4rg-mpp2-97px", "reference_id": "GHSA-m4rg-mpp2-97px", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m4rg-mpp2-97px" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376306?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-z97t-ffda-vfes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24412", "GHSA-m4rg-mpp2-97px" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qh9p-8b9r-mufh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46855?format=api", "vulnerability_id": "VCID-qnpc-4r4b-3uhx", "summary": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39417", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.54261", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.54388", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.54386", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.54403", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39417" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "apsb24-61.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:09:31Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39417", "reference_id": "CVE-2024-39417", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39417" }, { "reference_url": "https://github.com/advisories/GHSA-4xmj-f664-hv98", "reference_id": "GHSA-4xmj-f664-hv98", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4xmj-f664-hv98" } ], "fixed_packages": [], "aliases": [ "CVE-2024-39417", "GHSA-4xmj-f664-hv98" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qnpc-4r4b-3uhx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/136042?format=api", "vulnerability_id": "VCID-qr8w-qwb5-6uag", "summary": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-26367", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58915", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58905", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58788", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.589", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-26367" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26367", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26367" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html", "reference_id": "apsb23-50.html", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:49:12Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb23-50.html" }, { "reference_url": "https://github.com/advisories/GHSA-9mx6-4gg4-85xj", "reference_id": "GHSA-9mx6-4gg4-85xj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9mx6-4gg4-85xj" } ], "fixed_packages": [], "aliases": [ "CVE-2023-26367", "GHSA-9mx6-4gg4-85xj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qr8w-qwb5-6uag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/124166?format=api", "vulnerability_id": "VCID-rm7u-jwat-v7f1", "summary": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access, leading to both a High impact to confidentiality and Low impact to integrity. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24409", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.35006", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.34985", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.34804", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.34983", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24409" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24409", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24409" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "apsb25-08.html", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-11T19:11:11Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://github.com/advisories/GHSA-vw47-79jv-3598", "reference_id": "GHSA-vw47-79jv-3598", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vw47-79jv-3598" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376306?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-z97t-ffda-vfes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24409", "GHSA-vw47-79jv-3598" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rm7u-jwat-v7f1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40833?format=api", "vulnerability_id": "VCID-rw4d-b9yt-mbhz", "summary": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45127", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01887", "scoring_system": "epss", "scoring_elements": "0.83639", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01887", "scoring_system": "epss", "scoring_elements": "0.83646", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01887", "scoring_system": "epss", "scoring_elements": "0.8358", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01887", "scoring_system": "epss", "scoring_elements": "0.83649", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45127" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", "reference_id": "apsb24-73.html", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T13:55:55Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45127", "reference_id": "CVE-2024-45127", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45127" }, { "reference_url": "https://github.com/advisories/GHSA-c89g-gq5r-2xw2", "reference_id": "GHSA-c89g-gq5r-2xw2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c89g-gq5r-2xw2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34330?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" } ], "aliases": [ "CVE-2024-45127", "GHSA-c89g-gq5r-2xw2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rw4d-b9yt-mbhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40770?format=api", "vulnerability_id": "VCID-s45p-jru3-w3df", "summary": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45133", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28838", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28638", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28863", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.35094", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45133" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", "reference_id": "apsb24-73.html", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T13:54:05Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45133", "reference_id": "CVE-2024-45133", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45133" }, { "reference_url": "https://github.com/advisories/GHSA-j3mh-wx5f-2vhg", "reference_id": "GHSA-j3mh-wx5f-2vhg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j3mh-wx5f-2vhg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34330?