{"url":"http://public2.vulnerablecode.io/api/packages/561991?format=json","purl":"pkg:composer/magento/project-community-edition@0.74.0-beta5","type":"composer","namespace":"magento","name":"project-community-edition","version":"0.74.0-beta5","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.9.4+3","latest_non_vulnerable_version":"1.9.4+3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210321?format=json","vulnerability_id":"VCID-164z-z5n3-wuhx","summary":"Magento Insufficient Session Expiration","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21031","reference_id":"","reference_type":"","scores":[{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38112","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21031"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb21-08.html","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://helpx.adobe.com/security/products/magento/apsb21-08.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21031","reference_id":"CVE-2021-21031","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21031"},{"reference_url":"https://github.com/advisories/GHSA-4h3p-63x6-vwg2","reference_id":"GHSA-4h3p-63x6-vwg2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4h3p-63x6-vwg2"}],"fixed_packages":[],"aliases":["CVE-2021-21031","GHSA-4h3p-63x6-vwg2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-164z-z5n3-wuhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210317?format=json","vulnerability_id":"VCID-1bn5-82qw-k3a6","summary":"Magento stored cross-site scripting vulnerability in the admin console","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21023","reference_id":"","reference_type":"","scores":[{"value":"0.03783","scoring_system":"epss","scoring_elements":"0.88329","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21023"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb21-08.html","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://helpx.adobe.com/security/products/magento/apsb21-08.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21023","reference_id":"CVE-2021-21023","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21023"},{"reference_url":"https://github.com/advisories/GHSA-h5rm-m772-6qcx","reference_id":"GHSA-h5rm-m772-6qcx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h5rm-m772-6qcx"}],"fixed_packages":[],"aliases":["CVE-2021-21023","GHSA-h5rm-m772-6qcx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1bn5-82qw-k3a6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55347?format=json","vulnerability_id":"VCID-1bw2-wubb-hqdf","summary":"Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to trick a victim into performing actions they did not intend to do, which could be used to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction, typically in the form of the victim clicking a link or visiting a malicious website.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-20718","reference_id":"","reference_type":"","scores":[{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.3052","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-20718"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-03.html","reference_id":"apsb24-03.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-29T17:27:46Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-03.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-20718","reference_id":"CVE-2024-20718","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-20718"},{"reference_url":"https://github.com/advisories/GHSA-hqgj-4396-hmxv","reference_id":"GHSA-hqgj-4396-hmxv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hqgj-4396-hmxv"}],"fixed_packages":[],"aliases":["CVE-2024-20718","GHSA-hqgj-4396-hmxv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1bw2-wubb-hqdf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/155725?format=json","vulnerability_id":"VCID-1nhy-rppa-3ugt","summary":"Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36023","reference_id":"","reference_type":"","scores":[{"value":"0.1628","scoring_system":"epss","scoring_elements":"0.94979","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36023"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36023","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36023"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb21-64.html","reference_id":"apsb21-64.html","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T21:52:38Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb21-64.html"},{"reference_url":"https://github.com/advisories/GHSA-8cjg-f53m-8m9q","reference_id":"GHSA-8cjg-f53m-8m9q","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8cjg-f53m-8m9q"}],"fixed_packages":[],"aliases":["CVE-2021-36023","GHSA-8cjg-f53m-8m9q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1nhy-rppa-3ugt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210534?format=json","vulnerability_id":"VCID-29d9-8pwn-xuew","summary":"Magento XML Injection vulnerability in the 'City' field","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36020","reference_id":"","reference_type":"","scores":[{"value":"0.31066","scoring_system":"epss","scoring_elements":"0.96862","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36020"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36020","reference_id":"CVE-2021-36020","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36020"},{"reference_url":"https://github.com/advisories/GHSA-xvpx-6hh8-7h72","reference_id":"GHSA-xvpx-6hh8-7h72","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xvpx-6hh8-7h72"}],"fixed_packages":[],"aliases":["CVE-2021-36020","GHSA-xvpx-6hh8-7h72"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-29d9-8pwn-xuew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210520?format=json","vulnerability_id":"VCID-2cra-khmt-jfgr","summary":"Magento has a  file extension restrictions bypass","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36040","reference_id":"","reference_type":"","scores":[{"value":"0.03446","scoring_system":"epss","scoring_elements":"0.8777","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36040"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36040","reference_id":"CVE-2021-36040","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36040"},{"reference_url":"https://github.com/advisories/GHSA-2pq5-gpqf-g4r3","reference_id":"GHSA-2pq5-gpqf-g4r3","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2pq5-gpqf-g4r3"}],"fixed_packages":[],"aliases":["CVE-2021-36040","GHSA-2pq5-gpqf-g4r3"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2cra-khmt-jfgr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/332169?format=json","vulnerability_id":"VCID-2pwj-32vy-c7cx","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9630","reference_id":"","reference_type":"","scores":[{"value":"0.00844","scoring_system":"epss","scoring_elements":"0.75215","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9630"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb20-22.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://helpx.adobe.com/security/products/magento/apsb20-22.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9630","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9630"},{"reference_url":"https://github.com/advisories/GHSA-5j4w-v87m-8r65","reference_id":"GHSA-5j4w-v87m-8r65","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5j4w-v87m-8r65"}],"fixed_packages":[],"aliases":["CVE-2020-9630","GHSA-5j4w-v87m-8r65"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2pwj-32vy-c7cx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210450?format=json","vulnerability_id":"VCID-2sac-dap5-67cm","summary":"Magento Improper input validation vulnerability","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28585","reference_id":"","reference_type":"","scores":[{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.58029","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28585"},{"reference_url":"https://github.com/magento/magento2/commit/1bd5cb8c065e44779526c0b044ce19b884707695","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/1bd5cb8c065e44779526c0b044ce19b884707695"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb21-30.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://helpx.adobe.com/security/products/magento/apsb21-30.