{"url":"http://public2.vulnerablecode.io/api/packages/33005?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p1","type":"composer","namespace":"magento","name":"community-edition","version":"2.4.7-p1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.4.7-p8","latest_non_vulnerable_version":"2.4.9-alpha3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40651?format=json","vulnerability_id":"VCID-141w-faqu-w3ay","summary":"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45130","reference_id":"","reference_type":"","scores":[{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24182","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24378","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45130"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"apsb24-73.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T14:01:33Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45130","reference_id":"CVE-2024-45130","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45130"},{"reference_url":"https://github.com/advisories/GHSA-v3v6-jfvw-m576","reference_id":"GHSA-v3v6-jfvw-m576","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v3v6-jfvw-m576"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33791?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3"},{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"}],"aliases":["CVE-2024-45130","GHSA-v3v6-jfvw-m576"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-141w-faqu-w3ay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46533?format=json","vulnerability_id":"VCID-158t-bqnb-83d4","summary":"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to gain access to files and directories that are outside the restricted directory. Exploitation of this issue does not require user interaction and scope is changed.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39406","reference_id":"","reference_type":"","scores":[{"value":"0.00916","scoring_system":"epss","scoring_elements":"0.76439","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00916","scoring_system":"epss","scoring_elements":"0.76369","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39406"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"apsb24-61.html","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:12:23Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39406","reference_id":"CVE-2024-39406","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39406"},{"reference_url":"https://github.com/advisories/GHSA-6pxh-2557-5cj5","reference_id":"GHSA-6pxh-2557-5cj5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6pxh-2557-5cj5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33001?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-141w-faqu-w3ay"},{"vulnerability":"VCID-16es-u6cy-u3g8"},{"vulnerability":"VCID-1mpb-gzr2-53ar"},{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-78hy-q8kh-kyh7"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-7j68-gund-4qhp"},{"vulnerability":"VCID-8gwb-c3ck-37f8"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-a6gj-zm14-aqhq"},{"vulnerability":"VCID-ax9q-y1rb-33b2"},{"vulnerability":"VCID-bfp1-cndf-d7d7"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dktm-v3jw-f7de"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-e2t8-b5yy-zkhn"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-ggtj-fbzy-87fx"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kfct-k5af-n7fu"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-mccb-abc5-9yfs"},{"vulnerability":"VCID-ngx2-ewzf-xbd4"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pb4n-m8cv-9bb7"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-rw4d-b9yt-mbhz"},{"vulnerability":"VCID-s45p-jru3-w3df"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twda-bvut-9bhp"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-vgz6-nvj3-xqft"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2"}],"aliases":["CVE-2024-39406","GHSA-6pxh-2557-5cj5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-158t-bqnb-83d4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40581?format=json","vulnerability_id":"VCID-16es-u6cy-u3g8","summary":"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45149","reference_id":"","reference_type":"","scores":[{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34021","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33844","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45149"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"apsb24-73.html","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T14:05:46Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45149","reference_id":"CVE-2024-45149","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45149"},{"reference_url":"https://github.com/advisories/GHSA-w7rg-7wq2-pjrw","reference_id":"GHSA-w7rg-7wq2-pjrw","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w7rg-7wq2-pjrw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33791?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3"},{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"}],"aliases":["CVE-2024-45149","GHSA-w7rg-7wq2-pjrw"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-16es-u6cy-u3g8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40690?format=json","vulnerability_id":"VCID-1mpb-gzr2-53ar","summary":"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45121","reference_id":"","reference_type":"","scores":[{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.25049","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24849","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45121"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"apsb24-73.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T13:55:50Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45121","reference_id":"CVE-2024-45121","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45121"},{"reference_url":"https://github.com/advisories/GHSA-2qhq-fw98-h6wg","reference_id":"GHSA-2qhq-fw98-h6wg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2qhq-fw98-h6wg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33791?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3"},{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"}],"aliases":["CVE-2024-45121","GHSA-2qhq-fw98-h6wg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1mpb-gzr2-53ar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124324?format=json","vulnerability_id":"VCID-1vq9-br2m-dbby","summary":"Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24438","reference_id":"","reference_type":"","scores":[{"value":"0.04462","scoring_system":"epss","scoring_elements":"0.89368","published_at":"2026-06-12T12:55:00Z"},{"value":"0.04462","scoring_system":"epss","scoring_elements":"0.89331","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24438"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24438","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24438"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:43Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-8884-7rm9-mrx4","reference_id":"GHSA-8884-7rm9-mrx4","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8884-7rm9-mrx4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377280?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24438","GHSA-8884-7rm9-mrx4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1vq9-br2m-dbby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46780?format=json","vulnerability_id":"VCID-2t3q-pmg5-qyhn","summary":"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39405","reference_id":"","reference_type":"","scores":[{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46366","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46511","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39405"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"apsb24-61.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:13:21Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39405","reference_id":"CVE-2024-39405","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39405"},{"reference_url":"https://github.com/advisories/GHSA-5g9f-7gqc-8hj4","reference_id":"GHSA-5g9f-7gqc-8hj4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5g9f-7gqc-8hj4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33001?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-141w-faqu-w3ay"},{"vulnerability":"VCID-16es-u6cy-u3g8"},{"vulnerability":"VCID-1mpb-gzr2-53ar"},{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-78hy-q8kh-kyh7"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-7j68-gund-4qhp"},{"vulnerability":"VCID-8gwb-c3ck-37f8"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-a6gj-zm14-aqhq"},{"vulnerability":"VCID-ax9q-y1rb-33b2"},{"vulnerability":"VCID-bfp1-cndf-d7d7"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dktm-v3jw-f7de"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-e2t8-b5yy-zkhn"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-ggtj-fbzy-87fx"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kfct-k5af-n7fu"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-mccb-abc5-9yfs"},{"vulnerability":"VCID-ngx2-ewzf-xbd4"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pb4n-m8cv-9bb7"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-rw4d-b9yt-mbhz"},{"vulnerability":"VCID-s45p-jru3-w3df"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twda-bvut-9bhp"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-vgz6-nvj3-xqft"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2"}],"aliases":["CVE-2024-39405","GHSA-5g9f-7gqc-8hj4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2t3q-pmg5-qyhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124201?format=json","vulnerability_id":"VCID-313z-h2v4-c3fr","summary":"Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24436","reference_id":"","reference_type":"","scores":[{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35373","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.3555","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24436"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24436","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24436"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:48:53Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-ghpr-6qhr-rpp8","reference_id":"GHSA-ghpr-6qhr-rpp8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-ghpr-6qhr-rpp8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377280?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24436","GHSA-ghpr-6qhr-rpp8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-313z-h2v4-c3fr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46531?format=json","vulnerability_id":"VCID-368r-um85-k3d2","summary":"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures to view and edit low-sensitivity information. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39418","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.56177","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.56297","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39418"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"apsb24-61.html","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:08:28Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39418","reference_id":"CVE-2024-39418","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39418"},{"reference_url":"https://github.com/advisories/GHSA-gvgf-pvh5-vjh4","reference_id":"GHSA-gvgf-pvh5-vjh4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gvgf-pvh5-vjh4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33001?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-141w-faqu-w3ay"},{"vulnerability":"VCID-16es-u6cy-u3g8"},{"vulnerability":"VCID-1mpb-gzr2-53ar"},{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-78hy-q8kh-kyh7"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-7j68-gund-4qhp"},{"vulnerability":"VCID-8gwb-c3ck-37f8"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-a6gj-zm14-aqhq"},{"vulnerability":"VCID-ax9q-y1rb-33b2"},{"vulnerability":"VCID-bfp1-cndf-d7d7"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dktm-v3jw-f7de"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-e2t8-b5yy-zkhn"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-ggtj-fbzy-87fx"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kfct-k5af-n7fu"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-mccb-abc5-9yfs"},{"vulnerability":"VCID-ngx2-ewzf-xbd4"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pb4n-m8cv-9bb7"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-rw4d-b9yt-mbhz"},{"vulnerability":"VCID-s45p-jru3-w3df"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twda-bvut-9bhp"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-vgz6-nvj3-xqft"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2"}],"aliases":["CVE-2024-39418","GHSA-gvgf-pvh5-vjh4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-368r-um85-k3d2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124669?format=json","vulnerability_id":"VCID-3a8p-9krx-23e8","summary":"Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access affecting Confidentiality and Integrity. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24411","reference_id":"","reference_type":"","scores":[{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.28891","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29093","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24411"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24411","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24411"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:40Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-36hw-x3cc-m258","reference_id":"GHSA-36hw-x3cc-m258","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-36hw-x3cc-m258"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377280?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24411","GHSA-36hw-x3cc-m258"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3a8p-9krx-23e8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47005?format=json","vulnerability_id":"VCID-3s5p-wb18-13ge","summary":"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. A low-privileged attacker could exploit this vulnerability to gain access to files and directories that are outside the restricted directory. Exploitation of this issue does not require user interaction and scope is changed.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39399","reference_id":"","reference_type":"","scores":[{"value":"0.00842","scoring_system":"epss","scoring_elements":"0.75254","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00842","scoring_system":"epss","scoring_elements":"0.75184","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39399"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"apsb24-61.html","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T14:09:03Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39399","reference_id":"CVE-2024-39399","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39399"},{"reference_url":"https://github.com/advisories/GHSA-7r99-8wqp-h7pc","reference_id":"GHSA-7r99-8wqp-h7pc","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7r99-8wqp-h7pc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33001?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-141w-faqu-w3ay"},{"vulnerability":"VCID-16es-u6cy-u3g8"},{"vulnerability":"VCID-1mpb-gzr2-53ar"},{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-78hy-q8kh-kyh7"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-7j68-gund-4qhp"},{"vulnerability":"VCID-8gwb-c3ck-37f8"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-a6gj-zm14-aqhq"},{"vulnerability":"VCID-ax9q-y1rb-33b2"},{"vulnerability":"VCID-bfp1-cndf-d7d7"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dktm-v3jw-f7de"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-e2t8-b5yy-zkhn"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-ggtj-fbzy-87fx"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kfct-k5af-n7fu"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-mccb-abc5-9yfs"},{"vulnerability":"VCID-ngx2-ewzf-xbd4"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pb4n-m8cv-9bb7"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-rw4d-b9yt-mbhz"},{"vulnerability":"VCID-s45p-jru3-w3df"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twda-bvut-9bhp"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-vgz6-nvj3-xqft"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2"}],"aliases":["CVE-2024-39399","GHSA-7r99-8wqp-h7pc"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3s5p-wb18-13ge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46497?format=json","vulnerability_id":"VCID-3uj4-thpr-cue1","summary":"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39407","reference_id":"","reference_type":"","scores":[{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47859","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.48","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39407"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"apsb24-61.