{"url":"http://public2.vulnerablecode.io/api/packages/30243?format=json","purl":"pkg:composer/magento/community-edition@2.4.7","type":"composer","namespace":"magento","name":"community-edition","version":"2.4.7","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.4.8-p3","latest_non_vulnerable_version":"2.4.9-alpha3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40651?format=json","vulnerability_id":"VCID-141w-faqu-w3ay","summary":"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45130","reference_id":"","reference_type":"","scores":[{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24182","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24388","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24378","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29568","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45130"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"apsb24-73.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T14:01:33Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45130","reference_id":"CVE-2024-45130","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45130"},{"reference_url":"https://github.com/advisories/GHSA-v3v6-jfvw-m576","reference_id":"GHSA-v3v6-jfvw-m576","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v3v6-jfvw-m576"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"}],"aliases":["CVE-2024-45130","GHSA-v3v6-jfvw-m576"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-141w-faqu-w3ay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46533?format=json","vulnerability_id":"VCID-158t-bqnb-83d4","summary":"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to gain access to files and directories that are outside the restricted directory. Exploitation of this issue does not require user interaction and scope is changed.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39406","reference_id":"","reference_type":"","scores":[{"value":"0.00916","scoring_system":"epss","scoring_elements":"0.76439","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00916","scoring_system":"epss","scoring_elements":"0.76449","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00916","scoring_system":"epss","scoring_elements":"0.76369","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00916","scoring_system":"epss","scoring_elements":"0.76454","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39406"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"apsb24-61.html","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:12:23Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39406","reference_id":"CVE-2024-39406","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39406"},{"reference_url":"https://github.com/advisories/GHSA-6pxh-2557-5cj5","reference_id":"GHSA-6pxh-2557-5cj5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6pxh-2557-5cj5"}],"fixed_packages":[],"aliases":["CVE-2024-39406","GHSA-6pxh-2557-5cj5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-158t-bqnb-83d4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40581?format=json","vulnerability_id":"VCID-16es-u6cy-u3g8","summary":"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45149","reference_id":"","reference_type":"","scores":[{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33844","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34043","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34021","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40898","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45149"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"apsb24-73.html","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T14:05:46Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45149","reference_id":"CVE-2024-45149","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45149"},{"reference_url":"https://github.com/advisories/GHSA-w7rg-7wq2-pjrw","reference_id":"GHSA-w7rg-7wq2-pjrw","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w7rg-7wq2-pjrw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"}],"aliases":["CVE-2024-45149","GHSA-w7rg-7wq2-pjrw"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-16es-u6cy-u3g8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40690?format=json","vulnerability_id":"VCID-1mpb-gzr2-53ar","summary":"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45121","reference_id":"","reference_type":"","scores":[{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.25049","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24849","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.25066","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30306","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45121"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"apsb24-73.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T13:55:50Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45121","reference_id":"CVE-2024-45121","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45121"},{"reference_url":"https://github.com/advisories/GHSA-2qhq-fw98-h6wg","reference_id":"GHSA-2qhq-fw98-h6wg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2qhq-fw98-h6wg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"}],"aliases":["CVE-2024-45121","GHSA-2qhq-fw98-h6wg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1mpb-gzr2-53ar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124324?format=json","vulnerability_id":"VCID-1vq9-br2m-dbby","summary":"Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24438","reference_id":"","reference_type":"","scores":[{"value":"0.04462","scoring_system":"epss","scoring_elements":"0.89368","published_at":"2026-06-12T12:55:00Z"},{"value":"0.04462","scoring_system":"epss","scoring_elements":"0.89375","published_at":"2026-06-14T12:55:00Z"},{"value":"0.04462","scoring_system":"epss","scoring_elements":"0.89331","published_at":"2026-06-11T12:55:00Z"},{"value":"0.04462","scoring_system":"epss","scoring_elements":"0.89376","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24438"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24438","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24438"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:43Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-8884-7rm9-mrx4","reference_id":"GHSA-8884-7rm9-mrx4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8884-7rm9-mrx4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24438","GHSA-8884-7rm9-mrx4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1vq9-br2m-dbby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46780?format=json","vulnerability_id":"VCID-2t3q-pmg5-qyhn","summary":"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39405","reference_id":"","reference_type":"","scores":[{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46366","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46508","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46511","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46522","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39405"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"apsb24-61.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:13:21Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39405","reference_id":"CVE-2024-39405","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39405"},{"reference_url":"https://github.com/advisories/GHSA-5g9f-7gqc-8hj4","reference_id":"GHSA-5g9f-7gqc-8hj4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5g9f-7gqc-8hj4"}],"fixed_packages":[],"aliases":["CVE-2024-39405","GHSA-5g9f-7gqc-8hj4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2t3q-pmg5-qyhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124201?format=json","vulnerability_id":"VCID-313z-h2v4-c3fr","summary":"Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24436","reference_id":"","reference_type":"","scores":[{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35573","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35556","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35373","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.3555","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24436"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24436","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24436"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:48:53Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-ghpr-6qhr-rpp8","reference_id":"GHSA-ghpr-6qhr-rpp8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ghpr-6qhr-rpp8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24436","GHSA-ghpr-6qhr-rpp8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-313z-h2v4-c3fr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46531?format=json","vulnerability_id":"VCID-368r-um85-k3d2","summary":"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures to view and edit low-sensitivity information. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39418","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.56177","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.563","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.56297","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.56311","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39418"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"apsb24-61.html","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:08:28Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39418","reference_id":"CVE-2024-39418","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39418"},{"reference_url":"https://github.com/advisories/GHSA-gvgf-pvh5-vjh4","reference_id":"GHSA-gvgf-pvh5-vjh4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gvgf-pvh5-vjh4"}],"fixed_packages":[],"aliases":["CVE-2024-39418","GHSA-gvgf-pvh5-vjh4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-368r-um85-k3d2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124669?format=json","vulnerability_id":"VCID-3a8p-9krx-23e8","summary":"Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access affecting Confidentiality and Integrity. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24411","reference_id":"","reference_type":"","scores":[{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29113","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29099","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.28891","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29093","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24411"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24411","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24411"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:40Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-36hw-x3cc-m258","reference_id":"GHSA-36hw-x3cc-m258","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-36hw-x3cc-m258"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24411","GHSA-36hw-x3cc-m258"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3a8p-9krx-23e8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47005?format=json","vulnerability_id":"VCID-3s5p-wb18-13ge","summary":"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. A low-privileged attacker could exploit this vulnerability to gain access to files and directories that are outside the restricted directory. Exploitation of this issue does not require user interaction and scope is changed.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39399","reference_id":"","reference_type":"","scores":[{"value":"0.00842","scoring_system":"epss","scoring_elements":"0.75184","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00842","scoring_system":"epss","scoring_elements":"0.75264","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00842","scoring_system":"epss","scoring_elements":"0.75268","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00842","scoring_system":"epss","scoring_elements":"0.75254","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39399"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"apsb24-61.html","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T14:09:03Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39399","reference_id":"CVE-2024-39399","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39399"},{"reference_url":"https://github.com/advisories/GHSA-7r99-8wqp-h7pc","reference_id":"GHSA-7r99-8wqp-h7pc","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7r99-8wqp-h7pc"}],"fixed_packages":[],"aliases":["CVE-2024-39399","GHSA-7r99-8wqp-h7pc"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3s5p-wb18-13ge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46497?format=json","vulnerability_id":"VCID-3uj4-thpr-cue1","summary":"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39407","reference_id":"","reference_type":"","scores":[{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.48","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.48016","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47859","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39407"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"apsb24-61.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:10:04Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39407","reference_id":"CVE-2024-39407","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39407"},{"reference_url":"https://github.com/advisories/GHSA-cjm6-8mw8-2f8c","reference_id":"GHSA-cjm6-8mw8-2f8c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cjm6-8mw8-2f8c"}],"fixed_packages":[],"aliases":["CVE-2024-39407","GHSA-cjm6-8mw8-2f8c"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3uj4-thpr-cue1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46502?format=json","vulnerability_id":"VCID-3ydj-usv4-47fq","summary":"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changes on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39410","reference_id":"","reference_type":"","scores":[{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.67151","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.67137","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.67045","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39410"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"apsb24-61.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:09:47Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39410","reference_id":"CVE-2024-39410","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39410"},{"reference_url":"https://github.com/advisories/GHSA-4323-f82v-f6jr","reference_id":"GHSA-4323-f82v-f6jr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4323-f82v-f6jr"}],"fixed_packages":[],"aliases":["CVE-2024-39410","GHSA-4323-f82v-f6jr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3ydj-usv4-47fq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/132289?format=json","vulnerability_id":"VCID-466x-mpt9-gbgy","summary":"Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38249","reference_id":"","reference_type":"","scores":[{"value":"0.01841","scoring_system":"epss","scoring_elements":"0.83433","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01841","scoring_system":"epss","scoring_elements":"0.83439","published_at":"2026-06-14T12:55:00Z"},{"value":"0.01841","scoring_system":"epss","scoring_elements":"0.83373","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01841","scoring_system":"epss","scoring_elements":"0.83442","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38249"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38249","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38249"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-50.html","reference_id":"apsb23-50.html","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T21:49:36Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb23-50.html"},{"reference_url":"https://github.com/advisories/GHSA-rq36-9f5f-2gw7","reference_id":"GHSA-rq36-9f5f-2gw7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rq36-9f5f-2gw7"}],"fixed_packages":[],"aliases":["CVE-2023-38249","GHSA-rq36-9f5f-2gw7"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-466x-mpt9-gbgy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46929?format=json","vulnerability_id":"VCID-4b5p-wqtj-7kbe","summary":"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changes on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39409","reference_id":"","reference_type":"","scores":[{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.67045","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.67151","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.67137","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39409"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"apsb24-61.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:11:00Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39409","reference_id":"CVE-2024-39409","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39409"},{"reference_url":"https://github.com/advisories/GHSA-rf4q-m23c-7q8r","reference_id":"GHSA-rf4q-m23c-7q8r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rf4q-m23c-7q8r"}],"fixed_packages":[],"aliases":["CVE-2024-39409","GHSA-rf4q-m23c-7q8r"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4b5p-wqtj-7kbe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88199?format=json","vulnerability_id":"VCID-4nqq-nrne-17a2","summary":"Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. Scope is changed.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54266","reference_id":"","reference_type":"","scores":[{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18174","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18336","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18338","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.1836","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54266"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-94.html","reference_id":"apsb25-94.html","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:24:32Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-94.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54266","reference_id":"CVE-2025-54266","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54266"},{"reference_url":"https://github.com/advisories/GHSA-pcrx-r49h-x2w5","reference_id":"GHSA-pcrx-r49h-x2w5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pcrx-r49h-x2w5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34331?