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" } ], "aliases": [ "CVE-2024-45133", "GHSA-j3mh-wx5f-2vhg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s45p-jru3-w3df" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46443?format=api", "vulnerability_id": "VCID-s7t9-h2jx-9bgr", "summary": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39416", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55433", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55556", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55553", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55568", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39416" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "apsb24-61.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:11:27Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39416", "reference_id": "CVE-2024-39416", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39416" }, { "reference_url": "https://github.com/advisories/GHSA-4xgg-rw35-7mv5", "reference_id": "GHSA-4xgg-rw35-7mv5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4xgg-rw35-7mv5" } ], "fixed_packages": [], "aliases": [ "CVE-2024-39416", "GHSA-4xgg-rw35-7mv5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s7t9-h2jx-9bgr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/124016?format=api", "vulnerability_id": "VCID-t4gd-uv9g-ukh5", "summary": "Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Business Logic Error vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to circumvent intended security mechanisms by manipulating the logic of the application's operations causing limited data modification. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24425", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.48199", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.48183", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.48044", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.48182", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24425" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24425", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24425" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "apsb25-08.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:51:39Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://github.com/advisories/GHSA-6ff8-jrfg-43hh", "reference_id": "GHSA-6ff8-jrfg-43hh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6ff8-jrfg-43hh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376306?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-z97t-ffda-vfes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24425", "GHSA-6ff8-jrfg-43hh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t4gd-uv9g-ukh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40636?format=api", "vulnerability_id": "VCID-twda-bvut-9bhp", "summary": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45134", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.30641", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.30857", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.3084", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37387", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45134" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", "reference_id": "apsb24-73.html", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T14:05:23Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45134", "reference_id": "CVE-2024-45134", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45134" }, { "reference_url": "https://github.com/advisories/GHSA-4f89-5cwm-rm5g", "reference_id": "GHSA-4f89-5cwm-rm5g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4f89-5cwm-rm5g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34330?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" } ], "aliases": [ "CVE-2024-45134", "GHSA-4f89-5cwm-rm5g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-twda-bvut-9bhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97813?format=api", "vulnerability_id": "VCID-twdq-g82m-nqcp", "summary": "Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability by providing specially crafted input, causing the application to crash or become unresponsive. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49554", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01005", "scoring_system": "epss", "scoring_elements": "0.77538", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01005", "scoring_system": "epss", "scoring_elements": "0.77544", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01005", "scoring_system": "epss", "scoring_elements": "0.77469", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01005", "scoring_system": "epss", "scoring_elements": "0.77553", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49554" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49554", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49554" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html", "reference_id": "apsb25-71.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-13T14:18:27Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html" }, { "reference_url": "https://github.com/advisories/GHSA-xgfm-992v-h2hr", "reference_id": "GHSA-xgfm-992v-h2hr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xgfm-992v-h2hr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/377519?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/377518?