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28585","reference_id":"CVE-2021-28585","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28585"},{"reference_url":"https://github.com/advisories/GHSA-c38m-9668-6j2w","reference_id":"GHSA-c38m-9668-6j2w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c38m-9668-6j2w"}],"fixed_packages":[],"aliases":["CVE-2021-28585","GHSA-c38m-9668-6j2w"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2sac-dap5-67cm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/132328?format=json","vulnerability_id":"VCID-2tge-6ken-kqge","summary":"Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38208","reference_id":"","reference_type":"","scores":[{"value":"0.03849","scoring_system":"epss","scoring_elements":"0.88458","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38208"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38208","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38208"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-42.html","reference_id":"apsb23-42.html","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T21:53:29Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb23-42.html"},{"reference_url":"https://github.com/advisories/GHSA-mxc9-g6m4-2v35","reference_id":"GHSA-mxc9-g6m4-2v35","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mxc9-g6m4-2v35"}],"fixed_packages":[],"aliases":["CVE-2023-38208","GHSA-mxc9-g6m4-2v35"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2tge-6ken-kqge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210309?format=json","vulnerability_id":"VCID-2zcu-9c1u-2fhg","summary":"Magento vulnerable to a file upload restriction bypass","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21014","reference_id":"","reference_type":"","scores":[{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.59401","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21014"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://github.com/magento/magento2/commit/a2eb7e29ea92a8bbc86c3b6b81b59d8533088497","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/a2eb7e29ea92a8bbc86c3b6b81b59d8533088497"},{"reference_url":"https://github.com/magento/magento2/commit/a349e022c9ae070e7da262021f9ef182105aa00b","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/a349e022c9ae070e7da262021f9ef182105aa00b"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb21-08.html","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://helpx.adobe.com/security/products/magento/apsb21-08.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21014","reference_id":"CVE-2021-21014","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21014"},{"reference_url":"https://github.com/advisories/GHSA-269w-pqc7-68q9","reference_id":"GHSA-269w-pqc7-68q9","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-269w-pqc7-68q9"}],"fixed_packages":[],"aliases":["CVE-2021-21014","GHSA-269w-pqc7-68q9"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2zcu-9c1u-2fhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/167493?format=json","vulnerability_id":"VCID-3w11-7use-6kfv","summary":"Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by a Stored Cross-site Scripting vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-35698","reference_id":"","reference_type":"","scores":[{"value":"0.02186","scoring_system":"epss","scoring_elements":"0.84734","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-35698"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"7.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb22-48.html","reference_id":"apsb22-48.html","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"7.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:07:24Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb22-48.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-35698","reference_id":"CVE-2022-35698","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"7.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-35698"},{"reference_url":"https://github.com/advisories/GHSA-4vj2-426r-jm3g","reference_id":"GHSA-4vj2-426r-jm3g","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4vj2-426r-jm3g"}],"fixed_packages":[],"aliases":["CVE-2022-35698","GHSA-4vj2-426r-jm3g"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3w11-7use-6kfv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210320?format=json","vulnerability_id":"VCID-3w6r-qvwp-cudu","summary":"Magento stored cross-site scripting (XSS) in the customer address upload feature","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21030","reference_id":"","reference_type":"","scores":[{"value":"0.06281","scoring_system":"epss","scoring_elements":"0.91131","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21030"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb21-08.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://helpx.adobe.com/security/products/magento/apsb21-08.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21030","reference_id":"CVE-2021-21030","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21030"},{"reference_url":"https://github.com/advisories/GHSA-6988-g89m-27vf","reference_id":"GHSA-6988-g89m-27vf","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6988-g89m-27vf"}],"fixed_packages":[],"aliases":["CVE-2021-21030","GHSA-6988-g89m-27vf"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3w6r-qvwp-cudu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210535?format=json","vulnerability_id":"VCID-42ja-fh9j-fqcc","summary":"Magento XML Injection vulnerability in the Widgets Update Layout","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36022","reference_id":"","reference_type":"","scores":[{"value":"0.11326","scoring_system":"epss","scoring_elements":"0.9371","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36022"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36022","reference_id":"CVE-2021-36022","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36022"},{"reference_url":"https://github.com/advisories/GHSA-3x9x-vhqj-cv27","reference_id":"GHSA-3x9x-vhqj-cv27","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3x9x-vhqj-cv27"}],"fixed_packages":[],"aliases":["CVE-2021-36022","GHSA-3x9x-vhqj-cv27"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-42ja-fh9j-fqcc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/132289?format=json","vulnerability_id":"VCID-466x-mpt9-gbgy","summary":"Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38249","reference_id":"","reference_type":"","scores":[{"value":"0.01841","scoring_system":"epss","scoring_elements":"0.83373","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38249"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38249","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38249"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-50.html","reference_id":"apsb23-50.html","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T21:49:36Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb23-50.html"},{"reference_url":"https://github.com/advisories/GHSA-rq36-9f5f-2gw7","reference_id":"GHSA-rq36-9f5f-2gw7","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rq36-9f5f-2gw7"}],"fixed_packages":[],"aliases":["CVE-2023-38249","GHSA-rq36-9f5f-2gw7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-466x-mpt9-gbgy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210522?format=json","vulnerability_id":"VCID-4dqv-w8zx-jbfx","summary":"Magento vulnerable to file upload attack","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36041","reference_id":"","reference_type":"","scores":[{"value":"0.05476","scoring_system":"epss","scoring_elements":"0.9041","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36041"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36041","reference_id":"CVE-2021-36041","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36041"},{"reference_url":"https://github.com/advisories/GHSA-mx5m-j5xr-jg8c","reference_id":"GHSA-mx5m-j5xr-jg8c","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mx5m-j5xr-jg8c"}],"fixed_packages":[],"aliases":["CVE-2021-36041","GHSA-mx5m-j5xr-jg8c"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4dqv-w8zx-jbfx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210521?format=json","vulnerability_id":"VCID-5a9b-cba8-mbas","summary":"Magento discloses sensitive information via the Multishipping