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p3"},{"url":"http://public2.vulnerablecode.io/api/packages/34328?format=json","purl":"pkg:composer/magento/community-edition@2.4.9-alpha3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha3"}],"aliases":["CVE-2025-54266","GHSA-pcrx-r49h-x2w5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4nqq-nrne-17a2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49294?format=json","vulnerability_id":"VCID-549e-3kmc-cyfw","summary":"Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access, leading to both confidentiality and integrity impact. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34104","reference_id":"","reference_type":"","scores":[{"value":"0.00617","scoring_system":"epss","scoring_elements":"0.7054","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00617","scoring_system":"epss","scoring_elements":"0.70537","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00617","scoring_system":"epss","scoring_elements":"0.70435","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00617","scoring_system":"epss","scoring_elements":"0.70526","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34104"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799"},{"reference_url":"https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2"},{"reference_url":"https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c"},{"reference_url":"https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-40.html","reference_id":"apsb24-40.html","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-06-14T13:48:20Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-40.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34104","reference_id":"CVE-2024-34104","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34104"},{"reference_url":"https://github.com/advisories/GHSA-wwj3-573j-rvvm","reference_id":"GHSA-wwj3-573j-rvvm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wwj3-573j-rvvm"}],"fixed_packages":[],"aliases":["CVE-2024-34104","GHSA-wwj3-573j-rvvm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-549e-3kmc-cyfw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124340?format=json","vulnerability_id":"VCID-5edy-fp8q-97fp","summary":"Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24417","reference_id":"","reference_type":"","scores":[{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.80377","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.80368","published_at":"2026-06-14T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.803","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.80361","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24417"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24417","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24417"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:50Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-g3j6-9753-8mp2","reference_id":"GHSA-g3j6-9753-8mp2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g3j6-9753-8mp2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24417","GHSA-g3j6-9753-8mp2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5edy-fp8q-97fp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/87661?format=json","vulnerability_id":"VCID-6d1u-exkw-hbfu","summary":"Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54236","reference_id":"","reference_type":"","scores":[{"value":"0.72152","scoring_system":"epss","scoring_elements":"0.98772","published_at":"2026-06-11T12:55:00Z"},{"value":"0.72152","scoring_system":"epss","scoring_elements":"0.98779","published_at":"2026-06-14T12:55:00Z"},{"value":"0.72152","scoring_system":"epss","scoring_elements":"0.98777","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54236"},{"reference_url":"https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nullsecurityx.codes/cve-2025-54236-sessionreaper-unauthenticated-rce-in-magento","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nullsecurityx.codes/cve-2025-54236-sessionreaper-unauthenticated-rce-in-magento"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54236","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54236"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-54236","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-54236"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-88.html","reference_id":"apsb25-88.html","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-24T14:08:30Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-88.html"},{"reference_url":"https://github.com/advisories/GHSA-wh92-6q6g-px7j","reference_id":"GHSA-wh92-6q6g-px7j","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wh92-6q6g-px7j"}],"fixed_packages":[],"aliases":["CVE-2025-54236","GHSA-wh92-6q6g-px7j"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6d1u-exkw-hbfu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46833?format=json","vulnerability_id":"VCID-6v47-xgpq-zkgf","summary":"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user interaction and scope is changed.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39401","reference_id":"","reference_type":"","scores":[{"value":"0.0264","scoring_system":"epss","scoring_elements":"0.86044","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0264","scoring_system":"epss","scoring_elements":"0.86101","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0264","scoring_system":"epss","scoring_elements":"0.86105","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0264","scoring_system":"epss","scoring_elements":"0.86093","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39401"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"apsb24-61.html","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:10:32Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39401","reference_id":"CVE-2024-39401","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39401"},{"reference_url":"https://github.com/advisories/GHSA-8frp-pxq2-3gpq","reference_id":"GHSA-8frp-pxq2-3gpq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8frp-pxq2-3gpq"}],"fixed_packages":[],"aliases":["CVE-2024-39401","GHSA-8frp-pxq2-3gpq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6v47-xgpq-zkgf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40736?format=json","vulnerability_id":"VCID-78hy-q8kh-kyh7","summary":"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45123","reference_id":"","reference_type":"","scores":[{"value":"0.01248","scoring_system":"epss","scoring_elements":"0.79788","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01248","scoring_system":"epss","scoring_elements":"0.79723","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01248","scoring_system":"epss","scoring_elements":"0.79806","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01686","scoring_system":"epss","scoring_elements":"0.82688","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45123"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"apsb24-73.html","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T13:55:45Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45123","reference_id":"CVE-2024-45123","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45123"},{"reference_url":"https://github.com/advisories/GHSA-88x2-cq34-5fwc","reference_id":"GHSA-88x2-cq34-5fwc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-88x2-cq34-5fwc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"}],"aliases":["CVE-2024-45123","GHSA-88x2-cq34-5fwc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-78hy-q8kh-kyh7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88207?format=json","vulnerability_id":"VCID-7bmk-3ab2-9ba6","summary":"Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to elevated privileges that increase integrity impact to high. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54267","reference_id":"","reference_type":"","scores":[{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20657","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20679","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20479","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54267"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-94.html","reference_id":"apsb25-94.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-16T03:56:04Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-94.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54267","reference_id":"CVE-2025-54267","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54267"},{"reference_url":"https://github.com/advisories/GHSA-qvwr-p3hj-j6jf","reference_id":"GHSA-qvwr-p3hj-j6jf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qvwr-p3hj-j6jf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34331?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p3"},{"url":"http://public2.vulnerablecode.io/api/packages/34328?format=json","purl":"pkg:composer/magento/community-edition@2.4.9-alpha3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha3"}],"aliases":["CVE-2025-54267","GHSA-qvwr-p3hj-j6jf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7bmk-3ab2-9ba6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40263?format=json","vulnerability_id":"VCID-7j68-gund-4qhp","summary":"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect confidentiality. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45132","reference_id":"","reference_type":"","scores":[{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32503","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.3232","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32523","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39531","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45132"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"apsb24-73.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T14:02:03Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45132","reference_id":"CVE-2024-45132","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45132"},{"reference_url":"https://github.com/advisories/GHSA-5f64-ppmg-cvvm","reference_id":"GHSA-5f64-ppmg-cvvm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5f64-ppmg-cvvm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"}],"aliases":["CVE-2024-45132","GHSA-5f64-ppmg-cvvm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7j68-gund-4qhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46839?format=json","vulnerability_id":"VCID-8365-zgh2-w3cc","summary":"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39413","reference_id":"","reference_type":"","scores":[{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.54261","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.54388","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.54386","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.54403","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39413"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"apsb24-61.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:08:47Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39413","reference_id":"CVE-2024-39413","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39413"},{"reference_url":"https://github.com/advisories/GHSA-8w5f-8992-g86j","reference_id":"GHSA-8w5f-8992-g86j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8w5f-8992-g86j"}],"fixed_packages":[],"aliases":["CVE-2024-39413","GHSA-8w5f-8992-g86j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8365-zgh2-w3cc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40569?format=json","vulnerability_id":"VCID-8gwb-c3ck-37f8","summary":"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45129","reference_id":"","reference_type":"","scores":[{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24182","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24388","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24378","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29568","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45129"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"apsb24-73.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T14:07:37Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45129","reference_id":"CVE-2024-45129","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45129"},{"reference_url":"https://github.com/advisories/GHSA-m58h-998x-66f3","reference_id":"GHSA-m58h-998x-66f3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m58h-998x-66f3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"}],"aliases":["CVE-2024-45129","GHSA-m58h-998x-66f3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8gwb-c3ck-37f8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98404?format=json","vulnerability_id":"VCID-9gb1-p5qf-3kd2","summary":"Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability by manipulating the timing between the check of a resource's state and its use, allowing unauthorized write access. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49558","reference_id":"","reference_type":"","scores":[{"value":"0.01616","scoring_system":"epss","scoring_elements":"0.82277","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01616","scoring_system":"epss","scoring_elements":"0.8228","published_at":"2026-06-14T12:55:00Z"},{"value":"0.01616","scoring_system":"epss","scoring_elements":"0.82215","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01616","scoring_system":"epss","scoring_elements":"0.82286","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49558"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49558","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49558"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-71.html","reference_id":"apsb25-71.html","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-13T15:04:13Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-71.html"},{"reference_url":"https://github.com/advisories/GHSA-wcmw-8xpp-rwfj","reference_id":"GHSA-wcmw-8xpp-rwfj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wcmw-8xpp-rwfj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377519?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-pcm6-819d-6uhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p2"},{"url":"http://public2.vulnerablecode.io/api/packages/377518?format=json","purl":"pkg:composer/magento/community-edition@2.4.9-alpha2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-pcm6-819d-6uhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha2"}],"aliases":["CVE-2025-49558","GHSA-wcmw-8xpp-rwfj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9gb1-p5qf-3kd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124633?format=json","vulnerability_id":"VCID-9gbf-swtt-7bhz","summary":"Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24424","reference_id":"","reference_type":"","scores":[{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45476","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45464","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45317","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45466","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24424"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24424","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24424"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:48:44Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-539v-w87w-w62c","reference_id":"GHSA-539v-w87w-w62c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-539v-w87w-w62c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24424","GHSA-539v-w87w-w62c"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9gbf-swtt-7bhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40380?format=json","vulnerability_id":"VCID-a6gj-zm14-aqhq","summary":"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity and availability. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45128","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.14085","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13962","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.14082","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.19175","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45128"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"apsb24-73.html","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T13:53:58Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45128","reference_id":"CVE-2024-45128","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45128"},{"reference_url":"https://github.com/advisories/GHSA-qpp7-742q-58j3","reference_id":"GHSA-qpp7-742q-58j3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qpp7-742q-58j3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"}],"aliases":["CVE-2024-45128","GHSA-qpp7-742q-58j3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a6gj-zm14-aqhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40470?format=json","vulnerability_id":"VCID-ax9q-y1rb-33b2","summary":"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45124","reference_id":"","reference_type":"","scores":[{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27116","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26913","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27134","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32618","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45124"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"apsb24-73.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-10T13:54:17Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45124","reference_id":"CVE-2024-45124","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45124"},{"reference_url":"https://github.com/advisories/GHSA-w3p2-pc3h-69wv","reference_id":"GHSA-w3p2-pc3h-69wv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w3p2-pc3h-69wv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"}],"aliases":["CVE-2024-45124","GHSA-w3p2-pc3h-69wv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ax9q-y1rb-33b2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40273?format=json","vulnerability_id":"VCID-bfp1-cndf-d7d7","summary":"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45119","reference_id":"","reference_type":"","scores":[{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57792","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.5792","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57905","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.65327","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45119"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"apsb24-73.html","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T13:58:44Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45119","reference_id":"CVE-2024-45119","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45119"},{"reference_url":"https://github.com/advisories/GHSA-g9fm-wc6h-pvgj","reference_id":"GHSA-g9fm-wc6h-pvgj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g9fm-wc6h-pvgj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"}],"aliases":["CVE-2024-45119","GHSA-g9fm-wc6h-pvgj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bfp1-cndf-d7d7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46971?format=json","vulnerability_id":"VCID-bftg-2sea-57cv","summary":"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39419","reference_id":"","reference_type":"","scores":[{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46366","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46508","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46511","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46522","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39419"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"apsb24-61.