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-pcm6-819d-6uhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha2" } ], "aliases": [ "CVE-2025-49554", "GHSA-xgfm-992v-h2hr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-twdq-g82m-nqcp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46640?format=api", "vulnerability_id": "VCID-u52p-wrjp-quhk", "summary": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changeson behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39408", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00515", "scoring_system": "epss", "scoring_elements": "0.67045", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00515", "scoring_system": "epss", "scoring_elements": "0.67151", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00515", "scoring_system": "epss", "scoring_elements": "0.67137", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39408" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "apsb24-61.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:09:17Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39408", "reference_id": "CVE-2024-39408", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39408" }, { "reference_url": "https://github.com/advisories/GHSA-4cj6-f32v-6hgx", "reference_id": "GHSA-4cj6-f32v-6hgx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4cj6-f32v-6hgx" } ], "fixed_packages": [], "aliases": [ "CVE-2024-39408", "GHSA-4cj6-f32v-6hgx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u52p-wrjp-quhk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/124757?format=api", "vulnerability_id": "VCID-u9vz-axk1-fqfn", "summary": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24415", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01321", "scoring_system": "epss", "scoring_elements": "0.80377", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01321", "scoring_system": "epss", "scoring_elements": "0.80368", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01321", "scoring_system": "epss", "scoring_elements": "0.803", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01321", "scoring_system": "epss", "scoring_elements": "0.80361", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24415" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24415", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24415" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "apsb25-08.html", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:47Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://github.com/advisories/GHSA-gc27-rvvm-q77r", "reference_id": "GHSA-gc27-rvvm-q77r", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gc27-rvvm-q77r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376306?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-z97t-ffda-vfes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24415", "GHSA-gc27-rvvm-q77r" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u9vz-axk1-fqfn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40166?format=api", "vulnerability_id": "VCID-vgz6-nvj3-xqft", "summary": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality and integrity. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45131", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32565", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32384", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32585", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39602", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45131" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", "reference_id": "apsb24-73.html", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T14:02:38Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45131", "reference_id": "CVE-2024-45131", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45131" }, { "reference_url": "https://github.com/advisories/GHSA-xc5p-773w-m3pm", "reference_id": "GHSA-xc5p-773w-m3pm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xc5p-773w-m3pm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34330?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" } ], "aliases": [ "CVE-2024-45131", "GHSA-xc5p-773w-m3pm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vgz6-nvj3-xqft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46849?format=api", "vulnerability_id": "VCID-vwpg-z9en-6yej", "summary": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an admin attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a malicious link. Confidentiality and integrity impact is high as it affects other admin accounts.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39400", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01472", "scoring_system": "epss", "scoring_elements": "0.81419", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01472", "scoring_system": "epss", "scoring_elements": "0.81428", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01472", "scoring_system": "epss", "scoring_elements": "0.81358", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39400" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "apsb24-61.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:12:38Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39400", "reference_id": "CVE-2024-39400", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39400" }, { "reference_url": "https://github.com/advisories/GHSA-52fg-wjxm-pp44", "reference_id": "GHSA-52fg-wjxm-pp44", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-52fg-wjxm-pp44" } ], "fixed_packages": [], "aliases": [ "CVE-2024-39400", "GHSA-52fg-wjxm-pp44" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vwpg-z9en-6yej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46579?format=api", "vulnerability_id": "VCID-wfdz-b6c4-quhq", "summary": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39411", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.54261", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.54388", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.54386", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.54403", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39411" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "apsb24-61.