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:10:04Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39407","reference_id":"CVE-2024-39407","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39407"},{"reference_url":"https://github.com/advisories/GHSA-cjm6-8mw8-2f8c","reference_id":"GHSA-cjm6-8mw8-2f8c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cjm6-8mw8-2f8c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33001?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-141w-faqu-w3ay"},{"vulnerability":"VCID-16es-u6cy-u3g8"},{"vulnerability":"VCID-1mpb-gzr2-53ar"},{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-78hy-q8kh-kyh7"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-7j68-gund-4qhp"},{"vulnerability":"VCID-8gwb-c3ck-37f8"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-a6gj-zm14-aqhq"},{"vulnerability":"VCID-ax9q-y1rb-33b2"},{"vulnerability":"VCID-bfp1-cndf-d7d7"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dktm-v3jw-f7de"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-e2t8-b5yy-zkhn"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-ggtj-fbzy-87fx"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kfct-k5af-n7fu"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-mccb-abc5-9yfs"},{"vulnerability":"VCID-ngx2-ewzf-xbd4"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pb4n-m8cv-9bb7"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-rw4d-b9yt-mbhz"},{"vulnerability":"VCID-s45p-jru3-w3df"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twda-bvut-9bhp"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-vgz6-nvj3-xqft"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2"}],"aliases":["CVE-2024-39407","GHSA-cjm6-8mw8-2f8c"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3uj4-thpr-cue1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46502?format=json","vulnerability_id":"VCID-3ydj-usv4-47fq","summary":"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changes on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39410","reference_id":"","reference_type":"","scores":[{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.67045","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.67137","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39410"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"apsb24-61.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:09:47Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39410","reference_id":"CVE-2024-39410","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39410"},{"reference_url":"https://github.com/advisories/GHSA-4323-f82v-f6jr","reference_id":"GHSA-4323-f82v-f6jr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4323-f82v-f6jr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33001?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-141w-faqu-w3ay"},{"vulnerability":"VCID-16es-u6cy-u3g8"},{"vulnerability":"VCID-1mpb-gzr2-53ar"},{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-78hy-q8kh-kyh7"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-7j68-gund-4qhp"},{"vulnerability":"VCID-8gwb-c3ck-37f8"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-a6gj-zm14-aqhq"},{"vulnerability":"VCID-ax9q-y1rb-33b2"},{"vulnerability":"VCID-bfp1-cndf-d7d7"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dktm-v3jw-f7de"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-e2t8-b5yy-zkhn"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-ggtj-fbzy-87fx"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kfct-k5af-n7fu"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-mccb-abc5-9yfs"},{"vulnerability":"VCID-ngx2-ewzf-xbd4"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pb4n-m8cv-9bb7"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-rw4d-b9yt-mbhz"},{"vulnerability":"VCID-s45p-jru3-w3df"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twda-bvut-9bhp"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-vgz6-nvj3-xqft"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2"}],"aliases":["CVE-2024-39410","GHSA-4323-f82v-f6jr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3ydj-usv4-47fq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46929?format=json","vulnerability_id":"VCID-4b5p-wqtj-7kbe","summary":"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changes on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39409","reference_id":"","reference_type":"","scores":[{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.67137","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.67045","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39409"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"apsb24-61.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:11:00Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39409","reference_id":"CVE-2024-39409","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39409"},{"reference_url":"https://github.com/advisories/GHSA-rf4q-m23c-7q8r","reference_id":"GHSA-rf4q-m23c-7q8r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rf4q-m23c-7q8r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33001?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-141w-faqu-w3ay"},{"vulnerability":"VCID-16es-u6cy-u3g8"},{"vulnerability":"VCID-1mpb-gzr2-53ar"},{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-78hy-q8kh-kyh7"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-7j68-gund-4qhp"},{"vulnerability":"VCID-8gwb-c3ck-37f8"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-a6gj-zm14-aqhq"},{"vulnerability":"VCID-ax9q-y1rb-33b2"},{"vulnerability":"VCID-bfp1-cndf-d7d7"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dktm-v3jw-f7de"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-e2t8-b5yy-zkhn"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-ggtj-fbzy-87fx"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kfct-k5af-n7fu"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-mccb-abc5-9yfs"},{"vulnerability":"VCID-ngx2-ewzf-xbd4"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pb4n-m8cv-9bb7"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-rw4d-b9yt-mbhz"},{"vulnerability":"VCID-s45p-jru3-w3df"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twda-bvut-9bhp"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-vgz6-nvj3-xqft"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2"}],"aliases":["CVE-2024-39409","GHSA-rf4q-m23c-7q8r"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4b5p-wqtj-7kbe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88199?format=json","vulnerability_id":"VCID-4nqq-nrne-17a2","summary":"Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. Scope is changed.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54266","reference_id":"","reference_type":"","scores":[{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18174","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18338","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54266"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-94.html","reference_id":"apsb25-94.html","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:24:32Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-94.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54266","reference_id":"CVE-2025-54266","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54266"},{"reference_url":"https://github.com/advisories/GHSA-pcrx-r49h-x2w5","reference_id":"GHSA-pcrx-r49h-x2w5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pcrx-r49h-x2w5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34329?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p8"},{"url":"http://public2.vulnerablecode.io/api/packages/34331?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p3"},{"url":"http://public2.vulnerablecode.io/api/packages/34328?format=json","purl":"pkg:composer/magento/community-edition@2.4.9-alpha3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha3"}],"aliases":["CVE-2025-54266","GHSA-pcrx-r49h-x2w5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4nqq-nrne-17a2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97922?format=json","vulnerability_id":"VCID-53sd-5nuj-e7d9","summary":"Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form fields. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. Scope is changed.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49557","reference_id":"","reference_type":"","scores":[{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.49258","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.4912","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49557"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49557","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49557"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-71.html","reference_id":"apsb25-71.html","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-13T15:04:12Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-71.html"},{"reference_url":"https://github.com/advisories/GHSA-8mq8-c243-2335","reference_id":"GHSA-8mq8-c243-2335","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8mq8-c243-2335"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377520?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-pcm6-819d-6uhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p7"},{"url":"http://public2.vulnerablecode.io/api/packages/34327?format=json","purl":"pkg:composer/magento/community-edition@2.4.9-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha1"}],"aliases":["CVE-2025-49557","GHSA-8mq8-c243-2335"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-53sd-5nuj-e7d9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124340?format=json","vulnerability_id":"VCID-5edy-fp8q-97fp","summary":"Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24417","reference_id":"","reference_type":"","scores":[{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.803","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.80361","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24417"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24417","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24417"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:50Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-g3j6-9753-8mp2","reference_id":"GHSA-g3j6-9753-8mp2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-g3j6-9753-8mp2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377280?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24417","GHSA-g3j6-9753-8mp2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5edy-fp8q-97fp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/87661?format=json","vulnerability_id":"VCID-6d1u-exkw-hbfu","summary":"Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54236","reference_id":"","reference_type":"","scores":[{"value":"0.72152","scoring_system":"epss","scoring_elements":"0.98777","published_at":"2026-06-12T12:55:00Z"},{"value":"0.72152","scoring_system":"epss","scoring_elements":"0.98772","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54236"},{"reference_url":"https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nullsecurityx.codes/cve-2025-54236-sessionreaper-unauthenticated-rce-in-magento","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nullsecurityx.codes/cve-2025-54236-sessionreaper-unauthenticated-rce-in-magento"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54236","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54236"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-54236","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-54236"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-88.html","reference_id":"apsb25-88.html","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-24T14:08:30Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-88.html"},{"reference_url":"https://github.com/advisories/GHSA-wh92-6q6g-px7j","reference_id":"GHSA-wh92-6q6g-px7j","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wh92-6q6g-px7j"}],"fixed_packages":[],"aliases":["CVE-2025-54236","GHSA-wh92-6q6g-px7j"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6d1u-exkw-hbfu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46833?format=json","vulnerability_id":"VCID-6v47-xgpq-zkgf","summary":"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user interaction and scope is changed.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39401","reference_id":"","reference_type":"","scores":[{"value":"0.0264","scoring_system":"epss","scoring_elements":"0.86093","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0264","scoring_system":"epss","scoring_elements":"0.86044","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39401"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"apsb24-61.html","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:10:32Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39401","reference_id":"CVE-2024-39401","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39401"},{"reference_url":"https://github.com/advisories/GHSA-8frp-pxq2-3gpq","reference_id":"GHSA-8frp-pxq2-3gpq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8frp-pxq2-3gpq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33001?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-141w-faqu-w3ay"},{"vulnerability":"VCID-16es-u6cy-u3g8"},{"vulnerability":"VCID-1mpb-gzr2-53ar"},{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-78hy-q8kh-kyh7"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-7j68-gund-4qhp"},{"vulnerability":"VCID-8gwb-c3ck-37f8"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-a6gj-zm14-aqhq"},{"vulnerability":"VCID-ax9q-y1rb-33b2"},{"vulnerability":"VCID-bfp1-cndf-d7d7"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dktm-v3jw-f7de"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-e2t8-b5yy-zkhn"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-ggtj-fbzy-87fx"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kfct-k5af-n7fu"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-mccb-abc5-9yfs"},{"vulnerability":"VCID-ngx2-ewzf-xbd4"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pb4n-m8cv-9bb7"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-rw4d-b9yt-mbhz"},{"vulnerability":"VCID-s45p-jru3-w3df"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twda-bvut-9bhp"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-vgz6-nvj3-xqft"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2"}],"aliases":["CVE-2024-39401","GHSA-8frp-pxq2-3gpq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6v47-xgpq-zkgf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40736?format=json","vulnerability_id":"VCID-78hy-q8kh-kyh7","summary":"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45123","reference_id":"","reference_type":"","scores":[{"value":"0.01248","scoring_system":"epss","scoring_elements":"0.79788","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01248","scoring_system":"epss","scoring_elements":"0.79723","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45123"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"apsb24-73.html","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T13:55:45Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45123","reference_id":"CVE-2024-45123","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45123"},{"reference_url":"https://github.com/advisories/GHSA-88x2-cq34-5fwc","reference_id":"GHSA-88x2-cq34-5fwc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-88x2-cq34-5fwc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33791?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3"},{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"}],"aliases":["CVE-2024-45123","GHSA-88x2-cq34-5fwc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-78hy-q8kh-kyh7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88207?format=json","vulnerability_id":"VCID-7bmk-3ab2-9ba6","summary":"Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to elevated privileges that increase integrity impact to high. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54267","reference_id":"","reference_type":"","scores":[{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20479","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20657","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54267"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-94.html","reference_id":"apsb25-94.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-16T03:56:04Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-94.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54267","reference_id":"CVE-2025-54267","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54267"},{"reference_url":"https://github.com/advisories/GHSA-qvwr-p3hj-j6jf","reference_id":"GHSA-qvwr-p3hj-j6jf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qvwr-p3hj-j6jf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34329?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p8"},{"url":"http://public2.vulnerablecode.io/api/packages/34331?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p3"},{"url":"http://public2.vulnerablecode.io/api/packages/34328?format=json","purl":"pkg:composer/magento/community-edition@2.4.9-alpha3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha3"}],"aliases":["CVE-2025-54267","GHSA-qvwr-p3hj-j6jf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7bmk-3ab2-9ba6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40263?format=json","vulnerability_id":"VCID-7j68-gund-4qhp","summary":"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect confidentiality. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45132","reference_id":"","reference_type":"","scores":[{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32503","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.3232","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45132"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"apsb24-73.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T14:02:03Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45132","reference_id":"CVE-2024-45132","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45132"},{"reference_url":"https://github.com/advisories/GHSA-5f64-ppmg-cvvm","reference_id":"GHSA-5f64-ppmg-cvvm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5f64-ppmg-cvvm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33791?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3"},{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"}],"aliases":["CVE-2024-45132","GHSA-5f64-ppmg-cvvm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7j68-gund-4qhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46839?format=json","vulnerability_id":"VCID-8365-zgh2-w3cc","summary":"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39413","reference_id":"","reference_type":"","scores":[{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.54261","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.54386","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39413"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"apsb24-61.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:08:47Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39413","reference_id":"CVE-2024-39413","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39413"},{"reference_url":"https://github.com/advisories/GHSA-8w5f-8992-g86j","reference_id":"GHSA-8w5f-8992-g86j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8w5f-8992-g86j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33001?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-141w-faqu-w3ay"},{"vulnerability":"VCID-16es-u6cy-u3g8"},{"vulnerability":"VCID-1mpb-gzr2-53ar"},{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-78hy-q8kh-kyh7"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-7j68-gund-4qhp"},{"vulnerability":"VCID-8gwb-c3ck-37f8"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-a6gj-zm14-aqhq"},{"vulnerability":"VCID-ax9q-y1rb-33b2"},{"vulnerability":"VCID-bfp1-cndf-d7d7"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dktm-v3jw-f7de"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-e2t8-b5yy-zkhn"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-ggtj-fbzy-87fx"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kfct-k5af-n7fu"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-mccb-abc5-9yfs"},{"vulnerability":"VCID-ngx2-ewzf-xbd4"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pb4n-m8cv-9bb7"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-rw4d-b9yt-mbhz"},{"vulnerability":"VCID-s45p-jru3-w3df"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twda-bvut-9bhp"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-vgz6-nvj3-xqft"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2"}],"aliases":["CVE-2024-39413","GHSA-8w5f-8992-g86j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8365-zgh2-w3cc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40569?format=json","vulnerability_id":"VCID-8gwb-c3ck-37f8","summary":"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45129","reference_id":"","reference_type":"","scores":[{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24182","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24378","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45129"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"apsb24-73.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T14:07:37Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45129","reference_id":"CVE-2024-45129","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45129"},{"reference_url":"https://github.com/advisories/GHSA-m58h-998x-66f3","reference_id":"GHSA-m58h-998x-66f3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m58h-998x-66f3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33791?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3"},{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"}],"aliases":["CVE-2024-45129","GHSA-m58h-998x-66f3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8gwb-c3ck-37f8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98404?format=json","vulnerability_id":"VCID-9gb1-p5qf-3kd2","summary":"Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability by manipulating the timing between the check of a resource's state and its use, allowing unauthorized write access. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49558","reference_id":"","reference_type":"","scores":[{"value":"0.01616","scoring_system":"epss","scoring_elements":"0.82277","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01616","scoring_system":"epss","scoring_elements":"0.82215","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49558"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49558","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49558"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-71.html","reference_id":"apsb25-71.html","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-13T15:04:13Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-71.html"},{"reference_url":"https://github.com/advisories/GHSA-wcmw-8xpp-rwfj","reference_id":"GHSA-wcmw-8xpp-rwfj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wcmw-8xpp-rwfj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377520?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-pcm6-819d-6uhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p7"},{"url":"http://public2.vulnerablecode.io/api/packages/377519?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-pcm6-819d-6uhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p2"},{"url":"http://public2.vulnerablecode.io/api/packages/377518?format=json","purl":"pkg:composer/magento/community-edition@2.4.9-alpha2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-pcm6-819d-6uhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha2"}],"aliases":["CVE-2025-49558","GHSA-wcmw-8xpp-rwfj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9gb1-p5qf-3kd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124633?format=json","vulnerability_id":"VCID-9gbf-swtt-7bhz","summary":"Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24424","reference_id":"","reference_type":"","scores":[{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45317","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45466","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24424"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24424","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24424"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:48:44Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-539v-w87w-w62c","reference_id":"GHSA-539v-w87w-w62c","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-539v-w87w-w62c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377280?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24424","GHSA-539v-w87w-w62c"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9gbf-swtt-7bhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40380?format=json","vulnerability_id":"VCID-a6gj-zm14-aqhq","summary":"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity and availability. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45128","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.14085","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13962","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45128"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"apsb24-73.html","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T13:53:58Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45128","reference_id":"CVE-2024-45128","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45128"},{"reference_url":"https://github.com/advisories/GHSA-qpp7-742q-58j3","reference_id":"GHSA-qpp7-742q-58j3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qpp7-742q-58j3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33791?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3"},{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"}],"aliases":["CVE-2024-45128","GHSA-qpp7-742q-58j3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a6gj-zm14-aqhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40470?format=json","vulnerability_id":"VCID-ax9q-y1rb-33b2","summary":"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45124","reference_id":"","reference_type":"","scores":[{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27116","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26913","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45124"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"apsb24-73.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-10T13:54:17Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45124","reference_id":"CVE-2024-45124","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45124"},{"reference_url":"https://github.com/advisories/GHSA-w3p2-pc3h-69wv","reference_id":"GHSA-w3p2-pc3h-69wv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w3p2-pc3h-69wv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33791?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3"},{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"}],"aliases":["CVE-2024-45124","GHSA-w3p2-pc3h-69wv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ax9q-y1rb-33b2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40273?format=json","vulnerability_id":"VCID-bfp1-cndf-d7d7","summary":"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45119","reference_id":"","reference_type":"","scores":[{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57905","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57792","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45119"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"apsb24-73.html","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T13:58:44Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45119","reference_id":"CVE-2024-45119","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45119"},{"reference_url":"https://github.com/advisories/GHSA-g9fm-wc6h-pvgj","reference_id":"GHSA-g9fm-wc6h-pvgj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g9fm-wc6h-pvgj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33791?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3"},{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"}],"aliases":["CVE-2024-45119","GHSA-g9fm-wc6h-pvgj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bfp1-cndf-d7d7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46971?format=json","vulnerability_id":"VCID-bftg-2sea-57cv","summary":"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39419","reference_id":"","reference_type":"","scores":[{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46366","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46511","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39419"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"apsb24-61.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:08:00Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39419","reference_id":"CVE-2024-39419","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39419"},{"reference_url":"https://github.com/advisories/GHSA-74w7-cr4v-wf2v","reference_id":"GHSA-74w7-cr4v-wf2v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-74w7-cr4v-wf2v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33001?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-141w-faqu-w3ay"},{"vulnerability":"VCID-16es-u6cy-u3g8"},{"vulnerability":"VCID-1mpb-gzr2-53ar"},{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-78hy-q8kh-kyh7"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-7j68-gund-4qhp"},{"vulnerability":"VCID-8gwb-c3ck-37f8"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-a6gj-zm14-aqhq"},{"vulnerability":"VCID-ax9q-y1rb-33b2"},{"vulnerability":"VCID-bfp1-cndf-d7d7"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dktm-v3jw-f7de"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-e2t8-b5yy-zkhn"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-ggtj-fbzy-87fx"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kfct-k5af-n7fu"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-mccb-abc5-9yfs"},{"vulnerability":"VCID-ngx2-ewzf-xbd4"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pb4n-m8cv-9bb7"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-rw4d-b9yt-mbhz"},{"vulnerability":"VCID-s45p-jru3-w3df"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twda-bvut-9bhp"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-vgz6-nvj3-xqft"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2"}],"aliases":["CVE-2024-39419","GHSA-74w7-cr4v-wf2v"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bftg-2sea-57cv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/117174?format=json","vulnerability_id":"VCID-bvfd-gs5b-dyg7","summary":"Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27190","reference_id":"","reference_type":"","scores":[{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50382","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50515","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27190"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27190","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27190"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-26.html","reference_id":"apsb25-26.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-08T20:53:02Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-26.html"},{"reference_url":"https://github.com/advisories/GHSA-6wq7-cg9h-mj6q","reference_id":"GHSA-6wq7-cg9h-mj6q","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6wq7-cg9h-mj6q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376302?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p5"},{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-27190","GHSA-6wq7-cg9h-mj6q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bvfd-gs5b-dyg7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124816?format=json","vulnerability_id":"VCID-ctrj-y3d6-a7dv","summary":"Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24434","reference_id":"","reference_type":"","scores":[{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44103","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44257","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24434"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24434","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24434"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:37Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-fppq-f2m6-xv5c","reference_id":"GHSA-fppq-f2m6-xv5c","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fppq-f2m6-xv5c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377280?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24434","GHSA-fppq-f2m6-xv5c"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ctrj-y3d6-a7dv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124822?format=json","vulnerability_id":"VCID-cyy2-3rr3-jkc8","summary":"Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to read select data. Exploitation of this issue does not require user interaction","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24421","reference_id":"","reference_type":"","scores":[{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.3555","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35373","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24421"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24421","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24421"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:49:01Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-v6r2-425c-hfrr","reference_id":"GHSA-v6r2-425c-hfrr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-v6r2-425c-hfrr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377280?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24421","GHSA-v6r2-425c-hfrr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cyy2-3rr3-jkc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124768?format=json","vulnerability_id":"VCID-d9zc-rh9p-4bde","summary":"Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass allowing read only access. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24429","reference_id":"","reference_type":"","scores":[{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39695","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39865","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24429"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24429","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24429"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:48:50Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-656q-fx2w-8ccv","reference_id":"GHSA-656q-fx2w-8ccv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-656q-fx2w-8ccv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377280?