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:08:00Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39419","reference_id":"CVE-2024-39419","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39419"},{"reference_url":"https://github.com/advisories/GHSA-74w7-cr4v-wf2v","reference_id":"GHSA-74w7-cr4v-wf2v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-74w7-cr4v-wf2v"}],"fixed_packages":[],"aliases":["CVE-2024-39419","GHSA-74w7-cr4v-wf2v"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bftg-2sea-57cv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/117174?format=json","vulnerability_id":"VCID-bvfd-gs5b-dyg7","summary":"Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27190","reference_id":"","reference_type":"","scores":[{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50533","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.5052","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50382","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50515","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27190"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27190","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27190"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-26.html","reference_id":"apsb25-26.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-08T20:53:02Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-26.html"},{"reference_url":"https://github.com/advisories/GHSA-6wq7-cg9h-mj6q","reference_id":"GHSA-6wq7-cg9h-mj6q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6wq7-cg9h-mj6q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-27190","GHSA-6wq7-cg9h-mj6q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bvfd-gs5b-dyg7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124822?format=json","vulnerability_id":"VCID-cyy2-3rr3-jkc8","summary":"Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to read select data. Exploitation of this issue does not require user interaction","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24421","reference_id":"","reference_type":"","scores":[{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.3555","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35556","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35373","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35573","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24421"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24421","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24421"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:49:01Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-v6r2-425c-hfrr","reference_id":"GHSA-v6r2-425c-hfrr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v6r2-425c-hfrr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24421","GHSA-v6r2-425c-hfrr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cyy2-3rr3-jkc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124768?format=json","vulnerability_id":"VCID-d9zc-rh9p-4bde","summary":"Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass allowing read only access. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24429","reference_id":"","reference_type":"","scores":[{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39865","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39878","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39695","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39889","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24429"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24429","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24429"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:48:50Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-656q-fx2w-8ccv","reference_id":"GHSA-656q-fx2w-8ccv","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-656q-fx2w-8ccv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24429","GHSA-656q-fx2w-8ccv"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d9zc-rh9p-4bde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40181?format=json","vulnerability_id":"VCID-dktm-v3jw-f7de","summary":"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to a security feature bypass. An attacker could exploit this vulnerability to alter a condition between the check and the use of a resource, having a low impact on integrity. Exploitation of this issue requires user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45120","reference_id":"","reference_type":"","scores":[{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22698","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22503","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.2271","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27531","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45120"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"apsb24-73.html","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T14:01:07Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45120","reference_id":"CVE-2024-45120","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45120"},{"reference_url":"https://github.com/advisories/GHSA-47jp-46c9-25vf","reference_id":"GHSA-47jp-46c9-25vf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-47jp-46c9-25vf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"}],"aliases":["CVE-2024-45120","GHSA-47jp-46c9-25vf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dktm-v3jw-f7de"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46517?format=json","vulnerability_id":"VCID-dsy7-gm7v-tqc8","summary":"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39415","reference_id":"","reference_type":"","scores":[{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.54261","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.54388","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.54386","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.54403","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39415"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"apsb24-61.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:13:06Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39415","reference_id":"CVE-2024-39415","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39415"},{"reference_url":"https://github.com/advisories/GHSA-gj93-84g5-mcjq","reference_id":"GHSA-gj93-84g5-mcjq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gj93-84g5-mcjq"}],"fixed_packages":[],"aliases":["CVE-2024-39415","GHSA-gj93-84g5-mcjq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dsy7-gm7v-tqc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124253?format=json","vulnerability_id":"VCID-dytj-h56v-bke9","summary":"Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to modify limited fields. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24435","reference_id":"","reference_type":"","scores":[{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40682","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40668","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40491","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40659","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24435"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24435","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24435"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:49:16Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-82p4-55gj-956p","reference_id":"GHSA-82p4-55gj-956p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-82p4-55gj-956p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24435","GHSA-82p4-55gj-956p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dytj-h56v-bke9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40291?format=json","vulnerability_id":"VCID-e2t8-b5yy-zkhn","summary":"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An admin attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45135","reference_id":"","reference_type":"","scores":[{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34623","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34446","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34647","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41525","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45135"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"apsb24-73.html","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T14:00:24Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45135","reference_id":"CVE-2024-45135","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45135"},{"reference_url":"https://github.com/advisories/GHSA-8pxg-gcp4-57ww","reference_id":"GHSA-8pxg-gcp4-57ww","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8pxg-gcp4-57ww"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"}],"aliases":["CVE-2024-45135","GHSA-8pxg-gcp4-57ww"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e2t8-b5yy-zkhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49909?format=json","vulnerability_id":"VCID-eban-ja9z-f7ep","summary":"Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to gain unauthorized access or perform actions with the privileges of another user. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34106","reference_id":"","reference_type":"","scores":[{"value":"0.00654","scoring_system":"epss","scoring_elements":"0.71516","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00654","scoring_system":"epss","scoring_elements":"0.71514","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00654","scoring_system":"epss","scoring_elements":"0.71417","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00654","scoring_system":"epss","scoring_elements":"0.71504","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34106"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799"},{"reference_url":"https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2"},{"reference_url":"https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c"},{"reference_url":"https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-40.html","reference_id":"apsb24-40.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-13T16:21:10Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-40.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34106","reference_id":"CVE-2024-34106","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34106"},{"reference_url":"https://github.com/advisories/GHSA-p6h9-gx5g-wg64","reference_id":"GHSA-p6h9-gx5g-wg64","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p6h9-gx5g-wg64"}],"fixed_packages":[],"aliases":["CVE-2024-34106","GHSA-p6h9-gx5g-wg64"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eban-ja9z-f7ep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124732?format=json","vulnerability_id":"VCID-esjc-zzqy-nycf","summary":"Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Information Exposure vulnerability that could result in privilege escalation. A low-privileged attacker could gain unauthorized access to sensitive information. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24408","reference_id":"","reference_type":"","scores":[{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.5984","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59831","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.5972","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59828","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24408"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24408","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24408"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:49:13Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-3cfg-w257-cgf8","reference_id":"GHSA-3cfg-w257-cgf8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3cfg-w257-cgf8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24408","GHSA-3cfg-w257-cgf8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-esjc-zzqy-nycf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88335?format=json","vulnerability_id":"VCID-eusf-bc81-9uhv","summary":"Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-privileged attacker could leverage this vulnerability to bypass security measures and maintain unauthorized access. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54263","reference_id":"","reference_type":"","scores":[{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25914","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.26115","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.2613","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.26114","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54263"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-94.html","reference_id":"apsb25-94.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:29Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-94.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54263","reference_id":"CVE-2025-54263","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54263"},{"reference_url":"https://github.com/advisories/GHSA-69x9-xp2j-w8g8","reference_id":"GHSA-69x9-xp2j-w8g8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-69x9-xp2j-w8g8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34331?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p3"},{"url":"http://public2.vulnerablecode.io/api/packages/34328?format=json","purl":"pkg:composer/magento/community-edition@2.4.9-alpha3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha3"}],"aliases":["CVE-2025-54263","GHSA-69x9-xp2j-w8g8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eusf-bc81-9uhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/131725?format=json","vulnerability_id":"VCID-fb5x-afrq-87aj","summary":"Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Uncontrolled Resource Consumption vulnerability that could lead in minor application denial-of-service. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38251","reference_id":"","reference_type":"","scores":[{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46298","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46296","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46154","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.4631","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38251"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38251","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38251"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-50.html","reference_id":"apsb23-50.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:50:04Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb23-50.html"},{"reference_url":"https://github.com/advisories/GHSA-7pfc-834q-h497","reference_id":"GHSA-7pfc-834q-h497","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7pfc-834q-h497"}],"fixed_packages":[],"aliases":["CVE-2023-38251","GHSA-7pfc-834q-h497"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fb5x-afrq-87aj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124891?format=json","vulnerability_id":"VCID-ferd-u8gt-akds","summary":"Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to a security feature bypass. An unauthenticated attacker could exploit this vulnerability to modify files that are stored outside the restricted directory. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24406","reference_id":"","reference_type":"","scores":[{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46829","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46824","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46685","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46843","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24406"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24406","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24406"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:51:36Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-954p-ff72-327w","reference_id":"GHSA-954p-ff72-327w","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-954p-ff72-327w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24406","GHSA-954p-ff72-327w"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ferd-u8gt-akds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97905?format=json","vulnerability_id":"VCID-fqkf-67fw-cyb8","summary":"Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to modify limited data. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49559","reference_id":"","reference_type":"","scores":[{"value":"0.02291","scoring_system":"epss","scoring_elements":"0.8513","published_at":"2026-06-13T12:55:00Z"},{"value":"0.02291","scoring_system":"epss","scoring_elements":"0.85122","published_at":"2026-06-14T12:55:00Z"},{"value":"0.02291","scoring_system":"epss","scoring_elements":"0.85068","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02291","scoring_system":"epss","scoring_elements":"0.85121","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49559"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49559","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49559"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-71.html","reference_id":"apsb25-71.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-13T15:04:14Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-71.html"},{"reference_url":"https://github.com/advisories/GHSA-h4f4-gv6h-x824","reference_id":"GHSA-h4f4-gv6h-x824","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h4f4-gv6h-x824"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377519?