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:11:14Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39411", "reference_id": "CVE-2024-39411", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39411" }, { "reference_url": "https://github.com/advisories/GHSA-qm77-mqf3-fmhq", "reference_id": "GHSA-qm77-mqf3-fmhq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qm77-mqf3-fmhq" } ], "fixed_packages": [], "aliases": [ "CVE-2024-39411", "GHSA-qm77-mqf3-fmhq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wfdz-b6c4-quhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/124857?format=api", "vulnerability_id": "VCID-wxkj-7zgv-x7bc", "summary": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this race condition to alter a condition after it has been checked but before it is used, potentially bypassing rate limiting mechanisms. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24430", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.27887", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.27902", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.27686", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.27912", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24430" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24430", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24430" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "apsb25-08.html", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:48:47Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://github.com/advisories/GHSA-6w27-c66f-gvhq", "reference_id": "GHSA-6w27-c66f-gvhq", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6w27-c66f-gvhq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376306?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-z97t-ffda-vfes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24430", "GHSA-6w27-c66f-gvhq" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wxkj-7zgv-x7bc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/117249?format=api", "vulnerability_id": "VCID-xgh4-b9yn-dkh4", "summary": "Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited write access. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27206", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00706", "scoring_system": "epss", "scoring_elements": "0.72686", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00706", "scoring_system": "epss", "scoring_elements": "0.72683", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00706", "scoring_system": "epss", "scoring_elements": "0.72594", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00706", "scoring_system": "epss", "scoring_elements": "0.72671", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27206" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27206", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27206" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html", "reference_id": "apsb25-50.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T18:08:33Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html" }, { "reference_url": "https://github.com/advisories/GHSA-g2pj-xmxq-3r9q", "reference_id": "GHSA-g2pj-xmxq-3r9q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g2pj-xmxq-3r9q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34330?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/34327?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha1" } ], "aliases": [ "CVE-2025-27206", "GHSA-g2pj-xmxq-3r9q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xgh4-b9yn-dkh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49335?format=api", "vulnerability_id": "VCID-xgk2-yecx-q3ff", "summary": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34102", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94171", "scoring_system": "epss", "scoring_elements": "0.99921", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.94171", "scoring_system": "epss", "scoring_elements": "0.9992", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34102" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799" }, { "reference_url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2" }, { "reference_url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c" }, { "reference_url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482#diff-84a0773a6287fbbaadf3b9103f4a137fc0b6946de2437ddfd6f60a0722cf8d23", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482#diff-84a0773a6287fbbaadf3b9103f4a137fc0b6946de2437ddfd6f60a0722cf8d23" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html", "reference_id": "apsb24-40.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-07-18T03:55:19Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html" }, { "reference_url": "https://www.vicarius.io/vsociety/posts/cosmicsting-critical-unauthenticated-xxe-vulnerability-in-adobe-commerce-and-magento-cve-2024-34102", "reference_id": "cosmicsting-critical-unauthenticated-xxe-vulnerability-in-adobe-commerce-and-magento-cve-2024-34102", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-07-18T03:55:19Z/" } ], "url": "https://www.vicarius.io/vsociety/posts/cosmicsting-critical-unauthenticated-xxe-vulnerability-in-adobe-commerce-and-magento-cve-2024-34102" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34102", "reference_id": "CVE-2024-34102", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34102" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2024-34102.yaml", "reference_id": "CVE-2024-34102.YAML", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2024-34102.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-m8cj-3v68-3cxj", "reference_id": "GHSA-m8cj-3v68-3cxj", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m8cj-3v68-3cxj" } ], "fixed_packages": [], "aliases": [ "CVE-2024-34102", "GHSA-m8cj-3v68-3cxj" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xgk2-yecx-q3ff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88657?format=api", "vulnerability_id": "VCID-xjd4-w9bn-mbex", "summary": "Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access leading to a limited impact to confidentiality and a high impact to integrity. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-43585", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00591", "scoring_system": "epss", "scoring_elements": "0.69786", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00591", "scoring_system": "epss", "scoring_elements": "0.69797", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00591", "scoring_system": "epss", "scoring_elements": "0.69695", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00591", "scoring_system": "epss", "scoring_elements": "0.698", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-43585" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43585", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43585" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html", "reference_id": "apsb25-50.html", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T17:23:05Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html" }, { "reference_url": "https://github.com/advisories/GHSA-r487-9vv5-75gg", "reference_id": "GHSA-r487-9vv5-75gg", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r487-9vv5-75gg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34330?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/34327?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha1" } ], "aliases": [ "CVE-2025-43585", "GHSA-r487-9vv5-75gg" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xjd4-w9bn-mbex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46765?format=api", "vulnerability_id": "VCID-xmby-7b1y-v3cn", "summary": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39404", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.48", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.48016", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47859", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39404" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html", "reference_id": "apsb24-61.html", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:12:52Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39404", "reference_id": "CVE-2024-39404", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39404" }, { "reference_url": "https://github.com/advisories/GHSA-qrh3-vxjg-h9h6", "reference_id": "GHSA-qrh3-vxjg-h9h6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qrh3-vxjg-h9h6" } ], "fixed_packages": [], "aliases": [ "CVE-2024-39404", "GHSA-qrh3-vxjg-h9h6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xmby-7b1y-v3cn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97932?format=api", "vulnerability_id": "VCID-xqc4-jf6e-abfg", "summary": "Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized access. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49549", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.67108", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.67016", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.67121", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49549" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49549", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49549" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html", "reference_id": "apsb25-50.html", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T18:12:28Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html" }, { "reference_url": "https://github.com/advisories/GHSA-85jx-x9r4-45m2", "reference_id": "GHSA-85jx-x9r4-45m2", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-85jx-x9r4-45m2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34330?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/34327?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha1" } ], "aliases": [ "CVE-2025-49549", "GHSA-85jx-x9r4-45m2" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xqc4-jf6e-abfg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/119460?format=api", "vulnerability_id": "VCID-z97t-ffda-vfes", "summary": "Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Scope is changed to that of other high-privileged accounts, leading to a high impact on confidentiality, integrity, and availability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-47110", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00709", "scoring_system": "epss", "scoring_elements": "0.72772", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00709", "scoring_system": "epss", "scoring_elements": "0.72682", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00709", "scoring_system": "epss", "scoring_elements": "0.72759", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00709", "scoring_system": "epss", "scoring_elements": "0.72774", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-47110" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47110", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47110" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html", "reference_id": "apsb25-50.html", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-10T18:09:25Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html" }, { "reference_url": "https://github.com/advisories/GHSA-j934-vjh5-vf9r", "reference_id": "GHSA-j934-vjh5-vf9r", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j934-vjh5-vf9r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/378782?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/34327?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha1" } ], "aliases": [ "CVE-2025-47110", "GHSA-j934-vjh5-vf9r" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z97t-ffda-vfes" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/124512?format=api", "vulnerability_id": "VCID-za87-d5x9-wuby", "summary": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24413", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01321", "scoring_system": "epss", "scoring_elements": "0.80377", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01321", "scoring_system": "epss", "scoring_elements": "0.80368", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01321", "scoring_system": "epss", "scoring_elements": "0.803", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01321", "scoring_system": "epss", "scoring_elements": "0.80361", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24413" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24413", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24413" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "apsb25-08.html", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:44Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://github.com/advisories/GHSA-xwgx-8v72-4j5j", "reference_id": "GHSA-xwgx-8v72-4j5j", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xwgx-8v72-4j5j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376306?