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24429","GHSA-656q-fx2w-8ccv"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d9zc-rh9p-4bde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40181?format=json","vulnerability_id":"VCID-dktm-v3jw-f7de","summary":"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to a security feature bypass. An attacker could exploit this vulnerability to alter a condition between the check and the use of a resource, having a low impact on integrity. Exploitation of this issue requires user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45120","reference_id":"","reference_type":"","scores":[{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22698","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22503","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45120"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"apsb24-73.html","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T14:01:07Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45120","reference_id":"CVE-2024-45120","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45120"},{"reference_url":"https://github.com/advisories/GHSA-47jp-46c9-25vf","reference_id":"GHSA-47jp-46c9-25vf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-47jp-46c9-25vf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33791?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3"},{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"}],"aliases":["CVE-2024-45120","GHSA-47jp-46c9-25vf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dktm-v3jw-f7de"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46517?format=json","vulnerability_id":"VCID-dsy7-gm7v-tqc8","summary":"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39415","reference_id":"","reference_type":"","scores":[{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.54261","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.54386","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39415"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"apsb24-61.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:13:06Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39415","reference_id":"CVE-2024-39415","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39415"},{"reference_url":"https://github.com/advisories/GHSA-gj93-84g5-mcjq","reference_id":"GHSA-gj93-84g5-mcjq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gj93-84g5-mcjq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33001?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-141w-faqu-w3ay"},{"vulnerability":"VCID-16es-u6cy-u3g8"},{"vulnerability":"VCID-1mpb-gzr2-53ar"},{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-78hy-q8kh-kyh7"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-7j68-gund-4qhp"},{"vulnerability":"VCID-8gwb-c3ck-37f8"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-a6gj-zm14-aqhq"},{"vulnerability":"VCID-ax9q-y1rb-33b2"},{"vulnerability":"VCID-bfp1-cndf-d7d7"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dktm-v3jw-f7de"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-e2t8-b5yy-zkhn"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-ggtj-fbzy-87fx"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kfct-k5af-n7fu"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-mccb-abc5-9yfs"},{"vulnerability":"VCID-ngx2-ewzf-xbd4"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pb4n-m8cv-9bb7"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-rw4d-b9yt-mbhz"},{"vulnerability":"VCID-s45p-jru3-w3df"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twda-bvut-9bhp"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-vgz6-nvj3-xqft"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2"}],"aliases":["CVE-2024-39415","GHSA-gj93-84g5-mcjq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dsy7-gm7v-tqc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124253?format=json","vulnerability_id":"VCID-dytj-h56v-bke9","summary":"Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to modify limited fields. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24435","reference_id":"","reference_type":"","scores":[{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40491","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40659","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24435"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24435","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24435"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:49:16Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-82p4-55gj-956p","reference_id":"GHSA-82p4-55gj-956p","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-82p4-55gj-956p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377280?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24435","GHSA-82p4-55gj-956p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dytj-h56v-bke9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40291?format=json","vulnerability_id":"VCID-e2t8-b5yy-zkhn","summary":"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An admin attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45135","reference_id":"","reference_type":"","scores":[{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34623","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34446","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45135"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"apsb24-73.html","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T14:00:24Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45135","reference_id":"CVE-2024-45135","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45135"},{"reference_url":"https://github.com/advisories/GHSA-8pxg-gcp4-57ww","reference_id":"GHSA-8pxg-gcp4-57ww","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8pxg-gcp4-57ww"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33791?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3"},{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"}],"aliases":["CVE-2024-45135","GHSA-8pxg-gcp4-57ww"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e2t8-b5yy-zkhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124732?format=json","vulnerability_id":"VCID-esjc-zzqy-nycf","summary":"Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Information Exposure vulnerability that could result in privilege escalation. A low-privileged attacker could gain unauthorized access to sensitive information. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24408","reference_id":"","reference_type":"","scores":[{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.5972","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59828","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24408"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24408","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24408"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:49:13Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-3cfg-w257-cgf8","reference_id":"GHSA-3cfg-w257-cgf8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3cfg-w257-cgf8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377280?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24408","GHSA-3cfg-w257-cgf8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-esjc-zzqy-nycf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88335?format=json","vulnerability_id":"VCID-eusf-bc81-9uhv","summary":"Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-privileged attacker could leverage this vulnerability to bypass security measures and maintain unauthorized access. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54263","reference_id":"","reference_type":"","scores":[{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.26114","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25914","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54263"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-94.html","reference_id":"apsb25-94.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:29Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-94.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54263","reference_id":"CVE-2025-54263","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54263"},{"reference_url":"https://github.com/advisories/GHSA-69x9-xp2j-w8g8","reference_id":"GHSA-69x9-xp2j-w8g8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-69x9-xp2j-w8g8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34329?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p8"},{"url":"http://public2.vulnerablecode.io/api/packages/34331?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p3"},{"url":"http://public2.vulnerablecode.io/api/packages/34328?format=json","purl":"pkg:composer/magento/community-edition@2.4.9-alpha3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha3"}],"aliases":["CVE-2025-54263","GHSA-69x9-xp2j-w8g8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eusf-bc81-9uhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124891?format=json","vulnerability_id":"VCID-ferd-u8gt-akds","summary":"Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to a security feature bypass. An unauthenticated attacker could exploit this vulnerability to modify files that are stored outside the restricted directory. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24406","reference_id":"","reference_type":"","scores":[{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46829","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46685","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24406"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24406","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24406"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:51:36Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-954p-ff72-327w","reference_id":"GHSA-954p-ff72-327w","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-954p-ff72-327w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377280?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24406","GHSA-954p-ff72-327w"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ferd-u8gt-akds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97905?format=json","vulnerability_id":"VCID-fqkf-67fw-cyb8","summary":"Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to modify limited data. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49559","reference_id":"","reference_type":"","scores":[{"value":"0.02291","scoring_system":"epss","scoring_elements":"0.85068","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02291","scoring_system":"epss","scoring_elements":"0.85121","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49559"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49559","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49559"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-71.html","reference_id":"apsb25-71.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-13T15:04:14Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-71.html"},{"reference_url":"https://github.com/advisories/GHSA-h4f4-gv6h-x824","reference_id":"GHSA-h4f4-gv6h-x824","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-h4f4-gv6h-x824"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377520?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-pcm6-819d-6uhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p7"},{"url":"http://public2.vulnerablecode.io/api/packages/377519?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-pcm6-819d-6uhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p2"},{"url":"http://public2.vulnerablecode.io/api/packages/377518?format=json","purl":"pkg:composer/magento/community-edition@2.4.9-alpha2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-pcm6-819d-6uhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha2"}],"aliases":["CVE-2025-49559","GHSA-h4f4-gv6h-x824"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fqkf-67fw-cyb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124047?format=json","vulnerability_id":"VCID-gac9-1nnp-67cc","summary":"Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this race condition to alter a condition after it has been checked but before it is used, potentially bypassing rate limiting mechanisms. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24432","reference_id":"","reference_type":"","scores":[{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27887","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27686","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24432"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24432","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24432"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T19:09:50Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-7jmr-43qj-pw47","reference_id":"GHSA-7jmr-43qj-pw47","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7jmr-43qj-pw47"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377280?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24432","GHSA-7jmr-43qj-pw47"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gac9-1nnp-67cc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98222?format=json","vulnerability_id":"VCID-gakd-m2af-z7c2","summary":"Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized access. Exploitation of this issue requires user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49550","reference_id":"","reference_type":"","scores":[{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.65051","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64951","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49550"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49550","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49550"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-50.html","reference_id":"apsb25-50.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T18:07:51Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-50.html"},{"reference_url":"https://github.com/advisories/GHSA-8hcx-xvww-6c6h","reference_id":"GHSA-8hcx-xvww-6c6h","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8hcx-xvww-6c6h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/378548?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p6"},{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/34327?format=json","purl":"pkg:composer/magento/community-edition@2.4.9-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha1"}],"aliases":["CVE-2025-49550","GHSA-8hcx-xvww-6c6h"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gakd-m2af-z7c2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40168?format=json","vulnerability_id":"VCID-ggtj-fbzy-87fx","summary":"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45122","reference_id":"","reference_type":"","scores":[{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30682","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30485","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45122"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"apsb24-73.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T13:59:49Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45122","reference_id":"CVE-2024-45122","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45122"},{"reference_url":"https://github.com/advisories/GHSA-46fm-x82m-5f74","reference_id":"GHSA-46fm-x82m-5f74","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-46fm-x82m-5f74"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33791?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3"},{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"}],"aliases":["CVE-2024-45122","GHSA-46fm-x82m-5f74"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ggtj-fbzy-87fx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98053?format=json","vulnerability_id":"VCID-gx3s-7cxk-pyfc","summary":"Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction, and scope is unchanged.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49556","reference_id":"","reference_type":"","scores":[{"value":"0.01048","scoring_system":"epss","scoring_elements":"0.77994","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01048","scoring_system":"epss","scoring_elements":"0.77927","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49556"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49556","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49556"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-71.html","reference_id":"apsb25-71.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-13T14:18:25Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-71.html"},{"reference_url":"https://github.com/advisories/GHSA-7hrj-3c9x-xv5h","reference_id":"GHSA-7hrj-3c9x-xv5h","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7hrj-3c9x-xv5h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377520?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-pcm6-819d-6uhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p7"},{"url":"http://public2.vulnerablecode.io/api/packages/377519?