Module","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36038","reference_id":"","reference_type":"","scores":[{"value":"0.01462","scoring_system":"epss","scoring_elements":"0.81284","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36038"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36038","reference_id":"CVE-2021-36038","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36038"},{"reference_url":"https://github.com/advisories/GHSA-wgpr-9675-8r67","reference_id":"GHSA-wgpr-9675-8r67","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wgpr-9675-8r67"}],"fixed_packages":[],"aliases":["CVE-2021-36038","GHSA-wgpr-9675-8r67"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5a9b-cba8-mbas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210515?format=json","vulnerability_id":"VCID-68y4-rbft-7qd4","summary":"Magento affected by a server-side denial-of-service using a GraphQL field","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36044","reference_id":"","reference_type":"","scores":[{"value":"0.01739","scoring_system":"epss","scoring_elements":"0.8292","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36044"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36044","reference_id":"CVE-2021-36044","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36044"},{"reference_url":"https://github.com/advisories/GHSA-wr57-3h2f-3q95","reference_id":"GHSA-wr57-3h2f-3q95","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wr57-3h2f-3q95"}],"fixed_packages":[],"aliases":["CVE-2021-36044","GHSA-wr57-3h2f-3q95"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-68y4-rbft-7qd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/132216?format=json","vulnerability_id":"VCID-6gtw-hr2w-5fcd","summary":"Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Incorrect Authorization vulnerability that could lead to a Security feature bypass. A low-privileged attacker could leverage this vulnerability to access other user's data. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38209","reference_id":"","reference_type":"","scores":[{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42226","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38209"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38209","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38209"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-42.html","reference_id":"apsb23-42.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:50:38Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb23-42.html"},{"reference_url":"https://github.com/advisories/GHSA-3vg2-v639-6ch9","reference_id":"GHSA-3vg2-v639-6ch9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3vg2-v639-6ch9"}],"fixed_packages":[],"aliases":["CVE-2023-38209","GHSA-3vg2-v639-6ch9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6gtw-hr2w-5fcd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/140464?format=json","vulnerability_id":"VCID-7hqr-a671-wfhq","summary":"Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29292","reference_id":"","reference_type":"","scores":[{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.65007","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29292"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29292","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29292"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html","reference_id":"apsb23-35.html","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:36:16Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html"},{"reference_url":"https://github.com/advisories/GHSA-4588-7x48-jrgj","reference_id":"GHSA-4588-7x48-jrgj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4588-7x48-jrgj"}],"fixed_packages":[],"aliases":["CVE-2023-29292","GHSA-4588-7x48-jrgj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7hqr-a671-wfhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210452?format=json","vulnerability_id":"VCID-7nw6-fepu-jqg1","summary":"Magento Violation of Secure Design Principles vulnerability in RMA PDF filename formats","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28583","reference_id":"","reference_type":"","scores":[{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67704","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28583"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://github.com/magento/magento2/commit/1bd5cb8c065e44779526c0b044ce19b884707695","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/1bd5cb8c065e44779526c0b044ce19b884707695"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb21-30.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://helpx.adobe.com/security/products/magento/apsb21-30.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28583","reference_id":"CVE-2021-28583","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28583"},{"reference_url":"https://github.com/advisories/GHSA-7gh6-f4jh-3crq","reference_id":"GHSA-7gh6-f4jh-3crq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7gh6-f4jh-3crq"}],"fixed_packages":[],"aliases":["CVE-2021-28583","GHSA-7gh6-f4jh-3crq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7nw6-fepu-jqg1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210517?format=json","vulnerability_id":"VCID-7ygu-rw4h-gqea","summary":"Magento discloses sensitive information","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36039","reference_id":"","reference_type":"","scores":[{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74517","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36039"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36039","reference_id":"CVE-2021-36039","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36039"},{"reference_url":"https://github.com/advisories/GHSA-3g7m-g8qm-x6j5","reference_id":"GHSA-3g7m-g8qm-x6j5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3g7m-g8qm-x6j5"}],"fixed_packages":[],"aliases":["CVE-2021-36039","GHSA-3g7m-g8qm-x6j5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7ygu-rw4h-gqea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/132240?format=json","vulnerability_id":"VCID-8hfe-bt2u-37f9","summary":"Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38221","reference_id":"","reference_type":"","scores":[{"value":"0.01841","scoring_system":"epss","scoring_elements":"0.83373","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38221"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38221","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38221"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-50.html","reference_id":"apsb23-50.html","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T21:49:37Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb23-50.html"},{"reference_url":"https://github.com/advisories/GHSA-ggr8-3hwx-4f2m","reference_id":"GHSA-ggr8-3hwx-4f2m","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-ggr8-3hwx-4f2m"}],"fixed_packages":[],"aliases":["CVE-2023-38221","GHSA-ggr8-3hwx-4f2m"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8hfe-bt2u-37f9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/140418?format=json","vulnerability_id":"VCID-8r3a-tuwb-k3f5","summary":"Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29291","reference_id":"","reference_type":"","scores":[{"value":"0.00566","scoring_system":"epss","scoring_elements":"0.68942","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29291"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29291","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29291"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html","reference_id":"apsb23-35.html","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:36:20Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html"},{"reference_url":"https://github.com/advisories/GHSA-5f79-vhr4-vw2r","reference_id":"GHSA-5f79-vhr4-vw2r","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5f79-vhr4-vw2r"}],"fixed_packages":[],"aliases":["CVE-2023-29291","GHSA-5f79-vhr4-vw2r"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8r3a-tuwb-k3f5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55317?format=json","vulnerability_id":"VCID-96hr-sbyj-27dw","summary":"Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Confidentiality and integrity are considered high due to having admin impact.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-20759","reference_id":"","reference_type":"","scores":[{"value":"0.01627","scoring_system":"epss","scoring_elements":"0.82284","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-20759"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"6.