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-pcm6-819d-6uhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p2"},{"url":"http://public2.vulnerablecode.io/api/packages/377518?format=json","purl":"pkg:composer/magento/community-edition@2.4.9-alpha2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-pcm6-819d-6uhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha2"}],"aliases":["CVE-2025-49559","GHSA-h4f4-gv6h-x824"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fqkf-67fw-cyb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49820?format=json","vulnerability_id":"VCID-frhp-vgpt-g7am","summary":"Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction, but attack complexity is high.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34103","reference_id":"","reference_type":"","scores":[{"value":"0.01824","scoring_system":"epss","scoring_elements":"0.83355","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01824","scoring_system":"epss","scoring_elements":"0.8336","published_at":"2026-06-14T12:55:00Z"},{"value":"0.01824","scoring_system":"epss","scoring_elements":"0.83294","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01824","scoring_system":"epss","scoring_elements":"0.83363","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34103"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799"},{"reference_url":"https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2"},{"reference_url":"https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c"},{"reference_url":"https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-40.html","reference_id":"apsb24-40.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-14T03:55:29Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-40.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34103","reference_id":"CVE-2024-34103","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34103"},{"reference_url":"https://github.com/advisories/GHSA-f7q4-9gwv-6774","reference_id":"GHSA-f7q4-9gwv-6774","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f7q4-9gwv-6774"}],"fixed_packages":[],"aliases":["CVE-2024-34103","GHSA-f7q4-9gwv-6774"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-frhp-vgpt-g7am"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124047?format=json","vulnerability_id":"VCID-gac9-1nnp-67cc","summary":"Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this race condition to alter a condition after it has been checked but before it is used, potentially bypassing rate limiting mechanisms. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24432","reference_id":"","reference_type":"","scores":[{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27912","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27902","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27686","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27887","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24432"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24432","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24432"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T19:09:50Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-7jmr-43qj-pw47","reference_id":"GHSA-7jmr-43qj-pw47","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7jmr-43qj-pw47"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24432","GHSA-7jmr-43qj-pw47"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gac9-1nnp-67cc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98222?format=json","vulnerability_id":"VCID-gakd-m2af-z7c2","summary":"Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized access. Exploitation of this issue requires user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49550","reference_id":"","reference_type":"","scores":[{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.65051","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.6506","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64951","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.65062","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49550"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49550","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49550"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-50.html","reference_id":"apsb25-50.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T18:07:51Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-50.html"},{"reference_url":"https://github.com/advisories/GHSA-8hcx-xvww-6c6h","reference_id":"GHSA-8hcx-xvww-6c6h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8hcx-xvww-6c6h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/34327?format=json","purl":"pkg:composer/magento/community-edition@2.4.9-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha1"}],"aliases":["CVE-2025-49550","GHSA-8hcx-xvww-6c6h"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gakd-m2af-z7c2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40168?format=json","vulnerability_id":"VCID-ggtj-fbzy-87fx","summary":"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45122","reference_id":"","reference_type":"","scores":[{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30682","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30485","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30701","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37192","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45122"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"apsb24-73.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T13:59:49Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45122","reference_id":"CVE-2024-45122","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45122"},{"reference_url":"https://github.com/advisories/GHSA-46fm-x82m-5f74","reference_id":"GHSA-46fm-x82m-5f74","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-46fm-x82m-5f74"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"}],"aliases":["CVE-2024-45122","GHSA-46fm-x82m-5f74"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ggtj-fbzy-87fx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98053?format=json","vulnerability_id":"VCID-gx3s-7cxk-pyfc","summary":"Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction, and scope is unchanged.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49556","reference_id":"","reference_type":"","scores":[{"value":"0.01048","scoring_system":"epss","scoring_elements":"0.77994","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01048","scoring_system":"epss","scoring_elements":"0.78002","published_at":"2026-06-14T12:55:00Z"},{"value":"0.01048","scoring_system":"epss","scoring_elements":"0.77927","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01048","scoring_system":"epss","scoring_elements":"0.78008","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49556"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49556","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49556"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-71.html","reference_id":"apsb25-71.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-13T14:18:25Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-71.html"},{"reference_url":"https://github.com/advisories/GHSA-7hrj-3c9x-xv5h","reference_id":"GHSA-7hrj-3c9x-xv5h","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7hrj-3c9x-xv5h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377519?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-pcm6-819d-6uhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p2"},{"url":"http://public2.vulnerablecode.io/api/packages/377518?format=json","purl":"pkg:composer/magento/community-edition@2.4.9-alpha2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-pcm6-819d-6uhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha2"}],"aliases":["CVE-2025-49556","GHSA-7hrj-3c9x-xv5h"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gx3s-7cxk-pyfc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46736?format=json","vulnerability_id":"VCID-gxbc-u5mr-f3c9","summary":"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Confidentiality impact is high due to the attacker being able to exfiltrate sensitive information.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39403","reference_id":"","reference_type":"","scores":[{"value":"0.02812","scoring_system":"epss","scoring_elements":"0.86453","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02812","scoring_system":"epss","scoring_elements":"0.86512","published_at":"2026-06-14T12:55:00Z"},{"value":"0.02812","scoring_system":"epss","scoring_elements":"0.86514","published_at":"2026-06-13T12:55:00Z"},{"value":"0.02812","scoring_system":"epss","scoring_elements":"0.86504","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39403"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"apsb24-61.html","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:08:14Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39403","reference_id":"CVE-2024-39403","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39403"},{"reference_url":"https://github.com/advisories/GHSA-mmp7-8cg4-9wrg","reference_id":"GHSA-mmp7-8cg4-9wrg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mmp7-8cg4-9wrg"}],"fixed_packages":[],"aliases":["CVE-2024-39403","GHSA-mmp7-8cg4-9wrg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gxbc-u5mr-f3c9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124171?format=json","vulnerability_id":"VCID-gzga-qjaf-kugh","summary":"Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24428","reference_id":"","reference_type":"","scores":[{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77716","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77722","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77648","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.7773","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24428"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24428","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24428"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:49:10Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-mm87-rrqx-94cr","reference_id":"GHSA-mm87-rrqx-94cr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mm87-rrqx-94cr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24428","GHSA-mm87-rrqx-94cr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gzga-qjaf-kugh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/87827?format=json","vulnerability_id":"VCID-h2ju-dedu-fqad","summary":"Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54265","reference_id":"","reference_type":"","scores":[{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29491","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.2969","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29706","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29688","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54265"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-94.html","reference_id":"apsb25-94.html","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T20:35:42Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-94.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54265","reference_id":"CVE-2025-54265","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54265"},{"reference_url":"https://github.com/advisories/GHSA-r355-75hw-r8jf","reference_id":"GHSA-r355-75hw-r8jf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r355-75hw-r8jf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34331?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p3"},{"url":"http://public2.vulnerablecode.io/api/packages/34328?format=json","purl":"pkg:composer/magento/community-edition@2.4.9-alpha3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha3"}],"aliases":["CVE-2025-54265","GHSA-r355-75hw-r8jf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h2ju-dedu-fqad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46560?format=json","vulnerability_id":"VCID-j9e4-4xta-6qc5","summary":"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39414","reference_id":"","reference_type":"","scores":[{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55433","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55556","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55553","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55568","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39414"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"apsb24-61.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:11:42Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39414","reference_id":"CVE-2024-39414","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39414"},{"reference_url":"https://github.com/advisories/GHSA-x6f9-hv9r-fgq4","reference_id":"GHSA-x6f9-hv9r-fgq4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x6f9-hv9r-fgq4"}],"fixed_packages":[],"aliases":["CVE-2024-39414","GHSA-x6f9-hv9r-fgq4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j9e4-4xta-6qc5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/117136?format=json","vulnerability_id":"VCID-jc6r-vmnc-r3g9","summary":"Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27188","reference_id":"","reference_type":"","scores":[{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36523","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36511","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36317","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36497","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27188"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27188","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27188"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-26.html","reference_id":"apsb25-26.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T20:53:30Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-26.html"},{"reference_url":"https://github.com/advisories/GHSA-rr2g-rrjj-xw86","reference_id":"GHSA-rr2g-rrjj-xw86","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rr2g-rrjj-xw86"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34325?format=json","purl":"pkg:composer/magento/community-edition@2.4.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8"}],"aliases":["CVE-2025-27188","GHSA-rr2g-rrjj-xw86"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jc6r-vmnc-r3g9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46412?format=json","vulnerability_id":"VCID-jeur-3jww-dqee","summary":"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and perform a minor integrity change. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39412","reference_id":"","reference_type":"","scores":[{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50751","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50755","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50617","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50768","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39412"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"apsb24-61.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:11:56Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39412","reference_id":"CVE-2024-39412","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39412"},{"reference_url":"https://github.com/advisories/GHSA-7472-vw39-g2j3","reference_id":"GHSA-7472-vw39-g2j3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7472-vw39-g2j3"}],"fixed_packages":[],"aliases":["CVE-2024-39412","GHSA-7472-vw39-g2j3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jeur-3jww-dqee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/132280?format=json","vulnerability_id":"VCID-jkrp-j7st-27f3","summary":"Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38250","reference_id":"","reference_type":"","scores":[{"value":"0.01841","scoring_system":"epss","scoring_elements":"0.83439","published_at":"2026-06-14T12:55:00Z"},{"value":"0.01841","scoring_system":"epss","scoring_elements":"0.83373","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01841","scoring_system":"epss","scoring_elements":"0.83442","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01841","scoring_system":"epss","scoring_elements":"0.83433","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38250"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38250","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38250"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-50.html","reference_id":"apsb23-50.html","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T21:49:35Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb23-50.html"},{"reference_url":"https://github.com/advisories/GHSA-h3g9-cwr6-hphx","reference_id":"GHSA-h3g9-cwr6-hphx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h3g9-cwr6-hphx"}],"fixed_packages":[],"aliases":["CVE-2023-38250","GHSA-h3g9-cwr6-hphx"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jkrp-j7st-27f3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46759?format=json","vulnerability_id":"VCID-jyhf-huep-tya2","summary":"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to perform brute force attacks and potentially gain unauthorized access to accounts. Exploitation of this issue does not require user interaction, but attack complexity is high.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39398","reference_id":"","reference_type":"","scores":[{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.47077","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.47214","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.47232","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.47218","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39398"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"apsb24-61.html","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:10:17Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39398","reference_id":"CVE-2024-39398","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39398"},{"reference_url":"https://github.com/advisories/GHSA-q628-54wg-4r5q","reference_id":"GHSA-q628-54wg-4r5q","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q628-54wg-4r5q"}],"fixed_packages":[],"aliases":["CVE-2024-39398","GHSA-q628-54wg-4r5q"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jyhf-huep-tya2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49778?format=json","vulnerability_id":"VCID-kf6b-mshs-23fa","summary":"Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and view minor unauthorised information. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34107","reference_id":"","reference_type":"","scores":[{"value":"0.00729","scoring_system":"epss","scoring_elements":"0.7321","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00729","scoring_system":"epss","scoring_elements":"0.73208","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00729","scoring_system":"epss","scoring_elements":"0.73117","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00729","scoring_system":"epss","scoring_elements":"0.73195","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34107"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799"},{"reference_url":"https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2"},{"reference_url":"https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c"},{"reference_url":"https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-40.html","reference_id":"apsb24-40.