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-pcm6-819d-6uhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p2"},{"url":"http://public2.vulnerablecode.io/api/packages/377518?format=json","purl":"pkg:composer/magento/community-edition@2.4.9-alpha2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-pcm6-819d-6uhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha2"}],"aliases":["CVE-2025-49556","GHSA-7hrj-3c9x-xv5h"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gx3s-7cxk-pyfc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46736?format=json","vulnerability_id":"VCID-gxbc-u5mr-f3c9","summary":"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Confidentiality impact is high due to the attacker being able to exfiltrate sensitive information.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39403","reference_id":"","reference_type":"","scores":[{"value":"0.02812","scoring_system":"epss","scoring_elements":"0.86504","published_at":"2026-06-12T12:55:00Z"},{"value":"0.02812","scoring_system":"epss","scoring_elements":"0.86453","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39403"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"apsb24-61.html","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:08:14Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39403","reference_id":"CVE-2024-39403","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39403"},{"reference_url":"https://github.com/advisories/GHSA-mmp7-8cg4-9wrg","reference_id":"GHSA-mmp7-8cg4-9wrg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mmp7-8cg4-9wrg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33001?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-141w-faqu-w3ay"},{"vulnerability":"VCID-16es-u6cy-u3g8"},{"vulnerability":"VCID-1mpb-gzr2-53ar"},{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-78hy-q8kh-kyh7"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-7j68-gund-4qhp"},{"vulnerability":"VCID-8gwb-c3ck-37f8"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-a6gj-zm14-aqhq"},{"vulnerability":"VCID-ax9q-y1rb-33b2"},{"vulnerability":"VCID-bfp1-cndf-d7d7"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dktm-v3jw-f7de"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-e2t8-b5yy-zkhn"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-ggtj-fbzy-87fx"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kfct-k5af-n7fu"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-mccb-abc5-9yfs"},{"vulnerability":"VCID-ngx2-ewzf-xbd4"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pb4n-m8cv-9bb7"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-rw4d-b9yt-mbhz"},{"vulnerability":"VCID-s45p-jru3-w3df"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twda-bvut-9bhp"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-vgz6-nvj3-xqft"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2"}],"aliases":["CVE-2024-39403","GHSA-mmp7-8cg4-9wrg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gxbc-u5mr-f3c9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124171?format=json","vulnerability_id":"VCID-gzga-qjaf-kugh","summary":"Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24428","reference_id":"","reference_type":"","scores":[{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77716","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77648","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24428"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24428","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24428"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:49:10Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-mm87-rrqx-94cr","reference_id":"GHSA-mm87-rrqx-94cr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mm87-rrqx-94cr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377280?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24428","GHSA-mm87-rrqx-94cr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gzga-qjaf-kugh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/87827?format=json","vulnerability_id":"VCID-h2ju-dedu-fqad","summary":"Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54265","reference_id":"","reference_type":"","scores":[{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29688","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29491","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54265"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-94.html","reference_id":"apsb25-94.html","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T20:35:42Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-94.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54265","reference_id":"CVE-2025-54265","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54265"},{"reference_url":"https://github.com/advisories/GHSA-r355-75hw-r8jf","reference_id":"GHSA-r355-75hw-r8jf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r355-75hw-r8jf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34329?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p8"},{"url":"http://public2.vulnerablecode.io/api/packages/34331?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p3"},{"url":"http://public2.vulnerablecode.io/api/packages/34328?format=json","purl":"pkg:composer/magento/community-edition@2.4.9-alpha3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha3"}],"aliases":["CVE-2025-54265","GHSA-r355-75hw-r8jf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h2ju-dedu-fqad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46560?format=json","vulnerability_id":"VCID-j9e4-4xta-6qc5","summary":"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39414","reference_id":"","reference_type":"","scores":[{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55433","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55553","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39414"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"apsb24-61.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:11:42Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39414","reference_id":"CVE-2024-39414","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39414"},{"reference_url":"https://github.com/advisories/GHSA-x6f9-hv9r-fgq4","reference_id":"GHSA-x6f9-hv9r-fgq4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x6f9-hv9r-fgq4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33001?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-141w-faqu-w3ay"},{"vulnerability":"VCID-16es-u6cy-u3g8"},{"vulnerability":"VCID-1mpb-gzr2-53ar"},{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-78hy-q8kh-kyh7"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-7j68-gund-4qhp"},{"vulnerability":"VCID-8gwb-c3ck-37f8"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-a6gj-zm14-aqhq"},{"vulnerability":"VCID-ax9q-y1rb-33b2"},{"vulnerability":"VCID-bfp1-cndf-d7d7"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dktm-v3jw-f7de"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-e2t8-b5yy-zkhn"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-ggtj-fbzy-87fx"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kfct-k5af-n7fu"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-mccb-abc5-9yfs"},{"vulnerability":"VCID-ngx2-ewzf-xbd4"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pb4n-m8cv-9bb7"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-rw4d-b9yt-mbhz"},{"vulnerability":"VCID-s45p-jru3-w3df"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twda-bvut-9bhp"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-vgz6-nvj3-xqft"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2"}],"aliases":["CVE-2024-39414","GHSA-x6f9-hv9r-fgq4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j9e4-4xta-6qc5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/117136?format=json","vulnerability_id":"VCID-jc6r-vmnc-r3g9","summary":"Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27188","reference_id":"","reference_type":"","scores":[{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36317","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36497","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27188"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27188","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27188"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-26.html","reference_id":"apsb25-26.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T20:53:30Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-26.html"},{"reference_url":"https://github.com/advisories/GHSA-rr2g-rrjj-xw86","reference_id":"GHSA-rr2g-rrjj-xw86","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rr2g-rrjj-xw86"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376302?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p5"},{"url":"http://public2.vulnerablecode.io/api/packages/34325?format=json","purl":"pkg:composer/magento/community-edition@2.4.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8"}],"aliases":["CVE-2025-27188","GHSA-rr2g-rrjj-xw86"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jc6r-vmnc-r3g9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46412?format=json","vulnerability_id":"VCID-jeur-3jww-dqee","summary":"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and perform a minor integrity change. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39412","reference_id":"","reference_type":"","scores":[{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50751","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50617","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39412"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"apsb24-61.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:11:56Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39412","reference_id":"CVE-2024-39412","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39412"},{"reference_url":"https://github.com/advisories/GHSA-7472-vw39-g2j3","reference_id":"GHSA-7472-vw39-g2j3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7472-vw39-g2j3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33001?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-141w-faqu-w3ay"},{"vulnerability":"VCID-16es-u6cy-u3g8"},{"vulnerability":"VCID-1mpb-gzr2-53ar"},{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-78hy-q8kh-kyh7"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-7j68-gund-4qhp"},{"vulnerability":"VCID-8gwb-c3ck-37f8"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-a6gj-zm14-aqhq"},{"vulnerability":"VCID-ax9q-y1rb-33b2"},{"vulnerability":"VCID-bfp1-cndf-d7d7"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dktm-v3jw-f7de"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-e2t8-b5yy-zkhn"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-ggtj-fbzy-87fx"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kfct-k5af-n7fu"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-mccb-abc5-9yfs"},{"vulnerability":"VCID-ngx2-ewzf-xbd4"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pb4n-m8cv-9bb7"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-rw4d-b9yt-mbhz"},{"vulnerability":"VCID-s45p-jru3-w3df"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twda-bvut-9bhp"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-vgz6-nvj3-xqft"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2"}],"aliases":["CVE-2024-39412","GHSA-7472-vw39-g2j3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jeur-3jww-dqee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46759?format=json","vulnerability_id":"VCID-jyhf-huep-tya2","summary":"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to perform brute force attacks and potentially gain unauthorized access to accounts. Exploitation of this issue does not require user interaction, but attack complexity is high.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39398","reference_id":"","reference_type":"","scores":[{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.47218","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.47077","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39398"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"apsb24-61.html","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:10:17Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39398","reference_id":"CVE-2024-39398","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39398"},{"reference_url":"https://github.com/advisories/GHSA-q628-54wg-4r5q","reference_id":"GHSA-q628-54wg-4r5q","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q628-54wg-4r5q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33001?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-141w-faqu-w3ay"},{"vulnerability":"VCID-16es-u6cy-u3g8"},{"vulnerability":"VCID-1mpb-gzr2-53ar"},{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-78hy-q8kh-kyh7"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-7j68-gund-4qhp"},{"vulnerability":"VCID-8gwb-c3ck-37f8"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-a6gj-zm14-aqhq"},{"vulnerability":"VCID-ax9q-y1rb-33b2"},{"vulnerability":"VCID-bfp1-cndf-d7d7"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dktm-v3jw-f7de"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-e2t8-b5yy-zkhn"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-ggtj-fbzy-87fx"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kfct-k5af-n7fu"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-mccb-abc5-9yfs"},{"vulnerability":"VCID-ngx2-ewzf-xbd4"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pb4n-m8cv-9bb7"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-rw4d-b9yt-mbhz"},{"vulnerability":"VCID-s45p-jru3-w3df"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twda-bvut-9bhp"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-vgz6-nvj3-xqft"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2"}],"aliases":["CVE-2024-39398","GHSA-q628-54wg-4r5q"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jyhf-huep-tya2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40170?format=json","vulnerability_id":"VCID-kfct-k5af-n7fu","summary":"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code. If an admin attacker can trick a user into clicking a specially crafted link or submitting a form, malicious scripts may be executed within the context of the victim's browser and have high impact on confidentiality and integrity. Exploitation of this issue requires user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45116","reference_id":"","reference_type":"","scores":[{"value":"0.01833","scoring_system":"epss","scoring_elements":"0.83391","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01833","scoring_system":"epss","scoring_elements":"0.8333","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45116"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"6.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"apsb24-73.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"6.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-10T13:56:29Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45116","reference_id":"CVE-2024-45116","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"6.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45116"},{"reference_url":"https://github.com/advisories/GHSA-873m-72g6-853g","reference_id":"GHSA-873m-72g6-853g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-873m-72g6-853g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33791?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3"},{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"}],"aliases":["CVE-2024-45116","GHSA-873m-72g6-853g"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kfct-k5af-n7fu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124493?format=json","vulnerability_id":"VCID-kjc9-vrhf-hfav","summary":"Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24427","reference_id":"","reference_type":"","scores":[{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40491","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40659","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24427"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24427","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24427"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:49:04Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-v3hq-g424-5mgg","reference_id":"GHSA-v3hq-g424-5mgg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-v3hq-g424-5mgg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377280?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24427","GHSA-v3hq-g424-5mgg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kjc9-vrhf-hfav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97819?format=json","vulnerability_id":"VCID-ktnj-j4xu-uufs","summary":"Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in privilege escalation. A high-privileged attacker could trick a victim into executing unintended actions on a web application where the victim is authenticated, potentially allowing unauthorized access or modification of sensitive data. Exploitation of this issue requires user interaction in that a victim must visit a malicious website or click on a crafted link. Scope is changed.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49555","reference_id":"","reference_type":"","scores":[{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.59261","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.59149","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49555"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49555","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49555"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-71.html","reference_id":"apsb25-71.