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-18.html","reference_id":"apsb24-18.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"6.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-11T04:01:07Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-18.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-20759","reference_id":"CVE-2024-20759","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"6.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-20759"},{"reference_url":"https://github.com/advisories/GHSA-59vf-hjxc-f9c5","reference_id":"GHSA-59vf-hjxc-f9c5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-59vf-hjxc-f9c5"}],"fixed_packages":[],"aliases":["CVE-2024-20759","GHSA-59vf-hjxc-f9c5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-96hr-sbyj-27dw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/149530?format=json","vulnerability_id":"VCID-9kv7-4rer-m3fs","summary":"Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Incorrect Authorization vulnerability. A low-privileged authenticated attacker could leverage this vulnerability to achieve minor information disclosure.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22251","reference_id":"","reference_type":"","scores":[{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41938","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22251"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22251","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22251"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-17.html","reference_id":"apsb23-17.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:39:47Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb23-17.html"},{"reference_url":"https://github.com/advisories/GHSA-2wm7-mmgc-qxr3","reference_id":"GHSA-2wm7-mmgc-qxr3","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2wm7-mmgc-qxr3"}],"fixed_packages":[],"aliases":["CVE-2023-22251","GHSA-2wm7-mmgc-qxr3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9kv7-4rer-m3fs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210310?format=json","vulnerability_id":"VCID-9qq4-5w4p-wfez","summary":"Magento XPath Injection","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21025","reference_id":"","reference_type":"","scores":[{"value":"0.04724","scoring_system":"epss","scoring_elements":"0.89631","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21025"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb21-08.html","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://helpx.adobe.com/security/products/magento/apsb21-08.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21025","reference_id":"CVE-2021-21025","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21025"},{"reference_url":"https://github.com/advisories/GHSA-h437-qjj9-vmq4","reference_id":"GHSA-h437-qjj9-vmq4","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h437-qjj9-vmq4"}],"fixed_packages":[],"aliases":["CVE-2021-21025","GHSA-h437-qjj9-vmq4"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9qq4-5w4p-wfez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210657?format=json","vulnerability_id":"VCID-9yw4-j8uq-guaz","summary":"Magento stored cross-site scripting vulnerability","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36027","reference_id":"","reference_type":"","scores":[{"value":"0.01528","scoring_system":"epss","scoring_elements":"0.81702","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36027"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36027","reference_id":"CVE-2021-36027","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36027"},{"reference_url":"https://github.com/advisories/GHSA-x2v2-2jhp-c5hv","reference_id":"GHSA-x2v2-2jhp-c5hv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x2v2-2jhp-c5hv"}],"fixed_packages":[],"aliases":["CVE-2021-36027","GHSA-x2v2-2jhp-c5hv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9yw4-j8uq-guaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/131940?format=json","vulnerability_id":"VCID-afft-etfr-n3ep","summary":"Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by a XML Injection (aka Blind XPath Injection) vulnerability that could lead in minor arbitrary file system read. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38207","reference_id":"","reference_type":"","scores":[{"value":"0.01147","scoring_system":"epss","scoring_elements":"0.78879","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38207"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38207","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38207"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-42.html","reference_id":"apsb23-42.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:50:21Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb23-42.html"},{"reference_url":"https://github.com/advisories/GHSA-rpv2-g4pc-wp72","reference_id":"GHSA-rpv2-g4pc-wp72","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rpv2-g4pc-wp72"}],"fixed_packages":[],"aliases":["CVE-2023-38207","GHSA-rpv2-g4pc-wp72"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-afft-etfr-n3ep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/332116?format=json","vulnerability_id":"VCID-b5rs-kmfc-b7ae","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9576","reference_id":"","reference_type":"","scores":[{"value":"0.031","scoring_system":"epss","scoring_elements":"0.87093","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9576"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://github.com/magento/magento2/commit/52d92dbd07f09620d23693ba0c4d4bdb4ba09916","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/52d92dbd07f09620d23693ba0c4d4bdb4ba09916"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb20-22.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://helpx.adobe.com/security/products/magento/apsb20-22.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9576","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9576"},{"reference_url":"https://github.com/advisories/GHSA-4f7x-gjqc-qqpg","reference_id":"GHSA-4f7x-gjqc-qqpg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4f7x-gjqc-qqpg"}],"fixed_packages":[],"aliases":["CVE-2020-9576","GHSA-4f7x-gjqc-qqpg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b5rs-kmfc-b7ae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210516?format=json","vulnerability_id":"VCID-bbvn-enze-yyb6","summary":"Magento affected by a blind SSRF vulnerability in the bundled dotmailer extension","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36043","reference_id":"","reference_type":"","scores":[{"value":"0.0261","scoring_system":"epss","scoring_elements":"0.85972","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36043"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36043","reference_id":"CVE-2021-36043","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36043"},{"reference_url":"https://github.com/advisories/GHSA-36xq-7w8w-xp68","reference_id":"GHSA-36xq-7w8w-xp68","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-36xq-7w8w-xp68"}],"fixed_packages":[],"aliases":["CVE-2021-36043","GHSA-36xq-7w8w-xp68"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bbvn-enze-yyb6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/332120?format=json","vulnerability_id":"VCID-bxr5-e3nd-73dr","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9580","reference_id":"","reference_type":"","scores":[{"value":"0.0622","scoring_system":"epss","scoring_elements":"0.91079","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9580"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://github.com/magento/magento2/commit/52d92dbd07f09620d23693ba0c4d4bdb4ba09916","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/52d92dbd07f09620d23693ba0c4d4bdb4ba09916"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb20-22.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://helpx.adobe.com/security/products/magento/apsb20-22.