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-06-14T13:30:50Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-40.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34107","reference_id":"CVE-2024-34107","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34107"},{"reference_url":"https://github.com/advisories/GHSA-r7cm-g469-wm4g","reference_id":"GHSA-r7cm-g469-wm4g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r7cm-g469-wm4g"}],"fixed_packages":[],"aliases":["CVE-2024-34107","GHSA-r7cm-g469-wm4g"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kf6b-mshs-23fa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40170?format=json","vulnerability_id":"VCID-kfct-k5af-n7fu","summary":"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code. If an admin attacker can trick a user into clicking a specially crafted link or submitting a form, malicious scripts may be executed within the context of the victim's browser and have high impact on confidentiality and integrity. Exploitation of this issue requires user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45116","reference_id":"","reference_type":"","scores":[{"value":"0.01833","scoring_system":"epss","scoring_elements":"0.83391","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01833","scoring_system":"epss","scoring_elements":"0.8333","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01833","scoring_system":"epss","scoring_elements":"0.834","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0247","scoring_system":"epss","scoring_elements":"0.85647","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45116"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"6.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"apsb24-73.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"6.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-10T13:56:29Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45116","reference_id":"CVE-2024-45116","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"6.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45116"},{"reference_url":"https://github.com/advisories/GHSA-873m-72g6-853g","reference_id":"GHSA-873m-72g6-853g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-873m-72g6-853g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"}],"aliases":["CVE-2024-45116","GHSA-873m-72g6-853g"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kfct-k5af-n7fu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124493?format=json","vulnerability_id":"VCID-kjc9-vrhf-hfav","summary":"Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24427","reference_id":"","reference_type":"","scores":[{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40682","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40668","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40491","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40659","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24427"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24427","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24427"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:49:04Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-v3hq-g424-5mgg","reference_id":"GHSA-v3hq-g424-5mgg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v3hq-g424-5mgg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24427","GHSA-v3hq-g424-5mgg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kjc9-vrhf-hfav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97819?format=json","vulnerability_id":"VCID-ktnj-j4xu-uufs","summary":"Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in privilege escalation. A high-privileged attacker could trick a victim into executing unintended actions on a web application where the victim is authenticated, potentially allowing unauthorized access or modification of sensitive data. Exploitation of this issue requires user interaction in that a victim must visit a malicious website or click on a crafted link. Scope is changed.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49555","reference_id":"","reference_type":"","scores":[{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.59265","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.59149","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.59261","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.59273","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49555"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49555","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49555"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-71.html","reference_id":"apsb25-71.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-13T15:04:10Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-71.html"},{"reference_url":"https://github.com/advisories/GHSA-5777-jj7p-mpqw","reference_id":"GHSA-5777-jj7p-mpqw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5777-jj7p-mpqw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377519?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-pcm6-819d-6uhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p2"},{"url":"http://public2.vulnerablecode.io/api/packages/377518?format=json","purl":"pkg:composer/magento/community-edition@2.4.9-alpha2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-pcm6-819d-6uhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha2"}],"aliases":["CVE-2025-49555","GHSA-5777-jj7p-mpqw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ktnj-j4xu-uufs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/116898?format=json","vulnerability_id":"VCID-kxjv-xm7r-hkhs","summary":"Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27191","reference_id":"","reference_type":"","scores":[{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50533","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.5052","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50382","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50515","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27191"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27191","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27191"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-26.html","reference_id":"apsb25-26.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-08T20:53:08Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-26.html"},{"reference_url":"https://github.com/advisories/GHSA-vhcq-4xrm-2cr2","reference_id":"GHSA-vhcq-4xrm-2cr2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vhcq-4xrm-2cr2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-27191","GHSA-vhcq-4xrm-2cr2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kxjv-xm7r-hkhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40233?format=json","vulnerability_id":"VCID-mccb-abc5-9yfs","summary":"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have high impact on integrity. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45118","reference_id":"","reference_type":"","scores":[{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.25049","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24849","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.25066","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30306","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45118"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"apsb24-73.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T13:45:03Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45118","reference_id":"CVE-2024-45118","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45118"},{"reference_url":"https://github.com/advisories/GHSA-cg52-68fv-94qq","reference_id":"GHSA-cg52-68fv-94qq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cg52-68fv-94qq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"}],"aliases":["CVE-2024-45118","GHSA-cg52-68fv-94qq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mccb-abc5-9yfs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40506?format=json","vulnerability_id":"VCID-ngx2-ewzf-xbd4","summary":"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to read files from the system outside of the intended directories via PHP filter chain and also can have a low-availability impact on the service. Exploitation of this issue does not require user interaction and scope is changed.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45117","reference_id":"","reference_type":"","scores":[{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49812","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49675","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49831","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.58204","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45117"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L"},{"value":"6.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"apsb24-73.html","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L"},{"value":"6.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T14:07:29Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45117","reference_id":"CVE-2024-45117","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L"},{"value":"6.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45117"},{"reference_url":"https://github.com/advisories/GHSA-3fr3-gcqh-3m2g","reference_id":"GHSA-3fr3-gcqh-3m2g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3fr3-gcqh-3m2g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"}],"aliases":["CVE-2024-45117","GHSA-3fr3-gcqh-3m2g"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ngx2-ewzf-xbd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124632?format=json","vulnerability_id":"VCID-ntst-nee5-63d3","summary":"Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24410","reference_id":"","reference_type":"","scores":[{"value":"0.01784","scoring_system":"epss","scoring_elements":"0.83207","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01784","scoring_system":"epss","scoring_elements":"0.83202","published_at":"2026-06-14T12:55:00Z"},{"value":"0.01784","scoring_system":"epss","scoring_elements":"0.83137","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01784","scoring_system":"epss","scoring_elements":"0.83198","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24410"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24410","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24410"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:38Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-gjxp-46rq-wg4q","reference_id":"GHSA-gjxp-46rq-wg4q","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gjxp-46rq-wg4q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24410","GHSA-gjxp-46rq-wg4q"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ntst-nee5-63d3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40624?format=json","vulnerability_id":"VCID-pb4n-m8cv-9bb7","summary":"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to have a low impact on integrity. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45125","reference_id":"","reference_type":"","scores":[{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21237","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21432","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21419","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.2624","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45125"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"apsb24-73.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T14:06:28Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45125","reference_id":"CVE-2024-45125","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45125"},{"reference_url":"https://github.com/advisories/GHSA-xg36-8c2v-jpxh","reference_id":"GHSA-xg36-8c2v-jpxh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xg36-8c2v-jpxh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"}],"aliases":["CVE-2024-45125","GHSA-xg36-8c2v-jpxh"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pb4n-m8cv-9bb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/87743?format=json","vulnerability_id":"VCID-pcm6-819d-6uhm","summary":"Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. Scope is changed.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54264","reference_id":"","reference_type":"","scores":[{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.44038","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.44198","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.44191","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.4421","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54264"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-94.html","reference_id":"apsb25-94.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:28Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-94.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54264","reference_id":"CVE-2025-54264","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54264"},{"reference_url":"https://github.com/advisories/GHSA-2768-5wmv-cfff","reference_id":"GHSA-2768-5wmv-cfff","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2768-5wmv-cfff"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34331?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p3"},{"url":"http://public2.vulnerablecode.io/api/packages/34328?format=json","purl":"pkg:composer/magento/community-edition@2.4.9-alpha3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha3"}],"aliases":["CVE-2025-54264","GHSA-2768-5wmv-cfff"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pcm6-819d-6uhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124042?format=json","vulnerability_id":"VCID-pfvk-8q6r-e7c5","summary":"Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain elevated privileges. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24437","reference_id":"","reference_type":"","scores":[{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35907","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35894","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35704","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35884","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24437"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24437","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24437"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:48:35Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-469f-wf4f-3jjv","reference_id":"GHSA-469f-wf4f-3jjv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-469f-wf4f-3jjv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24437","GHSA-469f-wf4f-3jjv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pfvk-8q6r-e7c5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124216?format=json","vulnerability_id":"VCID-psnm-zaza-tuf9","summary":"Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24414","reference_id":"","reference_type":"","scores":[{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.80377","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.80368","published_at":"2026-06-14T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.803","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.80361","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24414"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24414","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24414"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:45Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-fhw6-3mj5-w9gv","reference_id":"GHSA-fhw6-3mj5-w9gv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fhw6-3mj5-w9gv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24414","GHSA-fhw6-3mj5-w9gv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-psnm-zaza-tuf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124011?format=json","vulnerability_id":"VCID-pu8a-r3v2-g7h9","summary":"Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24416","reference_id":"","reference_type":"","scores":[{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.80377","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.80368","published_at":"2026-06-14T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.803","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.80361","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24416"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24416","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24416"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:48Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-rjjw-g6hw-7pc9","reference_id":"GHSA-rjjw-g6hw-7pc9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rjjw-g6hw-7pc9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24416","GHSA-rjjw-g6hw-7pc9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pu8a-r3v2-g7h9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/135957?format=json","vulnerability_id":"VCID-q12a-kwpk-yufv","summary":"Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privileged authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction, scope is changed due to the fact that an attacker can enforce file read outside the application's path boundary.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26366","reference_id":"","reference_type":"","scores":[{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.58358","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.58346","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.5823","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.58342","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26366"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"5.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26366","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"5.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26366"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-50.html","reference_id":"apsb23-50.html","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"5.