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-13T15:04:10Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-71.html"},{"reference_url":"https://github.com/advisories/GHSA-5777-jj7p-mpqw","reference_id":"GHSA-5777-jj7p-mpqw","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5777-jj7p-mpqw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377520?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-pcm6-819d-6uhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p7"},{"url":"http://public2.vulnerablecode.io/api/packages/377519?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-pcm6-819d-6uhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p2"},{"url":"http://public2.vulnerablecode.io/api/packages/377518?format=json","purl":"pkg:composer/magento/community-edition@2.4.9-alpha2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-pcm6-819d-6uhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha2"}],"aliases":["CVE-2025-49555","GHSA-5777-jj7p-mpqw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ktnj-j4xu-uufs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/116898?format=json","vulnerability_id":"VCID-kxjv-xm7r-hkhs","summary":"Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27191","reference_id":"","reference_type":"","scores":[{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50382","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50515","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27191"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27191","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27191"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-26.html","reference_id":"apsb25-26.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-08T20:53:08Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-26.html"},{"reference_url":"https://github.com/advisories/GHSA-vhcq-4xrm-2cr2","reference_id":"GHSA-vhcq-4xrm-2cr2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-vhcq-4xrm-2cr2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376302?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p5"},{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-27191","GHSA-vhcq-4xrm-2cr2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kxjv-xm7r-hkhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40233?format=json","vulnerability_id":"VCID-mccb-abc5-9yfs","summary":"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have high impact on integrity. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45118","reference_id":"","reference_type":"","scores":[{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.25049","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24849","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45118"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"apsb24-73.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T13:45:03Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45118","reference_id":"CVE-2024-45118","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45118"},{"reference_url":"https://github.com/advisories/GHSA-cg52-68fv-94qq","reference_id":"GHSA-cg52-68fv-94qq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cg52-68fv-94qq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33791?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3"},{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"}],"aliases":["CVE-2024-45118","GHSA-cg52-68fv-94qq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mccb-abc5-9yfs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40506?format=json","vulnerability_id":"VCID-ngx2-ewzf-xbd4","summary":"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to read files from the system outside of the intended directories via PHP filter chain and also can have a low-availability impact on the service. Exploitation of this issue does not require user interaction and scope is changed.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45117","reference_id":"","reference_type":"","scores":[{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49812","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49675","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45117"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L"},{"value":"6.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"apsb24-73.html","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L"},{"value":"6.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T14:07:29Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45117","reference_id":"CVE-2024-45117","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L"},{"value":"6.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45117"},{"reference_url":"https://github.com/advisories/GHSA-3fr3-gcqh-3m2g","reference_id":"GHSA-3fr3-gcqh-3m2g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3fr3-gcqh-3m2g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33791?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3"},{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"}],"aliases":["CVE-2024-45117","GHSA-3fr3-gcqh-3m2g"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ngx2-ewzf-xbd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124632?format=json","vulnerability_id":"VCID-ntst-nee5-63d3","summary":"Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24410","reference_id":"","reference_type":"","scores":[{"value":"0.01784","scoring_system":"epss","scoring_elements":"0.83137","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01784","scoring_system":"epss","scoring_elements":"0.83198","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24410"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24410","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24410"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:38Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-gjxp-46rq-wg4q","reference_id":"GHSA-gjxp-46rq-wg4q","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-gjxp-46rq-wg4q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377280?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24410","GHSA-gjxp-46rq-wg4q"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ntst-nee5-63d3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40624?format=json","vulnerability_id":"VCID-pb4n-m8cv-9bb7","summary":"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to have a low impact on integrity. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45125","reference_id":"","reference_type":"","scores":[{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21237","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21419","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45125"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"apsb24-73.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T14:06:28Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45125","reference_id":"CVE-2024-45125","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45125"},{"reference_url":"https://github.com/advisories/GHSA-xg36-8c2v-jpxh","reference_id":"GHSA-xg36-8c2v-jpxh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xg36-8c2v-jpxh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33791?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3"},{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"}],"aliases":["CVE-2024-45125","GHSA-xg36-8c2v-jpxh"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pb4n-m8cv-9bb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/87743?format=json","vulnerability_id":"VCID-pcm6-819d-6uhm","summary":"Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. Scope is changed.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54264","reference_id":"","reference_type":"","scores":[{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.44191","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.44038","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54264"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-94.html","reference_id":"apsb25-94.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:28Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-94.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54264","reference_id":"CVE-2025-54264","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54264"},{"reference_url":"https://github.com/advisories/GHSA-2768-5wmv-cfff","reference_id":"GHSA-2768-5wmv-cfff","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2768-5wmv-cfff"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34329?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p8"},{"url":"http://public2.vulnerablecode.io/api/packages/34331?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p3"},{"url":"http://public2.vulnerablecode.io/api/packages/34328?format=json","purl":"pkg:composer/magento/community-edition@2.4.9-alpha3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha3"}],"aliases":["CVE-2025-54264","GHSA-2768-5wmv-cfff"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pcm6-819d-6uhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124042?format=json","vulnerability_id":"VCID-pfvk-8q6r-e7c5","summary":"Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain elevated privileges. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24437","reference_id":"","reference_type":"","scores":[{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35704","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35884","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24437"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24437","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24437"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:48:35Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-469f-wf4f-3jjv","reference_id":"GHSA-469f-wf4f-3jjv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-469f-wf4f-3jjv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377280?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24437","GHSA-469f-wf4f-3jjv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pfvk-8q6r-e7c5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124216?format=json","vulnerability_id":"VCID-psnm-zaza-tuf9","summary":"Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24414","reference_id":"","reference_type":"","scores":[{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.803","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.80361","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24414"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24414","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24414"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:45Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-fhw6-3mj5-w9gv","reference_id":"GHSA-fhw6-3mj5-w9gv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fhw6-3mj5-w9gv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377280?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24414","GHSA-fhw6-3mj5-w9gv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-psnm-zaza-tuf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124011?format=json","vulnerability_id":"VCID-pu8a-r3v2-g7h9","summary":"Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24416","reference_id":"","reference_type":"","scores":[{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.803","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.80361","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24416"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24416","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24416"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:48Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-rjjw-g6hw-7pc9","reference_id":"GHSA-rjjw-g6hw-7pc9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rjjw-g6hw-7pc9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377280?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24416","GHSA-rjjw-g6hw-7pc9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pu8a-r3v2-g7h9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/116851?format=json","vulnerability_id":"VCID-q68u-w433-tqb9","summary":"Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to gain unauthorized access to protected resources by obtaining sensitive credential information. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27192","reference_id":"","reference_type":"","scores":[{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28266","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28067","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27192"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27192","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27192"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-26.html","reference_id":"apsb25-26.html","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T20:53:23Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-26.html"},{"reference_url":"https://github.com/advisories/GHSA-2r94-wm5v-4prx","reference_id":"GHSA-2r94-wm5v-4prx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2r94-wm5v-4prx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376302?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p5"},{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-27192","GHSA-2r94-wm5v-4prx"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q68u-w433-tqb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46597?format=json","vulnerability_id":"VCID-qbx1-jqke-v7hf","summary":"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user interaction and scope is changed.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39402","reference_id":"","reference_type":"","scores":[{"value":"0.0264","scoring_system":"epss","scoring_elements":"0.86093","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0264","scoring_system":"epss","scoring_elements":"0.86044","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39402"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"apsb24-61.html","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:12:09Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39402","reference_id":"CVE-2024-39402","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39402"},{"reference_url":"https://github.com/advisories/GHSA-2ff6-837j-hg5x","reference_id":"GHSA-2ff6-837j-hg5x","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2ff6-837j-hg5x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33001?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-141w-faqu-w3ay"},{"vulnerability":"VCID-16es-u6cy-u3g8"},{"vulnerability":"VCID-1mpb-gzr2-53ar"},{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-78hy-q8kh-kyh7"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-7j68-gund-4qhp"},{"vulnerability":"VCID-8gwb-c3ck-37f8"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-a6gj-zm14-aqhq"},{"vulnerability":"VCID-ax9q-y1rb-33b2"},{"vulnerability":"VCID-bfp1-cndf-d7d7"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dktm-v3jw-f7de"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-e2t8-b5yy-zkhn"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-ggtj-fbzy-87fx"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kfct-k5af-n7fu"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-mccb-abc5-9yfs"},{"vulnerability":"VCID-ngx2-ewzf-xbd4"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pb4n-m8cv-9bb7"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-rw4d-b9yt-mbhz"},{"vulnerability":"VCID-s45p-jru3-w3df"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twda-bvut-9bhp"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-vgz6-nvj3-xqft"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2"}],"aliases":["CVE-2024-39402","GHSA-2ff6-837j-hg5x"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qbx1-jqke-v7hf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124648?format=json","vulnerability_id":"VCID-qh9p-8b9r-mufh","summary":"Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24412","reference_id":"","reference_type":"","scores":[{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.803","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.80361","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24412"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24412","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24412"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:41Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-m4rg-mpp2-97px","reference_id":"GHSA-m4rg-mpp2-97px","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-m4rg-mpp2-97px"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377280?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24412","GHSA-m4rg-mpp2-97px"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qh9p-8b9r-mufh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46855?format=json","vulnerability_id":"VCID-qnpc-4r4b-3uhx","summary":"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39417","reference_id":"","reference_type":"","scores":[{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.54261","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.54386","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39417"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"apsb24-61.