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9580","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9580"},{"reference_url":"https://github.com/advisories/GHSA-j2jp-58gv-g2pg","reference_id":"GHSA-j2jp-58gv-g2pg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-j2jp-58gv-g2pg"}],"fixed_packages":[],"aliases":["CVE-2020-9580","GHSA-j2jp-58gv-g2pg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bxr5-e3nd-73dr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/332170?format=json","vulnerability_id":"VCID-c7fp-hh37-nyfk","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9631","reference_id":"","reference_type":"","scores":[{"value":"0.07683","scoring_system":"epss","scoring_elements":"0.92094","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9631"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb20-22.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://helpx.adobe.com/security/products/magento/apsb20-22.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9631","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9631"},{"reference_url":"https://github.com/advisories/GHSA-gffx-9f36-r8wp","reference_id":"GHSA-gffx-9f36-r8wp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-gffx-9f36-r8wp"}],"fixed_packages":[],"aliases":["CVE-2020-9631","GHSA-gffx-9f36-r8wp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c7fp-hh37-nyfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/332121?format=json","vulnerability_id":"VCID-cp9m-gxkz-ebf5","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9581","reference_id":"","reference_type":"","scores":[{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.55406","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9581"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://github.com/magento/magento2/commit/52d92dbd07f09620d23693ba0c4d4bdb4ba09916","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/52d92dbd07f09620d23693ba0c4d4bdb4ba09916"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb20-22.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://helpx.adobe.com/security/products/magento/apsb20-22.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9581","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9581"},{"reference_url":"https://github.com/advisories/GHSA-2w2x-7qgj-4x78","reference_id":"GHSA-2w2x-7qgj-4x78","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2w2x-7qgj-4x78"}],"fixed_packages":[],"aliases":["CVE-2020-9581","GHSA-2w2x-7qgj-4x78"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cp9m-gxkz-ebf5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/332128?format=json","vulnerability_id":"VCID-cq15-uetg-77fp","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9588","reference_id":"","reference_type":"","scores":[{"value":"0.01185","scoring_system":"epss","scoring_elements":"0.792","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9588"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb20-22.html","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://helpx.adobe.com/security/products/magento/apsb20-22.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9588","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9588"},{"reference_url":"https://github.com/advisories/GHSA-j2r4-2cr6-h3r3","reference_id":"GHSA-j2r4-2cr6-h3r3","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-j2r4-2cr6-h3r3"}],"fixed_packages":[],"aliases":["CVE-2020-9588","GHSA-j2r4-2cr6-h3r3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cq15-uetg-77fp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210314?format=json","vulnerability_id":"VCID-cxfd-jhqn-m3bb","summary":"Magento Insecure Direct Object Reference (IDOR) in the product module","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21022","reference_id":"","reference_type":"","scores":[{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.35846","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21022"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb21-08.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://helpx.adobe.com/security/products/magento/apsb21-08.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21022","reference_id":"CVE-2021-21022","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21022"},{"reference_url":"https://github.com/advisories/GHSA-8pfq-g48p-x7w8","reference_id":"GHSA-8pfq-g48p-x7w8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8pfq-g48p-x7w8"}],"fixed_packages":[],"aliases":["CVE-2021-21022","GHSA-8pfq-g48p-x7w8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cxfd-jhqn-m3bb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/332122?format=json","vulnerability_id":"VCID-d6hb-89kc-nkb6","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9582","reference_id":"","reference_type":"","scores":[{"value":"0.0323","scoring_system":"epss","scoring_elements":"0.87355","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9582"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb20-22.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://helpx.adobe.com/security/products/magento/apsb20-22.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9582","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9582"},{"reference_url":"https://github.com/advisories/GHSA-c3m4-hxv9-4mxj","reference_id":"GHSA-c3m4-hxv9-4mxj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-c3m4-hxv9-4mxj"}],"fixed_packages":[],"aliases":["CVE-2020-9582","GHSA-c3m4-hxv9-4mxj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d6hb-89kc-nkb6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/149847?format=json","vulnerability_id":"VCID-df8h-8pgg-efg2","summary":"Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to leak another user's data. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22248","reference_id":"","reference_type":"","scores":[{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37925","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22248"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22248","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22248"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html","reference_id":"apsb23-35.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:39:10Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html"},{"reference_url":"https://github.com/advisories/GHSA-5jfg-phx7-7fxg","reference_id":"GHSA-5jfg-phx7-7fxg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5jfg-phx7-7fxg"}],"fixed_packages":[],"aliases":["CVE-2023-22248","GHSA-5jfg-phx7-7fxg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-df8h-8pgg-efg2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210531?format=json","vulnerability_id":"VCID-dj4m-m82g-7ybz","summary":"Magento allows attackers to alter the price of items","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36030","reference_id":"","reference_type":"","scores":[{"value":"0.01428","scoring_system":"epss","scoring_elements":"0.81064","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36030"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36030","reference_id":"CVE-2021-36030","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36030"},{"reference_url":"https://github.com/advisories/GHSA-rhff-65hp-55rw","reference_id":"GHSA-rhff-65hp-55rw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rhff-65hp-55rw"}],"fixed_packages":[],"aliases":["CVE-2021-36030","GHSA-rhff-65hp-55rw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dj4m-m82g-7ybz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/155702?format=json","vulnerability_id":"VCID-e22v-vjrd-v3gx","summary":"Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper access control vulnerability within Magento's Media Gallery Upload workflow. By storing a specially crafted file in the website gallery, an authenticated attacker with administrative privilege can gain access to delete the .htaccess file. This could result in the attacker achieving remote code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36036","reference_id":"","reference_type":"","scores":[{"value":"0.01566","scoring_system":"epss","scoring_elements":"0.81926","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36036"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36036","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36036"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb21-64.html","reference_id":"apsb21-64.html","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T21:52:37Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb21-64.html"},{"reference_url":"https://github.com/advisories/GHSA-wqr6-wv6c-p8fx","reference_id":"GHSA-wqr6-wv6c-p8fx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wqr6-wv6c-p8fx"}],"fixed_packages":[],"aliases":["CVE-2021-36036","GHSA-wqr6-wv6c-p8fx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e22v-vjrd-v3gx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/132260?format=json","vulnerability_id":"VCID-e9g4-n5c8-6yf9","summary":"Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Payload is stored in an admin area, resulting in high confidentiality and integrity impact.