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-z97t-ffda-vfes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24413", "GHSA-xwgx-8v72-4j5j" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-za87-d5x9-wuby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49810?format=api", "vulnerability_id": "VCID-zthr-mpwx-1fef", "summary": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction..", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34111", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00759", "scoring_system": "epss", "scoring_elements": "0.73857", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00759", "scoring_system": "epss", "scoring_elements": "0.73855", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00759", "scoring_system": "epss", "scoring_elements": "0.73767", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00759", "scoring_system": "epss", "scoring_elements": "0.73841", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34111" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799" }, { "reference_url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2" }, { "reference_url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c" }, { "reference_url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html", "reference_id": "apsb24-40.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-13T21:18:03Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34111", "reference_id": "CVE-2024-34111", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34111" }, { "reference_url": "https://github.com/advisories/GHSA-jmqp-r3gg-6jh3", "reference_id": "GHSA-jmqp-r3gg-6jh3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jmqp-r3gg-6jh3" } ], "fixed_packages": [], "aliases": [ "CVE-2024-34111", "GHSA-jmqp-r3gg-6jh3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zthr-mpwx-1fef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49344?format=api", "vulnerability_id": "VCID-zv6m-4py8-3ydq", "summary": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34105", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01961", "scoring_system": "epss", "scoring_elements": "0.83955", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01961", "scoring_system": "epss", "scoring_elements": "0.83951", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01961", "scoring_system": "epss", "scoring_elements": "0.8389", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01961", "scoring_system": "epss", "scoring_elements": "0.83947", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34105" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799" }, { "reference_url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2" }, { "reference_url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c" }, { "reference_url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html", "reference_id": "apsb24-40.html", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-13T16:04:12Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34105", "reference_id": "CVE-2024-34105", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34105" }, { "reference_url": "https://github.com/advisories/GHSA-5632-wq7m-gfq9", "reference_id": "GHSA-5632-wq7m-gfq9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5632-wq7m-gfq9" } ], "fixed_packages": [], "aliases": [ "CVE-2024-34105", "GHSA-5632-wq7m-gfq9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zv6m-4py8-3ydq" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55317?format=api", "vulnerability_id": "VCID-96hr-sbyj-27dw", "summary": "Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Confidentiality and integrity are considered high due to having admin impact.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-20759", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01627", "scoring_system": "epss", "scoring_elements": "0.82346", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01627", "scoring_system": "epss", "scoring_elements": "0.8235", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01627", "scoring_system": "epss", "scoring_elements": "0.82284", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01627", "scoring_system": "epss", "scoring_elements": "0.82355", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-20759" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "6.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-18.html", "reference_id": "apsb24-18.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "6.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-11T04:01:07Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-18.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20759", "reference_id": "CVE-2024-20759", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "6.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20759" }, { "reference_url": "https://github.com/advisories/GHSA-59vf-hjxc-f9c5", "reference_id": "GHSA-59vf-hjxc-f9c5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-59vf-hjxc-f9c5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30245?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/30240?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/30244?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p5" }, { "url": "http://public2.vulnerablecode.io/api/packages/30243?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7" } ], "aliases": [ "CVE-2024-20759", "GHSA-59vf-hjxc-f9c5" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-96hr-sbyj-27dw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55080?format=api", "vulnerability_id": "VCID-jnuu-9mt7-jyd5", "summary": "Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution on the underlying filesystem. Exploitation of this issue does not require user interaction, but the attack complexity is high.