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:09:31Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39417","reference_id":"CVE-2024-39417","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39417"},{"reference_url":"https://github.com/advisories/GHSA-4xmj-f664-hv98","reference_id":"GHSA-4xmj-f664-hv98","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4xmj-f664-hv98"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33001?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-141w-faqu-w3ay"},{"vulnerability":"VCID-16es-u6cy-u3g8"},{"vulnerability":"VCID-1mpb-gzr2-53ar"},{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-78hy-q8kh-kyh7"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-7j68-gund-4qhp"},{"vulnerability":"VCID-8gwb-c3ck-37f8"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-a6gj-zm14-aqhq"},{"vulnerability":"VCID-ax9q-y1rb-33b2"},{"vulnerability":"VCID-bfp1-cndf-d7d7"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dktm-v3jw-f7de"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-e2t8-b5yy-zkhn"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-ggtj-fbzy-87fx"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kfct-k5af-n7fu"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-mccb-abc5-9yfs"},{"vulnerability":"VCID-ngx2-ewzf-xbd4"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pb4n-m8cv-9bb7"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-rw4d-b9yt-mbhz"},{"vulnerability":"VCID-s45p-jru3-w3df"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twda-bvut-9bhp"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-vgz6-nvj3-xqft"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2"}],"aliases":["CVE-2024-39417","GHSA-4xmj-f664-hv98"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qnpc-4r4b-3uhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124166?format=json","vulnerability_id":"VCID-rm7u-jwat-v7f1","summary":"Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11  and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access, leading to both a High impact to confidentiality and Low impact to integrity. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24409","reference_id":"","reference_type":"","scores":[{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34804","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34983","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24409"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24409","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24409"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-11T19:11:11Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-vw47-79jv-3598","reference_id":"GHSA-vw47-79jv-3598","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-vw47-79jv-3598"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377280?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24409","GHSA-vw47-79jv-3598"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rm7u-jwat-v7f1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40833?format=json","vulnerability_id":"VCID-rw4d-b9yt-mbhz","summary":"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45127","reference_id":"","reference_type":"","scores":[{"value":"0.01887","scoring_system":"epss","scoring_elements":"0.83639","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01887","scoring_system":"epss","scoring_elements":"0.8358","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45127"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"apsb24-73.html","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T13:55:55Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45127","reference_id":"CVE-2024-45127","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45127"},{"reference_url":"https://github.com/advisories/GHSA-c89g-gq5r-2xw2","reference_id":"GHSA-c89g-gq5r-2xw2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c89g-gq5r-2xw2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33791?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3"},{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"}],"aliases":["CVE-2024-45127","GHSA-c89g-gq5r-2xw2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rw4d-b9yt-mbhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40770?format=json","vulnerability_id":"VCID-s45p-jru3-w3df","summary":"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45133","reference_id":"","reference_type":"","scores":[{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28838","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28638","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45133"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"apsb24-73.html","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T13:54:05Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45133","reference_id":"CVE-2024-45133","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45133"},{"reference_url":"https://github.com/advisories/GHSA-j3mh-wx5f-2vhg","reference_id":"GHSA-j3mh-wx5f-2vhg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j3mh-wx5f-2vhg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33791?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3"},{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"}],"aliases":["CVE-2024-45133","GHSA-j3mh-wx5f-2vhg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s45p-jru3-w3df"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46443?format=json","vulnerability_id":"VCID-s7t9-h2jx-9bgr","summary":"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39416","reference_id":"","reference_type":"","scores":[{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55433","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55553","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39416"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"apsb24-61.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:11:27Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39416","reference_id":"CVE-2024-39416","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39416"},{"reference_url":"https://github.com/advisories/GHSA-4xgg-rw35-7mv5","reference_id":"GHSA-4xgg-rw35-7mv5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4xgg-rw35-7mv5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33001?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-141w-faqu-w3ay"},{"vulnerability":"VCID-16es-u6cy-u3g8"},{"vulnerability":"VCID-1mpb-gzr2-53ar"},{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-78hy-q8kh-kyh7"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-7j68-gund-4qhp"},{"vulnerability":"VCID-8gwb-c3ck-37f8"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-a6gj-zm14-aqhq"},{"vulnerability":"VCID-ax9q-y1rb-33b2"},{"vulnerability":"VCID-bfp1-cndf-d7d7"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dktm-v3jw-f7de"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-e2t8-b5yy-zkhn"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-ggtj-fbzy-87fx"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kfct-k5af-n7fu"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-mccb-abc5-9yfs"},{"vulnerability":"VCID-ngx2-ewzf-xbd4"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pb4n-m8cv-9bb7"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-rw4d-b9yt-mbhz"},{"vulnerability":"VCID-s45p-jru3-w3df"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twda-bvut-9bhp"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-vgz6-nvj3-xqft"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2"}],"aliases":["CVE-2024-39416","GHSA-4xgg-rw35-7mv5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s7t9-h2jx-9bgr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124016?format=json","vulnerability_id":"VCID-t4gd-uv9g-ukh5","summary":"Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Business Logic Error vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to circumvent intended security mechanisms by manipulating the logic of the application's operations causing limited data modification. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24425","reference_id":"","reference_type":"","scores":[{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.48044","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.48182","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24425"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24425","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24425"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:51:39Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-6ff8-jrfg-43hh","reference_id":"GHSA-6ff8-jrfg-43hh","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6ff8-jrfg-43hh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377280?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24425","GHSA-6ff8-jrfg-43hh"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t4gd-uv9g-ukh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40636?format=json","vulnerability_id":"VCID-twda-bvut-9bhp","summary":"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45134","reference_id":"","reference_type":"","scores":[{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.30641","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.3084","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45134"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"apsb24-73.html","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T14:05:23Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45134","reference_id":"CVE-2024-45134","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45134"},{"reference_url":"https://github.com/advisories/GHSA-4f89-5cwm-rm5g","reference_id":"GHSA-4f89-5cwm-rm5g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4f89-5cwm-rm5g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33791?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3"},{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"}],"aliases":["CVE-2024-45134","GHSA-4f89-5cwm-rm5g"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-twda-bvut-9bhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97813?format=json","vulnerability_id":"VCID-twdq-g82m-nqcp","summary":"Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability by providing specially crafted input, causing the application to crash or become unresponsive. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49554","reference_id":"","reference_type":"","scores":[{"value":"0.01005","scoring_system":"epss","scoring_elements":"0.77538","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01005","scoring_system":"epss","scoring_elements":"0.77469","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49554"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49554","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49554"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-71.html","reference_id":"apsb25-71.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-13T14:18:27Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-71.html"},{"reference_url":"https://github.com/advisories/GHSA-xgfm-992v-h2hr","reference_id":"GHSA-xgfm-992v-h2hr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xgfm-992v-h2hr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377520?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-pcm6-819d-6uhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p7"},{"url":"http://public2.vulnerablecode.io/api/packages/377519?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-pcm6-819d-6uhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p2"},{"url":"http://public2.vulnerablecode.io/api/packages/377518?format=json","purl":"pkg:composer/magento/community-edition@2.4.9-alpha2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-pcm6-819d-6uhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha2"}],"aliases":["CVE-2025-49554","GHSA-xgfm-992v-h2hr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-twdq-g82m-nqcp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46640?format=json","vulnerability_id":"VCID-u52p-wrjp-quhk","summary":"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changeson behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39408","reference_id":"","reference_type":"","scores":[{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.67137","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.67045","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39408"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"apsb24-61.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:09:17Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39408","reference_id":"CVE-2024-39408","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39408"},{"reference_url":"https://github.com/advisories/GHSA-4cj6-f32v-6hgx","reference_id":"GHSA-4cj6-f32v-6hgx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4cj6-f32v-6hgx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33001?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-141w-faqu-w3ay"},{"vulnerability":"VCID-16es-u6cy-u3g8"},{"vulnerability":"VCID-1mpb-gzr2-53ar"},{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-78hy-q8kh-kyh7"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-7j68-gund-4qhp"},{"vulnerability":"VCID-8gwb-c3ck-37f8"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-a6gj-zm14-aqhq"},{"vulnerability":"VCID-ax9q-y1rb-33b2"},{"vulnerability":"VCID-bfp1-cndf-d7d7"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dktm-v3jw-f7de"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-e2t8-b5yy-zkhn"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-ggtj-fbzy-87fx"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kfct-k5af-n7fu"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-mccb-abc5-9yfs"},{"vulnerability":"VCID-ngx2-ewzf-xbd4"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pb4n-m8cv-9bb7"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-rw4d-b9yt-mbhz"},{"vulnerability":"VCID-s45p-jru3-w3df"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twda-bvut-9bhp"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-vgz6-nvj3-xqft"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2"}],"aliases":["CVE-2024-39408","GHSA-4cj6-f32v-6hgx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u52p-wrjp-quhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124757?format=json","vulnerability_id":"VCID-u9vz-axk1-fqfn","summary":"Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24415","reference_id":"","reference_type":"","scores":[{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.803","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.80361","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24415"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24415","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24415"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:47Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-gc27-rvvm-q77r","reference_id":"GHSA-gc27-rvvm-q77r","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-gc27-rvvm-q77r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377280?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24415","GHSA-gc27-rvvm-q77r"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u9vz-axk1-fqfn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40166?format=json","vulnerability_id":"VCID-vgz6-nvj3-xqft","summary":"Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality and integrity. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45131","reference_id":"","reference_type":"","scores":[{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32565","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32384","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45131"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html","reference_id":"apsb24-73.html","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T14:02:38Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-73.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45131","reference_id":"CVE-2024-45131","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45131"},{"reference_url":"https://github.com/advisories/GHSA-xc5p-773w-m3pm","reference_id":"GHSA-xc5p-773w-m3pm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xc5p-773w-m3pm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33791?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3"},{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"}],"aliases":["CVE-2024-45131","GHSA-xc5p-773w-m3pm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vgz6-nvj3-xqft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46849?format=json","vulnerability_id":"VCID-vwpg-z9en-6yej","summary":"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an admin attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a malicious link. Confidentiality and integrity impact is high as it affects other admin accounts.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39400","reference_id":"","reference_type":"","scores":[{"value":"0.01472","scoring_system":"epss","scoring_elements":"0.81419","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01472","scoring_system":"epss","scoring_elements":"0.81358","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39400"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"apsb24-61.