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:49:13Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb23-50.html"},{"reference_url":"https://github.com/advisories/GHSA-8jxc-5f94-22vh","reference_id":"GHSA-8jxc-5f94-22vh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8jxc-5f94-22vh"}],"fixed_packages":[],"aliases":["CVE-2023-26366","GHSA-8jxc-5f94-22vh"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q12a-kwpk-yufv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/116851?format=json","vulnerability_id":"VCID-q68u-w433-tqb9","summary":"Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to gain unauthorized access to protected resources by obtaining sensitive credential information. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27192","reference_id":"","reference_type":"","scores":[{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28281","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28067","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28266","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.2829","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27192"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27192","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27192"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-26.html","reference_id":"apsb25-26.html","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T20:53:23Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-26.html"},{"reference_url":"https://github.com/advisories/GHSA-2r94-wm5v-4prx","reference_id":"GHSA-2r94-wm5v-4prx","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2r94-wm5v-4prx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-27192","GHSA-2r94-wm5v-4prx"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q68u-w433-tqb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46597?format=json","vulnerability_id":"VCID-qbx1-jqke-v7hf","summary":"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user interaction and scope is changed.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39402","reference_id":"","reference_type":"","scores":[{"value":"0.0264","scoring_system":"epss","scoring_elements":"0.86093","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0264","scoring_system":"epss","scoring_elements":"0.86101","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0264","scoring_system":"epss","scoring_elements":"0.86044","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0264","scoring_system":"epss","scoring_elements":"0.86105","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39402"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"apsb24-61.html","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:12:09Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39402","reference_id":"CVE-2024-39402","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39402"},{"reference_url":"https://github.com/advisories/GHSA-2ff6-837j-hg5x","reference_id":"GHSA-2ff6-837j-hg5x","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2ff6-837j-hg5x"}],"fixed_packages":[],"aliases":["CVE-2024-39402","GHSA-2ff6-837j-hg5x"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qbx1-jqke-v7hf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124648?format=json","vulnerability_id":"VCID-qh9p-8b9r-mufh","summary":"Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24412","reference_id":"","reference_type":"","scores":[{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.80377","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.80368","published_at":"2026-06-14T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.803","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.80361","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24412"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24412","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24412"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:41Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-m4rg-mpp2-97px","reference_id":"GHSA-m4rg-mpp2-97px","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m4rg-mpp2-97px"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24412","GHSA-m4rg-mpp2-97px"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qh9p-8b9r-mufh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46855?format=json","vulnerability_id":"VCID-qnpc-4r4b-3uhx","summary":"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39417","reference_id":"","reference_type":"","scores":[{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.54261","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.54388","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.54386","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.54403","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39417"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"apsb24-61.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:09:31Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39417","reference_id":"CVE-2024-39417","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39417"},{"reference_url":"https://github.com/advisories/GHSA-4xmj-f664-hv98","reference_id":"GHSA-4xmj-f664-hv98","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4xmj-f664-hv98"}],"fixed_packages":[],"aliases":["CVE-2024-39417","GHSA-4xmj-f664-hv98"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qnpc-4r4b-3uhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/136042?format=json","vulnerability_id":"VCID-qr8w-qwb5-6uag","summary":"Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26367","reference_id":"","reference_type":"","scores":[{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58915","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58905","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58788","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.589","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26367"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26367","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26367"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-50.html","reference_id":"apsb23-50.html","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:49:12Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb23-50.html"},{"reference_url":"https://github.com/advisories/GHSA-9mx6-4gg4-85xj","reference_id":"GHSA-9mx6-4gg4-85xj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9mx6-4gg4-85xj"}],"fixed_packages":[],"aliases":["CVE-2023-26367","GHSA-9mx6-4gg4-85xj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qr8w-qwb5-6uag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124166?format=json","vulnerability_id":"VCID-rm7u-jwat-v7f1","summary":"Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11  and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access, leading to both a High impact to confidentiality and Low impact to integrity. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24409","reference_id":"","reference_type":"","scores":[{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35006","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34985","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34804","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34983","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24409"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24409","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24409"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-11T19:11:11Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-vw47-79jv-3598","reference_id":"GHSA-vw47-79jv-3598","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vw47-79jv-3598"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24409","GHSA-vw47-79jv-3598"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rm7u-jwat-v7f1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40833?format=json","vulnerability_id":"VCID-rw4d-b9yt-mbhz","summary":"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45127","reference_id":"","reference_type":"","scores":[{"value":"0.01887","scoring_system":"epss","scoring_elements":"0.83639","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01887","scoring_system":"epss","scoring_elements":"0.83646","published_at":"2026-06-14T12:55:00Z"},{"value":"0.01887","scoring_system":"epss","scoring_elements":"0.8358","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01887","scoring_system":"epss","scoring_elements":"0.83649","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45127"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"apsb24-73.html","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T13:55:55Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45127","reference_id":"CVE-2024-45127","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45127"},{"reference_url":"https://github.com/advisories/GHSA-c89g-gq5r-2xw2","reference_id":"GHSA-c89g-gq5r-2xw2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c89g-gq5r-2xw2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"}],"aliases":["CVE-2024-45127","GHSA-c89g-gq5r-2xw2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rw4d-b9yt-mbhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40770?format=json","vulnerability_id":"VCID-s45p-jru3-w3df","summary":"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45133","reference_id":"","reference_type":"","scores":[{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28838","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28638","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28863","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35094","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45133"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"apsb24-73.html","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T13:54:05Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45133","reference_id":"CVE-2024-45133","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45133"},{"reference_url":"https://github.com/advisories/GHSA-j3mh-wx5f-2vhg","reference_id":"GHSA-j3mh-wx5f-2vhg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j3mh-wx5f-2vhg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"}],"aliases":["CVE-2024-45133","GHSA-j3mh-wx5f-2vhg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s45p-jru3-w3df"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46443?format=json","vulnerability_id":"VCID-s7t9-h2jx-9bgr","summary":"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39416","reference_id":"","reference_type":"","scores":[{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55433","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55556","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55553","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55568","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39416"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"apsb24-61.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:11:27Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39416","reference_id":"CVE-2024-39416","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39416"},{"reference_url":"https://github.com/advisories/GHSA-4xgg-rw35-7mv5","reference_id":"GHSA-4xgg-rw35-7mv5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4xgg-rw35-7mv5"}],"fixed_packages":[],"aliases":["CVE-2024-39416","GHSA-4xgg-rw35-7mv5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s7t9-h2jx-9bgr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124016?format=json","vulnerability_id":"VCID-t4gd-uv9g-ukh5","summary":"Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Business Logic Error vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to circumvent intended security mechanisms by manipulating the logic of the application's operations causing limited data modification. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24425","reference_id":"","reference_type":"","scores":[{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.48199","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.48183","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.48044","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.48182","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24425"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24425","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24425"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:51:39Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-6ff8-jrfg-43hh","reference_id":"GHSA-6ff8-jrfg-43hh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6ff8-jrfg-43hh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24425","GHSA-6ff8-jrfg-43hh"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t4gd-uv9g-ukh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40636?format=json","vulnerability_id":"VCID-twda-bvut-9bhp","summary":"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45134","reference_id":"","reference_type":"","scores":[{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.30641","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.30857","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.3084","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37387","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45134"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"apsb24-73.html","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T14:05:23Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45134","reference_id":"CVE-2024-45134","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45134"},{"reference_url":"https://github.com/advisories/GHSA-4f89-5cwm-rm5g","reference_id":"GHSA-4f89-5cwm-rm5g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4f89-5cwm-rm5g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"}],"aliases":["CVE-2024-45134","GHSA-4f89-5cwm-rm5g"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-twda-bvut-9bhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97813?format=json","vulnerability_id":"VCID-twdq-g82m-nqcp","summary":"Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability by providing specially crafted input, causing the application to crash or become unresponsive. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49554","reference_id":"","reference_type":"","scores":[{"value":"0.01005","scoring_system":"epss","scoring_elements":"0.77538","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01005","scoring_system":"epss","scoring_elements":"0.77544","published_at":"2026-06-14T12:55:00Z"},{"value":"0.01005","scoring_system":"epss","scoring_elements":"0.77469","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01005","scoring_system":"epss","scoring_elements":"0.77553","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49554"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49554","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49554"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-71.html","reference_id":"apsb25-71.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-13T14:18:27Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-71.html"},{"reference_url":"https://github.com/advisories/GHSA-xgfm-992v-h2hr","reference_id":"GHSA-xgfm-992v-h2hr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xgfm-992v-h2hr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377519?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-pcm6-819d-6uhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p2"},{"url":"http://public2.vulnerablecode.io/api/packages/377518?format=json","purl":"pkg:composer/magento/community-edition@2.4.9-alpha2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-pcm6-819d-6uhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha2"}],"aliases":["CVE-2025-49554","GHSA-xgfm-992v-h2hr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-twdq-g82m-nqcp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46640?format=json","vulnerability_id":"VCID-u52p-wrjp-quhk","summary":"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changeson behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39408","reference_id":"","reference_type":"","scores":[{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.67045","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.67151","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.67137","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39408"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"apsb24-61.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:09:17Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39408","reference_id":"CVE-2024-39408","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39408"},{"reference_url":"https://github.com/advisories/GHSA-4cj6-f32v-6hgx","reference_id":"GHSA-4cj6-f32v-6hgx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4cj6-f32v-6hgx"}],"fixed_packages":[],"aliases":["CVE-2024-39408","GHSA-4cj6-f32v-6hgx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u52p-wrjp-quhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124757?format=json","vulnerability_id":"VCID-u9vz-axk1-fqfn","summary":"Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24415","reference_id":"","reference_type":"","scores":[{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.80377","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.80368","published_at":"2026-06-14T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.803","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.80361","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24415"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24415","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24415"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:47Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-gc27-rvvm-q77r","reference_id":"GHSA-gc27-rvvm-q77r","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gc27-rvvm-q77r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24415","GHSA-gc27-rvvm-q77r"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u9vz-axk1-fqfn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40166?format=json","vulnerability_id":"VCID-vgz6-nvj3-xqft","summary":"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality and integrity. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45131","reference_id":"","reference_type":"","scores":[{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32565","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32384","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32585","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39602","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45131"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"apsb24-73.html","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T14:02:38Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45131","reference_id":"CVE-2024-45131","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45131"},{"reference_url":"https://github.com/advisories/GHSA-xc5p-773w-m3pm","reference_id":"GHSA-xc5p-773w-m3pm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xc5p-773w-m3pm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"}],"aliases":["CVE-2024-45131","GHSA-xc5p-773w-m3pm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vgz6-nvj3-xqft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46849?format=json","vulnerability_id":"VCID-vwpg-z9en-6yej","summary":"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an admin attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a malicious link. Confidentiality and integrity impact is high as it affects other admin accounts.