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38219","reference_id":"","reference_type":"","scores":[{"value":"0.0152","scoring_system":"epss","scoring_elements":"0.8165","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38219"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38219","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38219"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-50.html","reference_id":"apsb23-50.html","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T21:49:34Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb23-50.html"},{"reference_url":"https://github.com/advisories/GHSA-3j7w-jp46-9752","reference_id":"GHSA-3j7w-jp46-9752","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3j7w-jp46-9752"}],"fixed_packages":[],"aliases":["CVE-2023-38219","GHSA-3j7w-jp46-9752"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e9g4-n5c8-6yf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/167687?format=json","vulnerability_id":"VCID-ebf6-hmqh-77ae","summary":"Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to leak minor information of another user's account detials. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-35692","reference_id":"","reference_type":"","scores":[{"value":"0.00513","scoring_system":"epss","scoring_elements":"0.67006","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-35692"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb22-38.html","reference_id":"apsb22-38.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:06:14Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb22-38.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-35692","reference_id":"CVE-2022-35692","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-35692"},{"reference_url":"https://github.com/advisories/GHSA-gm4m-9rm8-7rxj","reference_id":"GHSA-gm4m-9rm8-7rxj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gm4m-9rm8-7rxj"}],"fixed_packages":[],"aliases":["CVE-2022-35692","GHSA-gm4m-9rm8-7rxj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ebf6-hmqh-77ae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210529?format=json","vulnerability_id":"VCID-eebb-ec8n-fkh4","summary":"Magento is affected by an improper input validation vulnerability","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36032","reference_id":"","reference_type":"","scores":[{"value":"0.00646","scoring_system":"epss","scoring_elements":"0.71212","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36032"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36032","reference_id":"CVE-2021-36032","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36032"},{"reference_url":"https://github.com/advisories/GHSA-5vw8-r55w-f4q4","reference_id":"GHSA-5vw8-r55w-f4q4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5vw8-r55w-f4q4"}],"fixed_packages":[],"aliases":["CVE-2021-36032","GHSA-5vw8-r55w-f4q4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eebb-ec8n-fkh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/332224?format=json","vulnerability_id":"VCID-ek7b-5h7x-4bem","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9691","reference_id":"","reference_type":"","scores":[{"value":"0.02798","scoring_system":"epss","scoring_elements":"0.86427","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9691"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://github.com/magento/magento2/commit/9436781734e47c83e96977fa770d255217680d5e","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/9436781734e47c83e96977fa770d255217680d5e"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb20-47.html","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://helpx.adobe.com/security/products/magento/apsb20-47.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9691","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9691"},{"reference_url":"https://github.com/advisories/GHSA-g7pc-799q-743f","reference_id":"GHSA-g7pc-799q-743f","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-g7pc-799q-743f"}],"fixed_packages":[],"aliases":["CVE-2020-9691","GHSA-g7pc-799q-743f"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ek7b-5h7x-4bem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/173505?format=json","vulnerability_id":"VCID-eygz-u15g-mkgq","summary":"Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24093","reference_id":"","reference_type":"","scores":[{"value":"0.0149","scoring_system":"epss","scoring_elements":"0.81464","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24093"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24093","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24093"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb22-13.html","reference_id":"apsb22-13.html","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T21:51:54Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb22-13.html"},{"reference_url":"https://github.com/advisories/GHSA-5xmp-7wg5-x68q","reference_id":"GHSA-5xmp-7wg5-x68q","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5xmp-7wg5-x68q"}],"fixed_packages":[],"aliases":["CVE-2022-24093","GHSA-5xmp-7wg5-x68q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eygz-u15g-mkgq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/140949?format=json","vulnerability_id":"VCID-ezee-pmc6-tuc2","summary":"Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacker could leverage this vulnerability to modify a minor functionality of another user's data. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29288","reference_id":"","reference_type":"","scores":[{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37127","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29288"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29288","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29288"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html","reference_id":"apsb23-35.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:36:27Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html"},{"reference_url":"https://github.com/advisories/GHSA-f989-3fp9-q3r2","reference_id":"GHSA-f989-3fp9-q3r2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-f989-3fp9-q3r2"}],"fixed_packages":[],"aliases":["CVE-2023-29288","GHSA-f989-3fp9-q3r2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ezee-pmc6-tuc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210315?format=json","vulnerability_id":"VCID-fa8x-8f5h-vqdu","summary":"Magento Insufficient Session Expiration","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21032","reference_id":"","reference_type":"","scores":[{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38112","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21032"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb21-08.html","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://helpx.adobe.com/security/products/magento/apsb21-08.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21032","reference_id":"CVE-2021-21032","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21032"},{"reference_url":"https://github.com/advisories/GHSA-4jfq-f8hc-775q","reference_id":"GHSA-4jfq-f8hc-775q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4jfq-f8hc-775q"}],"fixed_packages":[],"aliases":["CVE-2021-21032","GHSA-4jfq-f8hc-775q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fa8x-8f5h-vqdu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/167540?format=json","vulnerability_id":"VCID-faxs-pnwr-8udn","summary":"Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-35689","reference_id":"","reference_type":"","scores":[{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65889","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-35689"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb22-48.html","reference_id":"apsb22-48.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:05:52Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb22-48.