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:12:38Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39400","reference_id":"CVE-2024-39400","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39400"},{"reference_url":"https://github.com/advisories/GHSA-52fg-wjxm-pp44","reference_id":"GHSA-52fg-wjxm-pp44","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-52fg-wjxm-pp44"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33001?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-141w-faqu-w3ay"},{"vulnerability":"VCID-16es-u6cy-u3g8"},{"vulnerability":"VCID-1mpb-gzr2-53ar"},{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-78hy-q8kh-kyh7"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-7j68-gund-4qhp"},{"vulnerability":"VCID-8gwb-c3ck-37f8"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-a6gj-zm14-aqhq"},{"vulnerability":"VCID-ax9q-y1rb-33b2"},{"vulnerability":"VCID-bfp1-cndf-d7d7"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dktm-v3jw-f7de"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-e2t8-b5yy-zkhn"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-ggtj-fbzy-87fx"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kfct-k5af-n7fu"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-mccb-abc5-9yfs"},{"vulnerability":"VCID-ngx2-ewzf-xbd4"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pb4n-m8cv-9bb7"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-rw4d-b9yt-mbhz"},{"vulnerability":"VCID-s45p-jru3-w3df"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twda-bvut-9bhp"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-vgz6-nvj3-xqft"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2"}],"aliases":["CVE-2024-39400","GHSA-52fg-wjxm-pp44"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vwpg-z9en-6yej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46579?format=json","vulnerability_id":"VCID-wfdz-b6c4-quhq","summary":"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39411","reference_id":"","reference_type":"","scores":[{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.54261","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.54386","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39411"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"apsb24-61.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:11:14Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39411","reference_id":"CVE-2024-39411","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39411"},{"reference_url":"https://github.com/advisories/GHSA-qm77-mqf3-fmhq","reference_id":"GHSA-qm77-mqf3-fmhq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qm77-mqf3-fmhq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33001?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-141w-faqu-w3ay"},{"vulnerability":"VCID-16es-u6cy-u3g8"},{"vulnerability":"VCID-1mpb-gzr2-53ar"},{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-78hy-q8kh-kyh7"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-7j68-gund-4qhp"},{"vulnerability":"VCID-8gwb-c3ck-37f8"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-a6gj-zm14-aqhq"},{"vulnerability":"VCID-ax9q-y1rb-33b2"},{"vulnerability":"VCID-bfp1-cndf-d7d7"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dktm-v3jw-f7de"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-e2t8-b5yy-zkhn"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-ggtj-fbzy-87fx"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kfct-k5af-n7fu"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-mccb-abc5-9yfs"},{"vulnerability":"VCID-ngx2-ewzf-xbd4"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pb4n-m8cv-9bb7"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-rw4d-b9yt-mbhz"},{"vulnerability":"VCID-s45p-jru3-w3df"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twda-bvut-9bhp"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-vgz6-nvj3-xqft"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2"}],"aliases":["CVE-2024-39411","GHSA-qm77-mqf3-fmhq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wfdz-b6c4-quhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124857?format=json","vulnerability_id":"VCID-wxkj-7zgv-x7bc","summary":"Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this race condition to alter a condition after it has been checked but before it is used, potentially bypassing rate limiting mechanisms. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24430","reference_id":"","reference_type":"","scores":[{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27887","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27686","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24430"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24430","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24430"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:48:47Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-6w27-c66f-gvhq","reference_id":"GHSA-6w27-c66f-gvhq","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6w27-c66f-gvhq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377280?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24430","GHSA-6w27-c66f-gvhq"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wxkj-7zgv-x7bc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/117249?format=json","vulnerability_id":"VCID-xgh4-b9yn-dkh4","summary":"Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited write access. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27206","reference_id":"","reference_type":"","scores":[{"value":"0.00706","scoring_system":"epss","scoring_elements":"0.72594","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00706","scoring_system":"epss","scoring_elements":"0.72671","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27206"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27206","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27206"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-50.html","reference_id":"apsb25-50.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T18:08:33Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-50.html"},{"reference_url":"https://github.com/advisories/GHSA-g2pj-xmxq-3r9q","reference_id":"GHSA-g2pj-xmxq-3r9q","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-g2pj-xmxq-3r9q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/378548?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p6"},{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/34327?format=json","purl":"pkg:composer/magento/community-edition@2.4.9-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha1"}],"aliases":["CVE-2025-27206","GHSA-g2pj-xmxq-3r9q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xgh4-b9yn-dkh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88657?format=json","vulnerability_id":"VCID-xjd4-w9bn-mbex","summary":"Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access leading to a limited impact to confidentiality and a high impact to integrity. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-43585","reference_id":"","reference_type":"","scores":[{"value":"0.00591","scoring_system":"epss","scoring_elements":"0.69786","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00591","scoring_system":"epss","scoring_elements":"0.69695","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-43585"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-43585","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-43585"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-50.html","reference_id":"apsb25-50.html","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T17:23:05Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-50.html"},{"reference_url":"https://github.com/advisories/GHSA-r487-9vv5-75gg","reference_id":"GHSA-r487-9vv5-75gg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-r487-9vv5-75gg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/378548?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p6"},{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/34327?format=json","purl":"pkg:composer/magento/community-edition@2.4.9-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha1"}],"aliases":["CVE-2025-43585","GHSA-r487-9vv5-75gg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xjd4-w9bn-mbex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46765?format=json","vulnerability_id":"VCID-xmby-7b1y-v3cn","summary":"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39404","reference_id":"","reference_type":"","scores":[{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47859","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.48","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39404"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html","reference_id":"apsb24-61.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-14T14:12:52Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39404","reference_id":"CVE-2024-39404","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39404"},{"reference_url":"https://github.com/advisories/GHSA-qrh3-vxjg-h9h6","reference_id":"GHSA-qrh3-vxjg-h9h6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qrh3-vxjg-h9h6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33001?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-141w-faqu-w3ay"},{"vulnerability":"VCID-16es-u6cy-u3g8"},{"vulnerability":"VCID-1mpb-gzr2-53ar"},{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-78hy-q8kh-kyh7"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-7j68-gund-4qhp"},{"vulnerability":"VCID-8gwb-c3ck-37f8"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-a6gj-zm14-aqhq"},{"vulnerability":"VCID-ax9q-y1rb-33b2"},{"vulnerability":"VCID-bfp1-cndf-d7d7"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dktm-v3jw-f7de"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-e2t8-b5yy-zkhn"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-ggtj-fbzy-87fx"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kfct-k5af-n7fu"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-mccb-abc5-9yfs"},{"vulnerability":"VCID-ngx2-ewzf-xbd4"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pb4n-m8cv-9bb7"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-rw4d-b9yt-mbhz"},{"vulnerability":"VCID-s45p-jru3-w3df"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twda-bvut-9bhp"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-vgz6-nvj3-xqft"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2"}],"aliases":["CVE-2024-39404","GHSA-qrh3-vxjg-h9h6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xmby-7b1y-v3cn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97932?format=json","vulnerability_id":"VCID-xqc4-jf6e-abfg","summary":"Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized access. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49549","reference_id":"","reference_type":"","scores":[{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.67108","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.67016","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49549"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49549","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49549"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-50.html","reference_id":"apsb25-50.html","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T18:12:28Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-50.html"},{"reference_url":"https://github.com/advisories/GHSA-85jx-x9r4-45m2","reference_id":"GHSA-85jx-x9r4-45m2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-85jx-x9r4-45m2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/378548?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p6"},{"url":"http://public2.vulnerablecode.io/api/packages/34330?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vq9-br2m-dbby"},{"vulnerability":"VCID-313z-h2v4-c3fr"},{"vulnerability":"VCID-3a8p-9krx-23e8"},{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-5edy-fp8q-97fp"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-9gbf-swtt-7bhz"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-ctrj-y3d6-a7dv"},{"vulnerability":"VCID-cyy2-3rr3-jkc8"},{"vulnerability":"VCID-d9zc-rh9p-4bde"},{"vulnerability":"VCID-dytj-h56v-bke9"},{"vulnerability":"VCID-esjc-zzqy-nycf"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-ferd-u8gt-akds"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gac9-1nnp-67cc"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-gzga-qjaf-kugh"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-kjc9-vrhf-hfav"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-ntst-nee5-63d3"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-pfvk-8q6r-e7c5"},{"vulnerability":"VCID-psnm-zaza-tuf9"},{"vulnerability":"VCID-pu8a-r3v2-g7h9"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-qh9p-8b9r-mufh"},{"vulnerability":"VCID-rm7u-jwat-v7f1"},{"vulnerability":"VCID-t4gd-uv9g-ukh5"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-u9vz-axk1-fqfn"},{"vulnerability":"VCID-wxkj-7zgv-x7bc"},{"vulnerability":"VCID-z97t-ffda-vfes"},{"vulnerability":"VCID-za87-d5x9-wuby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/34327?format=json","purl":"pkg:composer/magento/community-edition@2.4.9-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha1"}],"aliases":["CVE-2025-49549","GHSA-85jx-x9r4-45m2"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xqc4-jf6e-abfg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/119460?format=json","vulnerability_id":"VCID-z97t-ffda-vfes","summary":"Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Scope is changed to that of other high-privileged accounts, leading to a high impact on confidentiality, integrity, and availability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47110","reference_id":"","reference_type":"","scores":[{"value":"0.00709","scoring_system":"epss","scoring_elements":"0.72759","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00709","scoring_system":"epss","scoring_elements":"0.72682","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47110"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-47110","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-47110"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-50.html","reference_id":"apsb25-50.html","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-10T18:09:25Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-50.html"},{"reference_url":"https://github.com/advisories/GHSA-j934-vjh5-vf9r","reference_id":"GHSA-j934-vjh5-vf9r","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-j934-vjh5-vf9r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/378548?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p6"},{"url":"http://public2.vulnerablecode.io/api/packages/378782?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-p1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p1"},{"url":"http://public2.vulnerablecode.io/api/packages/34327?format=json","purl":"pkg:composer/magento/community-edition@2.4.9-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha1"}],"aliases":["CVE-2025-47110","GHSA-j934-vjh5-vf9r"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z97t-ffda-vfes"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124512?format=json","vulnerability_id":"VCID-za87-d5x9-wuby","summary":"Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24413","reference_id":"","reference_type":"","scores":[{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.803","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.80361","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24413"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24413","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24413"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"apsb25-08.html","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:44Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://github.com/advisories/GHSA-xwgx-8v72-4j5j","reference_id":"GHSA-xwgx-8v72-4j5j","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xwgx-8v72-4j5j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377280?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-53sd-5nuj-e7d9"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-bvfd-gs5b-dyg7"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gakd-m2af-z7c2"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-kxjv-xm7r-hkhs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-q68u-w433-tqb9"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-xgh4-b9yn-dkh4"},{"vulnerability":"VCID-xjd4-w9bn-mbex"},{"vulnerability":"VCID-xqc4-jf6e-abfg"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/376306?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nqq-nrne-17a2"},{"vulnerability":"VCID-6d1u-exkw-hbfu"},{"vulnerability":"VCID-7bmk-3ab2-9ba6"},{"vulnerability":"VCID-9gb1-p5qf-3kd2"},{"vulnerability":"VCID-eusf-bc81-9uhv"},{"vulnerability":"VCID-fqkf-67fw-cyb8"},{"vulnerability":"VCID-gx3s-7cxk-pyfc"},{"vulnerability":"VCID-h2ju-dedu-fqad"},{"vulnerability":"VCID-jc6r-vmnc-r3g9"},{"vulnerability":"VCID-ktnj-j4xu-uufs"},{"vulnerability":"VCID-pcm6-819d-6uhm"},{"vulnerability":"VCID-twdq-g82m-nqcp"},{"vulnerability":"VCID-z97t-ffda-vfes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24413","GHSA-xwgx-8v72-4j5j"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-za87-d5x9-wuby"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p1"}