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39400","reference_id":"","reference_type":"","scores":[{"value":"0.01472","scoring_system":"epss","scoring_elements":"0.81419","published_at":"2026-06-14T12:55:00Z"},{"value":"0.01472","scoring_system":"epss","scoring_elements":"0.81428","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01472","scoring_system":"epss","scoring_elements":"0.81358","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39400"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"apsb24-61.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:12:38Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39400","reference_id":"CVE-2024-39400","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39400"},{"reference_url":"https://github.com/advisories/GHSA-52fg-wjxm-pp44","reference_id":"GHSA-52fg-wjxm-pp44","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-52fg-wjxm-pp44"}],"fixed_packages":[],"aliases":["CVE-2024-39400","GHSA-52fg-wjxm-pp44"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vwpg-z9en-6yej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46579?format=json","vulnerability_id":"VCID-wfdz-b6c4-quhq","summary":"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39411","reference_id":"","reference_type":"","scores":[{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.54261","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.54388","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.54386","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.54403","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39411"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"apsb24-61.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:11:14Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39411","reference_id":"CVE-2024-39411","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39411"},{"reference_url":"https://github.com/advisories/GHSA-qm77-mqf3-fmhq","reference_id":"GHSA-qm77-mqf3-fmhq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qm77-mqf3-fmhq"}],"fixed_packages":[],"aliases":["CVE-2024-39411","GHSA-qm77-mqf3-fmhq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wfdz-b6c4-quhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124857?format=json","vulnerability_id":"VCID-wxkj-7zgv-x7bc","summary":"Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this race condition to alter a condition after it has been checked but before it is used, potentially bypassing rate limiting mechanisms. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24430","reference_id":"","reference_type":"","scores":[{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27887","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27902","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27686","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27912","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24430"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24430","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24430"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:48:47Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-6w27-c66f-gvhq","reference_id":"GHSA-6w27-c66f-gvhq","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6w27-c66f-gvhq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24430","GHSA-6w27-c66f-gvhq"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wxkj-7zgv-x7bc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/117249?format=json","vulnerability_id":"VCID-xgh4-b9yn-dkh4","summary":"Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited write access. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27206","reference_id":"","reference_type":"","scores":[{"value":"0.00706","scoring_system":"epss","scoring_elements":"0.72686","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00706","scoring_system":"epss","scoring_elements":"0.72683","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00706","scoring_system":"epss","scoring_elements":"0.72594","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00706","scoring_system":"epss","scoring_elements":"0.72671","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27206"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27206","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27206"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-50.html","reference_id":"apsb25-50.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T18:08:33Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-50.html"},{"reference_url":"https://github.com/advisories/GHSA-g2pj-xmxq-3r9q","reference_id":"GHSA-g2pj-xmxq-3r9q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g2pj-xmxq-3r9q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/34327?format=json","purl":"pkg:composer/magento/community-edition@2.4.9-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha1"}],"aliases":["CVE-2025-27206","GHSA-g2pj-xmxq-3r9q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xgh4-b9yn-dkh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49335?format=json","vulnerability_id":"VCID-xgk2-yecx-q3ff","summary":"Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34102","reference_id":"","reference_type":"","scores":[{"value":"0.94171","scoring_system":"epss","scoring_elements":"0.99921","published_at":"2026-06-14T12:55:00Z"},{"value":"0.94171","scoring_system":"epss","scoring_elements":"0.9992","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34102"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799"},{"reference_url":"https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2"},{"reference_url":"https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c"},{"reference_url":"https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482#diff-84a0773a6287fbbaadf3b9103f4a137fc0b6946de2437ddfd6f60a0722cf8d23","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482#diff-84a0773a6287fbbaadf3b9103f4a137fc0b6946de2437ddfd6f60a0722cf8d23"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-40.html","reference_id":"apsb24-40.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-07-18T03:55:19Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-40.html"},{"reference_url":"https://www.vicarius.io/vsociety/posts/cosmicsting-critical-unauthenticated-xxe-vulnerability-in-adobe-commerce-and-magento-cve-2024-34102","reference_id":"cosmicsting-critical-unauthenticated-xxe-vulnerability-in-adobe-commerce-and-magento-cve-2024-34102","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-07-18T03:55:19Z/"}],"url":"https://www.vicarius.io/vsociety/posts/cosmicsting-critical-unauthenticated-xxe-vulnerability-in-adobe-commerce-and-magento-cve-2024-34102"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34102","reference_id":"CVE-2024-34102","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34102"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2024-34102.yaml","reference_id":"CVE-2024-34102.YAML","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2024-34102.yaml"},{"reference_url":"https://github.com/advisories/GHSA-m8cj-3v68-3cxj","reference_id":"GHSA-m8cj-3v68-3cxj","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m8cj-3v68-3cxj"}],"fixed_packages":[],"aliases":["CVE-2024-34102","GHSA-m8cj-3v68-3cxj"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xgk2-yecx-q3ff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88657?format=json","vulnerability_id":"VCID-xjd4-w9bn-mbex","summary":"Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access leading to a limited impact to confidentiality and a high impact to integrity. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-43585","reference_id":"","reference_type":"","scores":[{"value":"0.00591","scoring_system":"epss","scoring_elements":"0.69786","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00591","scoring_system":"epss","scoring_elements":"0.69797","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00591","scoring_system":"epss","scoring_elements":"0.69695","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00591","scoring_system":"epss","scoring_elements":"0.698","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-43585"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-43585","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-43585"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-50.html","reference_id":"apsb25-50.html","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T17:23:05Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-50.html"},{"reference_url":"https://github.com/advisories/GHSA-r487-9vv5-75gg","reference_id":"GHSA-r487-9vv5-75gg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r487-9vv5-75gg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/34327?format=json","purl":"pkg:composer/magento/community-edition@2.4.9-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha1"}],"aliases":["CVE-2025-43585","GHSA-r487-9vv5-75gg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xjd4-w9bn-mbex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46765?format=json","vulnerability_id":"VCID-xmby-7b1y-v3cn","summary":"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39404","reference_id":"","reference_type":"","scores":[{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.48","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.48016","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47859","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39404"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"apsb24-61.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:12:52Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39404","reference_id":"CVE-2024-39404","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39404"},{"reference_url":"https://github.com/advisories/GHSA-qrh3-vxjg-h9h6","reference_id":"GHSA-qrh3-vxjg-h9h6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qrh3-vxjg-h9h6"}],"fixed_packages":[],"aliases":["CVE-2024-39404","GHSA-qrh3-vxjg-h9h6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xmby-7b1y-v3cn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97932?format=json","vulnerability_id":"VCID-xqc4-jf6e-abfg","summary":"Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized access. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49549","reference_id":"","reference_type":"","scores":[{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.67108","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.67016","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.67121","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49549"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49549","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49549"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-50.html","reference_id":"apsb25-50.html","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T18:12:28Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-50.html"},{"reference_url":"https://github.com/advisories/GHSA-85jx-x9r4-45m2","reference_id":"GHSA-85jx-x9r4-45m2","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-85jx-x9r4-45m2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/34327?format=json","purl":"pkg:composer/magento/community-edition@2.4.9-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha1"}],"aliases":["CVE-2025-49549","GHSA-85jx-x9r4-45m2"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xqc4-jf6e-abfg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/119460?format=json","vulnerability_id":"VCID-z97t-ffda-vfes","summary":"Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Scope is changed to that of other high-privileged accounts, leading to a high impact on confidentiality, integrity, and availability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47110","reference_id":"","reference_type":"","scores":[{"value":"0.00709","scoring_system":"epss","scoring_elements":"0.72772","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00709","scoring_system":"epss","scoring_elements":"0.72682","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00709","scoring_system":"epss","scoring_elements":"0.72759","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00709","scoring_system":"epss","scoring_elements":"0.72774","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47110"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-47110","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-47110"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-50.html","reference_id":"apsb25-50.html","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-10T18:09:25Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-50.html"},{"reference_url":"https://github.com/advisories/GHSA-j934-vjh5-vf9r","reference_id":"GHSA-j934-vjh5-vf9r","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j934-vjh5-vf9r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/378782?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-p1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p1"},{"url":"http://public2.vulnerablecode.io/api/packages/34327?format=json","purl":"pkg:composer/magento/community-edition@2.4.9-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha1"}],"aliases":["CVE-2025-47110","GHSA-j934-vjh5-vf9r"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z97t-ffda-vfes"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124512?format=json","vulnerability_id":"VCID-za87-d5x9-wuby","summary":"Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24413","reference_id":"","reference_type":"","scores":[{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.80377","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.80368","published_at":"2026-06-14T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.803","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.80361","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24413"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24413","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24413"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:44Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-xwgx-8v72-4j5j","reference_id":"GHSA-xwgx-8v72-4j5j","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xwgx-8v72-4j5j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24413","GHSA-xwgx-8v72-4j5j"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-za87-d5x9-wuby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49810?format=json","vulnerability_id":"VCID-zthr-mpwx-1fef","summary":"Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction..","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34111","reference_id":"","reference_type":"","scores":[{"value":"0.00759","scoring_system":"epss","scoring_elements":"0.73857","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00759","scoring_system":"epss","scoring_elements":"0.73855","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00759","scoring_system":"epss","scoring_elements":"0.73767","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00759","scoring_system":"epss","scoring_elements":"0.73841","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34111"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799"},{"reference_url":"https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2"},{"reference_url":"https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c"},{"reference_url":"https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-40.html","reference_id":"apsb24-40.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-13T21:18:03Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-40.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34111","reference_id":"CVE-2024-34111","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34111"},{"reference_url":"https://github.com/advisories/GHSA-jmqp-r3gg-6jh3","reference_id":"GHSA-jmqp-r3gg-6jh3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jmqp-r3gg-6jh3"}],"fixed_packages":[],"aliases":["CVE-2024-34111","GHSA-jmqp-r3gg-6jh3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zthr-mpwx-1fef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49344?format=json","vulnerability_id":"VCID-zv6m-4py8-3ydq","summary":"Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34105","reference_id":"","reference_type":"","scores":[{"value":"0.01961","scoring_system":"epss","scoring_elements":"0.83955","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01961","scoring_system":"epss","scoring_elements":"0.83951","published_at":"2026-06-14T12:55:00Z"},{"value":"0.01961","scoring_system":"epss","scoring_elements":"0.8389","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01961","scoring_system":"epss","scoring_elements":"0.83947","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34105"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799"},{"reference_url":"https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2"},{"reference_url":"https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c"},{"reference_url":"https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-40.html","reference_id":"apsb24-40.html","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-13T16:04:12Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-40.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34105","reference_id":"CVE-2024-34105","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34105"},{"reference_url":"https://github.com/advisories/GHSA-5632-wq7m-gfq9","reference_id":"GHSA-5632-wq7m-gfq9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5632-wq7m-gfq9"}],"fixed_packages":[],"aliases":["CVE-2024-34105","GHSA-5632-wq7m-gfq9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zv6m-4py8-3ydq"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55317?format=json","vulnerability_id":"VCID-96hr-sbyj-27dw","summary":"Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Confidentiality and integrity are considered high due to having admin impact.