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-35689","reference_id":"CVE-2022-35689","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-35689"},{"reference_url":"https://github.com/advisories/GHSA-5fxx-jwjm-x9hj","reference_id":"GHSA-5fxx-jwjm-x9hj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5fxx-jwjm-x9hj"}],"fixed_packages":[],"aliases":["CVE-2022-35689","GHSA-5fxx-jwjm-x9hj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-faxs-pnwr-8udn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/131725?format=json","vulnerability_id":"VCID-fb5x-afrq-87aj","summary":"Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Uncontrolled Resource Consumption vulnerability that could lead in minor application denial-of-service. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38251","reference_id":"","reference_type":"","scores":[{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46154","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38251"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38251","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38251"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-50.html","reference_id":"apsb23-50.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:50:04Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb23-50.html"},{"reference_url":"https://github.com/advisories/GHSA-7pfc-834q-h497","reference_id":"GHSA-7pfc-834q-h497","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7pfc-834q-h497"}],"fixed_packages":[],"aliases":["CVE-2023-38251","GHSA-7pfc-834q-h497"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fb5x-afrq-87aj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/140629?format=json","vulnerability_id":"VCID-ff1h-49j6-fygj","summary":"Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An admin privileged attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29293","reference_id":"","reference_type":"","scores":[{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14216","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29293"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L"},{"value":"1.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29293","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L"},{"value":"1.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29293"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html","reference_id":"apsb23-35.html","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L"},{"value":"1.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:36:13Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html"},{"reference_url":"https://github.com/advisories/GHSA-66c9-xrwj-9xv6","reference_id":"GHSA-66c9-xrwj-9xv6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-66c9-xrwj-9xv6"}],"fixed_packages":[],"aliases":["CVE-2023-29293","GHSA-66c9-xrwj-9xv6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ff1h-49j6-fygj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55009?format=json","vulnerability_id":"VCID-fz2x-ms14-pkfs","summary":"Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field, that could be leveraged to gain admin access.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-20719","reference_id":"","reference_type":"","scores":[{"value":"0.01149","scoring_system":"epss","scoring_elements":"0.78899","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-20719"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-03.html","reference_id":"apsb24-03.html","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-21T05:00:29Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-03.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-20719","reference_id":"CVE-2024-20719","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-20719"},{"reference_url":"https://github.com/advisories/GHSA-264g-f7v8-q5qq","reference_id":"GHSA-264g-f7v8-q5qq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-264g-f7v8-q5qq"}],"fixed_packages":[],"aliases":["CVE-2024-20719","GHSA-264g-f7v8-q5qq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fz2x-ms14-pkfs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210453?format=json","vulnerability_id":"VCID-hg41-tf2t-4yew","summary":"Magento DOM-based Cross-Site Scripting vulnerability on mage-messages cookies","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28556","reference_id":"","reference_type":"","scores":[{"value":"0.23863","scoring_system":"epss","scoring_elements":"0.96141","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28556"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://github.com/magento/magento2/commit/1bd5cb8c065e44779526c0b044ce19b884707695","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/1bd5cb8c065e44779526c0b044ce19b884707695"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb21-30.html","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://helpx.adobe.com/security/products/magento/apsb21-30.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28556","reference_id":"CVE-2021-28556","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28556"},{"reference_url":"https://github.com/advisories/GHSA-39ch-rg26-gmq5","reference_id":"GHSA-39ch-rg26-gmq5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-39ch-rg26-gmq5"}],"fixed_packages":[],"aliases":["CVE-2021-28556","GHSA-39ch-rg26-gmq5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hg41-tf2t-4yew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210313?format=json","vulnerability_id":"VCID-huy7-57jw-z3bp","summary":"Magento cross-site request forgery (CSRF) vulnerability via the GraphQL API","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21027","reference_id":"","reference_type":"","scores":[{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.59031","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21027"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://github.com/magento/magento2/commit/a2eb7e29ea92a8bbc86c3b6b81b59d8533088497","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/a2eb7e29ea92a8bbc86c3b6b81b59d8533088497"},{"reference_url":"https://github.com/magento/magento2/commit/a349e022c9ae070e7da262021f9ef182105aa00b","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/a349e022c9ae070e7da262021f9ef182105aa00b"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb21-08.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://helpx.adobe.com/security/products/magento/apsb21-08.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21027","reference_id":"CVE-2021-21027","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21027"},{"reference_url":"https://github.com/advisories/GHSA-h4xc-577p-hgj9","reference_id":"GHSA-h4xc-577p-hgj9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h4xc-577p-hgj9"}],"fixed_packages":[],"aliases":["CVE-2021-21027","GHSA-h4xc-577p-hgj9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-huy7-57jw-z3bp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/332127?format=json","vulnerability_id":"VCID-jde1-ssj2-2bc9","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9587","reference_id":"","reference_type":"","scores":[{"value":"0.00551","scoring_system":"epss","scoring_elements":"0.68464","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9587"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb20-22.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://helpx.adobe.com/security/products/magento/apsb20-22.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9587","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9587"},{"reference_url":"https://github.com/advisories/GHSA-8wm7-h2qh-ff4c","reference_id":"GHSA-8wm7-h2qh-ff4c","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8wm7-h2qh-ff4c"}],"fixed_packages":[],"aliases":["CVE-2020-9587","GHSA-8wm7-h2qh-ff4c"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jde1-ssj2-2bc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/132280?format=json","vulnerability_id":"VCID-jkrp-j7st-27f3","summary":"Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38250","reference_id":"","reference_type":"","scores":[{"value":"0.01841","scoring_system":"epss","scoring_elements":"0.83373","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38250"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38250","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38250"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-50.html","reference_id":"apsb23-50.html","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T21:49:35Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb23-50.html"},{"reference_url":"https://github.com/advisories/GHSA-h3g9-cwr6-hphx","reference_id":"GHSA-h3g9-cwr6-hphx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-h3g9-cwr6-hphx"}],"fixed_packages":[],"aliases":["CVE-2023-38250","GHSA-h3g9-cwr6-hphx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jkrp-j7st-27f3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55080?format=json","vulnerability_id":"VCID-jnuu-9mt7-jyd5","summary":"Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution on the underlying filesystem. Exploitation of this issue does not require user interaction, but the attack complexity is high.