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-20758", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02201", "scoring_system": "epss", "scoring_elements": "0.84788", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.02201", "scoring_system": "epss", "scoring_elements": "0.84849", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02201", "scoring_system": "epss", "scoring_elements": "0.84841", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-20758" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb24-18.html", "reference_id": "apsb24-18.html", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-04-11T04:01:06Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb24-18.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20758", "reference_id": "CVE-2024-20758", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20758" }, { "reference_url": "https://github.com/advisories/GHSA-wh4m-6rh3-p4rq", "reference_id": "GHSA-wh4m-6rh3-p4rq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wh4m-6rh3-p4rq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30245?format=api", "purl": "pkg:composer/magento/community-edition@2.4.4-p8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p8" }, { "url": "http://public2.vulnerablecode.io/api/packages/30240?format=api", "purl": "pkg:composer/magento/community-edition@2.4.5-p7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p7" }, { "url": "http://public2.vulnerablecode.io/api/packages/30244?format=api", "purl": "pkg:composer/magento/community-edition@2.4.6-p5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-ctrj-y3d6-a7dv" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p5" }, { "url": "http://public2.vulnerablecode.io/api/packages/30243?format=api", "purl": "pkg:composer/magento/community-edition@2.4.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-141w-faqu-w3ay" }, { "vulnerability": "VCID-158t-bqnb-83d4" }, { "vulnerability": "VCID-16es-u6cy-u3g8" }, { "vulnerability": "VCID-1mpb-gzr2-53ar" }, { "vulnerability": "VCID-1vq9-br2m-dbby" }, { "vulnerability": "VCID-2t3q-pmg5-qyhn" }, { "vulnerability": "VCID-313z-h2v4-c3fr" }, { "vulnerability": "VCID-368r-um85-k3d2" }, { "vulnerability": "VCID-3a8p-9krx-23e8" }, { "vulnerability": "VCID-3s5p-wb18-13ge" }, { "vulnerability": "VCID-3uj4-thpr-cue1" }, { "vulnerability": "VCID-3ydj-usv4-47fq" }, { "vulnerability": "VCID-466x-mpt9-gbgy" }, { "vulnerability": "VCID-4b5p-wqtj-7kbe" }, { "vulnerability": "VCID-4nqq-nrne-17a2" }, { "vulnerability": "VCID-549e-3kmc-cyfw" }, { "vulnerability": "VCID-5edy-fp8q-97fp" }, { "vulnerability": "VCID-6d1u-exkw-hbfu" }, { "vulnerability": "VCID-6v47-xgpq-zkgf" }, { "vulnerability": "VCID-78hy-q8kh-kyh7" }, { "vulnerability": "VCID-7bmk-3ab2-9ba6" }, { "vulnerability": "VCID-7j68-gund-4qhp" }, { "vulnerability": "VCID-8365-zgh2-w3cc" }, { "vulnerability": "VCID-8gwb-c3ck-37f8" }, { "vulnerability": "VCID-9gb1-p5qf-3kd2" }, { "vulnerability": "VCID-9gbf-swtt-7bhz" }, { "vulnerability": "VCID-a6gj-zm14-aqhq" }, { "vulnerability": "VCID-ax9q-y1rb-33b2" }, { "vulnerability": "VCID-bfp1-cndf-d7d7" }, { "vulnerability": "VCID-bftg-2sea-57cv" }, { "vulnerability": "VCID-bvfd-gs5b-dyg7" }, { "vulnerability": "VCID-cyy2-3rr3-jkc8" }, { "vulnerability": "VCID-d9zc-rh9p-4bde" }, { "vulnerability": "VCID-dktm-v3jw-f7de" }, { "vulnerability": "VCID-dsy7-gm7v-tqc8" }, { "vulnerability": "VCID-dytj-h56v-bke9" }, { "vulnerability": "VCID-e2t8-b5yy-zkhn" }, { "vulnerability": "VCID-eban-ja9z-f7ep" }, { "vulnerability": "VCID-esjc-zzqy-nycf" }, { "vulnerability": "VCID-eusf-bc81-9uhv" }, { "vulnerability": "VCID-fb5x-afrq-87aj" }, { "vulnerability": "VCID-ferd-u8gt-akds" }, { "vulnerability": "VCID-fqkf-67fw-cyb8" }, { "vulnerability": "VCID-frhp-vgpt-g7am" }, { "vulnerability": "VCID-gac9-1nnp-67cc" }, { "vulnerability": "VCID-gakd-m2af-z7c2" }, { "vulnerability": "VCID-ggtj-fbzy-87fx" }, { "vulnerability": "VCID-gx3s-7cxk-pyfc" }, { "vulnerability": "VCID-gxbc-u5mr-f3c9" }, { "vulnerability": "VCID-gzga-qjaf-kugh" }, { "vulnerability": "VCID-h2ju-dedu-fqad" }, { "vulnerability": "VCID-j9e4-4xta-6qc5" }, { "vulnerability": "VCID-jc6r-vmnc-r3g9" }, { "vulnerability": "VCID-jeur-3jww-dqee" }, { "vulnerability": "VCID-jkrp-j7st-27f3" }, { "vulnerability": "VCID-jyhf-huep-tya2" }, { "vulnerability": "VCID-kf6b-mshs-23fa" }, { "vulnerability": "VCID-kfct-k5af-n7fu" }, { "vulnerability": "VCID-kjc9-vrhf-hfav" }, { "vulnerability": "VCID-ktnj-j4xu-uufs" }, { "vulnerability": "VCID-kxjv-xm7r-hkhs" }, { "vulnerability": "VCID-mccb-abc5-9yfs" }, { "vulnerability": "VCID-ngx2-ewzf-xbd4" }, { "vulnerability": "VCID-ntst-nee5-63d3" }, { "vulnerability": "VCID-pb4n-m8cv-9bb7" }, { "vulnerability": "VCID-pcm6-819d-6uhm" }, { "vulnerability": "VCID-pfvk-8q6r-e7c5" }, { "vulnerability": "VCID-psnm-zaza-tuf9" }, { "vulnerability": "VCID-pu8a-r3v2-g7h9" }, { "vulnerability": "VCID-q12a-kwpk-yufv" }, { "vulnerability": "VCID-q68u-w433-tqb9" }, { "vulnerability": "VCID-qbx1-jqke-v7hf" }, { "vulnerability": "VCID-qh9p-8b9r-mufh" }, { "vulnerability": "VCID-qnpc-4r4b-3uhx" }, { "vulnerability": "VCID-qr8w-qwb5-6uag" }, { "vulnerability": "VCID-rm7u-jwat-v7f1" }, { "vulnerability": "VCID-rw4d-b9yt-mbhz" }, { "vulnerability": "VCID-s45p-jru3-w3df" }, { "vulnerability": "VCID-s7t9-h2jx-9bgr" }, { "vulnerability": "VCID-t4gd-uv9g-ukh5" }, { "vulnerability": "VCID-twda-bvut-9bhp" }, { "vulnerability": "VCID-twdq-g82m-nqcp" }, { "vulnerability": "VCID-u52p-wrjp-quhk" }, { "vulnerability": "VCID-u9vz-axk1-fqfn" }, { "vulnerability": "VCID-vgz6-nvj3-xqft" }, { "vulnerability": "VCID-vwpg-z9en-6yej" }, { "vulnerability": "VCID-wfdz-b6c4-quhq" }, { "vulnerability": "VCID-wxkj-7zgv-x7bc" }, { "vulnerability": "VCID-xgh4-b9yn-dkh4" }, { "vulnerability": "VCID-xgk2-yecx-q3ff" }, { "vulnerability": "VCID-xjd4-w9bn-mbex" }, { "vulnerability": "VCID-xmby-7b1y-v3cn" }, { "vulnerability": "VCID-xqc4-jf6e-abfg" }, { "vulnerability": "VCID-z97t-ffda-vfes" }, { "vulnerability": "VCID-za87-d5x9-wuby" }, { "vulnerability": "VCID-zthr-mpwx-1fef" }, { "vulnerability": "VCID-zv6m-4py8-3ydq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7" } ], "aliases": [ "CVE-2024-20758", "GHSA-wh4m-6rh3-p4rq" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jnuu-9mt7-jyd5" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7" }