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-20759","reference_id":"","reference_type":"","scores":[{"value":"0.01627","scoring_system":"epss","scoring_elements":"0.82346","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01627","scoring_system":"epss","scoring_elements":"0.8235","published_at":"2026-06-14T12:55:00Z"},{"value":"0.01627","scoring_system":"epss","scoring_elements":"0.82284","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01627","scoring_system":"epss","scoring_elements":"0.82355","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-20759"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"6.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-18.html","reference_id":"apsb24-18.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"6.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-11T04:01:07Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-18.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-20759","reference_id":"CVE-2024-20759","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"6.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-20759"},{"reference_url":"https://github.com/advisories/GHSA-59vf-hjxc-f9c5","reference_id":"GHSA-59vf-hjxc-f9c5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-59vf-hjxc-f9c5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30245?format=json","purl":"pkg:composer/magento/community-edition@2.4.4-p8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-549e-3kmc-cyfw"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eban-ja9z-f7ep"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-frhp-vgpt-g7am"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-kf6b-mshs-23fa"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xgk2-yecx-q3ff"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-zthr-mpwx-1fef"},{"vulnerability":"VCID-zv6m-4py8-3ydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p8"},{"url":"http://public2.vulnerablecode.io/api/packages/30240?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-158t-bqnb-83d4"},{"vulnerability":"VCID-2t3q-pmg5-qyhn"},{"vulnerability":"VCID-368r-um85-k3d2"},{"vulnerability":"VCID-3s5p-wb18-13ge"},{"vulnerability":"VCID-3uj4-thpr-cue1"},{"vulnerability":"VCID-3ydj-usv4-47fq"},{"vulnerability":"VCID-4b5p-wqtj-7kbe"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-549e-3kmc-cyfw"},{"vulnerability":"VCID-6v47-xgpq-zkgf"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-8365-zgh2-w3cc"},{"vulnerability":"VCID-bftg-2sea-57cv"},{"vulnerability":"VCID-dsy7-gm7v-tqc8"},{"vulnerability":"VCID-eban-ja9z-f7ep"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-frhp-vgpt-g7am"},{"vulnerability":"VCID-gxbc-u5mr-f3c9"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-j9e4-4xta-6qc5"},{"vulnerability":"VCID-jeur-3jww-dqee"},{"vulnerability":"VCID-jyhf-huep-tya2"},{"vulnerability":"VCID-kf6b-mshs-23fa"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-qbx1-jqke-v7hf"},{"vulnerability":"VCID-qnpc-4r4b-3uhx"},{"vulnerability":"VCID-s7t9-h2jx-9bgr"},{"vulnerability":"VCID-u52p-wrjp-quhk"},{"vulnerability":"VCID-vwpg-z9en-6yej"},{"vulnerability":"VCID-wfdz-b6c4-quhq"},{"vulnerability":"VCID-xgk2-yecx-q3ff"},{"vulnerability":"VCID-xmby-7b1y-v3cn"},{"vulnerability":"VCID-zthr-mpwx-1fef"},{"vulnerability":"VCID-zv6m-4py8-3ydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p7"},{"url":"http://public2.vulnerablecode.io/api/packages/30244?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-141w-faqu-w3ay"},{"vulnerability":"VCID-158t-bqnb-83d4"},{"vulnerability":"VCID-16es-u6cy-u3g8"},{"vulnerability":"VCID-1mpb-gzr2-53ar"},{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-2t3q-pmg5-qyhn"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-368r-um85-k3d2"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-3s5p-wb18-13ge"},{"vulnerability":"VCID-3uj4-thpr-cue1"},{"vulnerability":"VCID-3ydj-usv4-47fq"},{"vulnerability":"VCID-4b5p-wqtj-7kbe"},{"vulnerability":"VCID-549e-3kmc-cyfw"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6v47-xgpq-zkgf"},{"vulnerability":"VCID-78hy-q8kh-kyh7"},{"vulnerability":"VCID-7j68-gund-4qhp"},{"vulnerability":"VCID-8365-zgh2-w3cc"},{"vulnerability":"VCID-8gwb-c3ck-37f8"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-a6gj-zm14-aqhq"},{"vulnerability":"VCID-ax9q-y1rb-33b2"},{"vulnerability":"VCID-bfp1-cndf-d7d7"},{"vulnerability":"VCID-bftg-2sea-57cv"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dktm-v3jw-f7de"},{"vulnerability":"VCID-dsy7-gm7v-tqc8"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-e2t8-b5yy-zkhn"},{"vulnerability":"VCID-eban-ja9z-f7ep"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-frhp-vgpt-g7am"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-ggtj-fbzy-87fx"},{"vulnerability":"VCID-gxbc-u5mr-f3c9"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-j9e4-4xta-6qc5"},{"vulnerability":"VCID-jeur-3jww-dqee"},{"vulnerability":"VCID-jyhf-huep-tya2"},{"vulnerability":"VCID-kf6b-mshs-23fa"},{"vulnerability":"VCID-kfct-k5af-n7fu"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-mccb-abc5-9yfs"},{"vulnerability":"VCID-ngx2-ewzf-xbd4"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pb4n-m8cv-9bb7"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-qbx1-jqke-v7hf"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-qnpc-4r4b-3uhx"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-rw4d-b9yt-mbhz"},{"vulnerability":"VCID-s45p-jru3-w3df"},{"vulnerability":"VCID-s7t9-h2jx-9bgr"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twda-bvut-9bhp"},{"vulnerability":"VCID-u52p-wrjp-quhk"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-vgz6-nvj3-xqft"},{"vulnerability":"VCID-vwpg-z9en-6yej"},{"vulnerability":"VCID-wfdz-b6c4-quhq"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-xgk2-yecx-q3ff"},{"vulnerability":"VCID-xmby-7b1y-v3cn"},{"vulnerability":"VCID-za87-d5x9-wuby"},{"vulnerability":"VCID-zthr-mpwx-1fef"},{"vulnerability":"VCID-zv6m-4py8-3ydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p5"},{"url":"http://public2.vulnerablecode.io/api/packages/30243?format=json","purl":"pkg:composer/magento/community-edition@2.4.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-141w-faqu-w3ay"},{"vulnerability":"VCID-158t-bqnb-83d4"},{"vulnerability":"VCID-16es-u6cy-u3g8"},{"vulnerability":"VCID-1mpb-gzr2-53ar"},{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-2t3q-pmg5-qyhn"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-368r-um85-k3d2"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-3s5p-wb18-13ge"},{"vulnerability":"VCID-3uj4-thpr-cue1"},{"vulnerability":"VCID-3ydj-usv4-47fq"},{"vulnerability":"VCID-466x-mpt9-gbgy"},{"vulnerability":"VCID-4b5p-wqtj-7kbe"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-549e-3kmc-cyfw"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-6v47-xgpq-zkgf"},{"vulnerability":"VCID-78hy-q8kh-kyh7"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-7j68-gund-4qhp"},{"vulnerability":"VCID-8365-zgh2-w3cc"},{"vulnerability":"VCID-8gwb-c3ck-37f8"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-a6gj-zm14-aqhq"},{"vulnerability":"VCID-ax9q-y1rb-33b2"},{"vulnerability":"VCID-bfp1-cndf-d7d7"},{"vulnerability":"VCID-bftg-2sea-57cv"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dktm-v3jw-f7de"},{"vulnerability":"VCID-dsy7-gm7v-tqc8"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-e2t8-b5yy-zkhn"},{"vulnerability":"VCID-eban-ja9z-f7ep"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fb5x-afrq-87aj"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-frhp-vgpt-g7am"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-ggtj-fbzy-87fx"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gxbc-u5mr-f3c9"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-j9e4-4xta-6qc5"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-jeur-3jww-dqee"},{"vulnerability":"VCID-jkrp-j7st-27f3"},{"vulnerability":"VCID-jyhf-huep-tya2"},{"vulnerability":"VCID-kf6b-mshs-23fa"},{"vulnerability":"VCID-kfct-k5af-n7fu"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-mccb-abc5-9yfs"},{"vulnerability":"VCID-ngx2-ewzf-xbd4"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pb4n-m8cv-9bb7"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q12a-kwpk-yufv"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qbx1-jqke-v7hf"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-qnpc-4r4b-3uhx"},{"vulnerability":"VCID-qr8w-qwb5-6uag"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-rw4d-b9yt-mbhz"},{"vulnerability":"VCID-s45p-jru3-w3df"},{"vulnerability":"VCID-s7t9-h2jx-9bgr"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twda-bvut-9bhp"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u52p-wrjp-quhk"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-vgz6-nvj3-xqft"},{"vulnerability":"VCID-vwpg-z9en-6yej"},{"vulnerability":"VCID-wfdz-b6c4-quhq"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xgk2-yecx-q3ff"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xmby-7b1y-v3cn"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"},{"vulnerability":"VCID-zthr-mpwx-1fef"},{"vulnerability":"VCID-zv6m-4py8-3ydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7"}],"aliases":["CVE-2024-20759","GHSA-59vf-hjxc-f9c5"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-96hr-sbyj-27dw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55080?format=json","vulnerability_id":"VCID-jnuu-9mt7-jyd5","summary":"Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution on the underlying filesystem. Exploitation of this issue does not require user interaction, but the attack complexity is high.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-20758","reference_id":"","reference_type":"","scores":[{"value":"0.02201","scoring_system":"epss","scoring_elements":"0.84788","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02201","scoring_system":"epss","scoring_elements":"0.84849","published_at":"2026-06-13T12:55:00Z"},{"value":"0.02201","scoring_system":"epss","scoring_elements":"0.84841","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-20758"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-18.html","reference_id":"apsb24-18.html","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-04-11T04:01:06Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-18.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-20758","reference_id":"CVE-2024-20758","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-20758"},{"reference_url":"https://github.com/advisories/GHSA-wh4m-6rh3-p4rq","reference_id":"GHSA-wh4m-6rh3-p4rq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wh4m-6rh3-p4rq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30245?format=json","purl":"pkg:composer/magento/community-edition@2.4.4-p8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-549e-3kmc-cyfw"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eban-ja9z-f7ep"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-frhp-vgpt-g7am"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-kf6b-mshs-23fa"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xgk2-yecx-q3ff"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-zthr-mpwx-1fef"},{"vulnerability":"VCID-zv6m-4py8-3ydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p8"},{"url":"http://public2.vulnerablecode.io/api/packages/30240?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-158t-bqnb-83d4"},{"vulnerability":"VCID-2t3q-pmg5-qyhn"},{"vulnerability":"VCID-368r-um85-k3d2"},{"vulnerability":"VCID-3s5p-wb18-13ge"},{"vulnerability":"VCID-3uj4-thpr-cue1"},{"vulnerability":"VCID-3ydj-usv4-47fq"},{"vulnerability":"VCID-4b5p-wqtj-7kbe"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-549e-3kmc-cyfw"},{"vulnerability":"VCID-6v47-xgpq-zkgf"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-8365-zgh2-w3cc"},{"vulnerability":"VCID-bftg-2sea-57cv"},{"vulnerability":"VCID-dsy7-gm7v-tqc8"},{"vulnerability":"VCID-eban-ja9z-f7ep"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-frhp-vgpt-g7am"},{"vulnerability":"VCID-gxbc-u5mr-f3c9"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-j9e4-4xta-6qc5"},{"vulnerability":"VCID-jeur-3jww-dqee"},{"vulnerability":"VCID-jyhf-huep-tya2"},{"vulnerability":"VCID-kf6b-mshs-23fa"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-qbx1-jqke-v7hf"},{"vulnerability":"VCID-qnpc-4r4b-3uhx"},{"vulnerability":"VCID-s7t9-h2jx-9bgr"},{"vulnerability":"VCID-u52p-wrjp-quhk"},{"vulnerability":"VCID-vwpg-z9en-6yej"},{"vulnerability":"VCID-wfdz-b6c4-quhq"},{"vulnerability":"VCID-xgk2-yecx-q3ff"},{"vulnerability":"VCID-xmby-7b1y-v3cn"},{"vulnerability":"VCID-zthr-mpwx-1fef"},{"vulnerability":"VCID-zv6m-4py8-3ydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p7"},{"url":"http://public2.vulnerablecode.io/api/packages/30244?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-141w-faqu-w3ay"},{"vulnerability":"VCID-158t-bqnb-83d4"},{"vulnerability":"VCID-16es-u6cy-u3g8"},{"vulnerability":"VCID-1mpb-gzr2-53ar"},{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-2t3q-pmg5-qyhn"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-368r-um85-k3d2"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-3s5p-wb18-13ge"},{"vulnerability":"VCID-3uj4-thpr-cue1"},{"vulnerability":"VCID-3ydj-usv4-47fq"},{"vulnerability":"VCID-4b5p-wqtj-7kbe"},{"vulnerability":"VCID-549e-3kmc-cyfw"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6v47-xgpq-zkgf"},{"vulnerability":"VCID-78hy-q8kh-kyh7"},{"vulnerability":"VCID-7j68-gund-4qhp"},{"vulnerability":"VCID-8365-zgh2-w3cc"},{"vulnerability":"VCID-8gwb-c3ck-37f8"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-a6gj-zm14-aqhq"},{"vulnerability":"VCID-ax9q-y1rb-33b2"},{"vulnerability":"VCID-bfp1-cndf-d7d7"},{"vulnerability":"VCID-bftg-2sea-57cv"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dktm-v3jw-f7de"},{"vulnerability":"VCID-dsy7-gm7v-tqc8"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-e2t8-b5yy-zkhn"},{"vulnerability":"VCID-eban-ja9z-f7ep"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-frhp-vgpt-g7am"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-ggtj-fbzy-87fx"},{"vulnerability":"VCID-gxbc-u5mr-f3c9"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-j9e4-4xta-6qc5"},{"vulnerability":"VCID-jeur-3jww-dqee"},{"vulnerability":"VCID-jyhf-huep-tya2"},{"vulnerability":"VCID-kf6b-mshs-23fa"},{"vulnerability":"VCID-kfct-k5af-n7fu"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-mccb-abc5-9yfs"},{"vulnerability":"VCID-ngx2-ewzf-xbd4"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pb4n-m8cv-9bb7"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-qbx1-jqke-v7hf"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-qnpc-4r4b-3uhx"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-rw4d-b9yt-mbhz"},{"vulnerability":"VCID-s45p-jru3-w3df"},{"vulnerability":"VCID-s7t9-h2jx-9bgr"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twda-bvut-9bhp"},{"vulnerability":"VCID-u52p-wrjp-quhk"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-vgz6-nvj3-xqft"},{"vulnerability":"VCID-vwpg-z9en-6yej"},{"vulnerability":"VCID-wfdz-b6c4-quhq"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-xgk2-yecx-q3ff"},{"vulnerability":"VCID-xmby-7b1y-v3cn"},{"vulnerability":"VCID-za87-d5x9-wuby"},{"vulnerability":"VCID-zthr-mpwx-1fef"},{"vulnerability":"VCID-zv6m-4py8-3ydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p5"},{"url":"http://public2.vulnerablecode.io/api/packages/30243?format=json","purl":"pkg:composer/magento/community-edition@2.4.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-141w-faqu-w3ay"},{"vulnerability":"VCID-158t-bqnb-83d4"},{"vulnerability":"VCID-16es-u6cy-u3g8"},{"vulnerability":"VCID-1mpb-gzr2-53ar"},{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-2t3q-pmg5-qyhn"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-368r-um85-k3d2"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-3s5p-wb18-13ge"},{"vulnerability":"VCID-3uj4-thpr-cue1"},{"vulnerability":"VCID-3ydj-usv4-47fq"},{"vulnerability":"VCID-466x-mpt9-gbgy"},{"vulnerability":"VCID-4b5p-wqtj-7kbe"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-549e-3kmc-cyfw"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-6v47-xgpq-zkgf"},{"vulnerability":"VCID-78hy-q8kh-kyh7"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-7j68-gund-4qhp"},{"vulnerability":"VCID-8365-zgh2-w3cc"},{"vulnerability":"VCID-8gwb-c3ck-37f8"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-a6gj-zm14-aqhq"},{"vulnerability":"VCID-ax9q-y1rb-33b2"},{"vulnerability":"VCID-bfp1-cndf-d7d7"},{"vulnerability":"VCID-bftg-2sea-57cv"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dktm-v3jw-f7de"},{"vulnerability":"VCID-dsy7-gm7v-tqc8"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-e2t8-b5yy-zkhn"},{"vulnerability":"VCID-eban-ja9z-f7ep"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fb5x-afrq-87aj"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-frhp-vgpt-g7am"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-ggtj-fbzy-87fx"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gxbc-u5mr-f3c9"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-j9e4-4xta-6qc5"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-jeur-3jww-dqee"},{"vulnerability":"VCID-jkrp-j7st-27f3"},{"vulnerability":"VCID-jyhf-huep-tya2"},{"vulnerability":"VCID-kf6b-mshs-23fa"},{"vulnerability":"VCID-kfct-k5af-n7fu"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-mccb-abc5-9yfs"},{"vulnerability":"VCID-ngx2-ewzf-xbd4"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pb4n-m8cv-9bb7"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q12a-kwpk-yufv"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qbx1-jqke-v7hf"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-qnpc-4r4b-3uhx"},{"vulnerability":"VCID-qr8w-qwb5-6uag"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-rw4d-b9yt-mbhz"},{"vulnerability":"VCID-s45p-jru3-w3df"},{"vulnerability":"VCID-s7t9-h2jx-9bgr"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twda-bvut-9bhp"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u52p-wrjp-quhk"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-vgz6-nvj3-xqft"},{"vulnerability":"VCID-vwpg-z9en-6yej"},{"vulnerability":"VCID-wfdz-b6c4-quhq"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xgk2-yecx-q3ff"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xmby-7b1y-v3cn"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"},{"vulnerability":"VCID-zthr-mpwx-1fef"},{"vulnerability":"VCID-zv6m-4py8-3ydq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7"}],"aliases":["CVE-2024-20758","GHSA-wh4m-6rh3-p4rq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jnuu-9mt7-jyd5"}],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7"}