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-20758","reference_id":"","reference_type":"","scores":[{"value":"0.02201","scoring_system":"epss","scoring_elements":"0.84788","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-20758"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-18.html","reference_id":"apsb24-18.html","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-04-11T04:01:06Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-18.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-20758","reference_id":"CVE-2024-20758","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-20758"},{"reference_url":"https://github.com/advisories/GHSA-wh4m-6rh3-p4rq","reference_id":"GHSA-wh4m-6rh3-p4rq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wh4m-6rh3-p4rq"}],"fixed_packages":[],"aliases":["CVE-2024-20758","GHSA-wh4m-6rh3-p4rq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jnuu-9mt7-jyd5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/332125?format=json","vulnerability_id":"VCID-jrdr-8ehx-7qet","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9585","reference_id":"","reference_type":"","scores":[{"value":"0.0622","scoring_system":"epss","scoring_elements":"0.91079","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9585"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb20-22.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://helpx.adobe.com/security/products/magento/apsb20-22.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9585","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9585"},{"reference_url":"https://github.com/advisories/GHSA-55gv-hfg3-hwjq","reference_id":"GHSA-55gv-hfg3-hwjq","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-55gv-hfg3-hwjq"}],"fixed_packages":[],"aliases":["CVE-2020-9585","GHSA-55gv-hfg3-hwjq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jrdr-8ehx-7qet"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210518?format=json","vulnerability_id":"VCID-k7kn-kacp-rqa6","summary":"Magento is affected by an improper authorization vulnerability","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36037","reference_id":"","reference_type":"","scores":[{"value":"0.00898","scoring_system":"epss","scoring_elements":"0.76093","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36037"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36037","reference_id":"CVE-2021-36037","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36037"},{"reference_url":"https://github.com/advisories/GHSA-vrq2-w7r7-3fp2","reference_id":"GHSA-vrq2-w7r7-3fp2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vrq2-w7r7-3fp2"}],"fixed_packages":[],"aliases":["CVE-2021-36037","GHSA-vrq2-w7r7-3fp2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k7kn-kacp-rqa6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/140523?format=json","vulnerability_id":"VCID-kbkg-d58m-h7bf","summary":"Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to modify a minor functionality of another user's data. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29296","reference_id":"","reference_type":"","scores":[{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30594","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29296"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29296","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29296"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html","reference_id":"apsb23-35.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:36:03Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html"},{"reference_url":"https://github.com/advisories/GHSA-3qr4-w96f-672v","reference_id":"GHSA-3qr4-w96f-672v","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3qr4-w96f-672v"}],"fixed_packages":[],"aliases":["CVE-2023-29296","GHSA-3qr4-w96f-672v"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kbkg-d58m-h7bf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/332124?format=json","vulnerability_id":"VCID-ksmk-3u16-2fa5","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9584","reference_id":"","reference_type":"","scores":[{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38161","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9584"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb20-22.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://helpx.adobe.com/security/products/magento/apsb20-22.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9584","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9584"},{"reference_url":"https://github.com/advisories/GHSA-45h4-6gcj-6hwv","reference_id":"GHSA-45h4-6gcj-6hwv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-45h4-6gcj-6hwv"}],"fixed_packages":[],"aliases":["CVE-2020-9584","GHSA-45h4-6gcj-6hwv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ksmk-3u16-2fa5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/332171?format=json","vulnerability_id":"VCID-m57a-9g8b-4ban","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9632","reference_id":"","reference_type":"","scores":[{"value":"0.07985","scoring_system":"epss","scoring_elements":"0.92273","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9632"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb20-22.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://helpx.adobe.com/security/products/magento/apsb20-22.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9632","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9632"},{"reference_url":"https://github.com/advisories/GHSA-6w29-x5j4-qhrw","reference_id":"GHSA-6w29-x5j4-qhrw","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6w29-x5j4-qhrw"}],"fixed_packages":[],"aliases":["CVE-2020-9632","GHSA-6w29-x5j4-qhrw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m57a-9g8b-4ban"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/140865?format=json","vulnerability_id":"VCID-mb5s-j22m-3qdx","summary":"Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29297","reference_id":"","reference_type":"","scores":[{"value":"0.08749","scoring_system":"epss","scoring_elements":"0.92693","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29297"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29297","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29297"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html","reference_id":"apsb23-35.html","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-05T18:37:01Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html"},{"reference_url":"https://github.com/advisories/GHSA-gfmm-ww6f-5mm5","reference_id":"GHSA-gfmm-ww6f-5mm5","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-gfmm-ww6f-5mm5"}],"fixed_packages":[],"aliases":["CVE-2023-29297","GHSA-gfmm-ww6f-5mm5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mb5s-j22m-3qdx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/318100?format=json","vulnerability_id":"VCID-ms33-zruj-fqem","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-8114","reference_id":"","reference_type":"","scores":[{"value":"0.01199","scoring_system":"epss","scoring_elements":"0.79306","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-8114"},{"reference_url":"https://devdocs-openmage.org/guides/m1x//ce19-ee114/ee1.14_release-notes.html#ee114-11443","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://devdocs-openmage.org/guides/m1x//ce19-ee114/ee1.14_release-notes.html#ee114-11443"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/magento1ce/CVE-2019-8114.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/magento1ce/CVE-2019-8114.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/magento1ee/CVE-2019-8114.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/magento1ee/CVE-2019-8114.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2019-8114.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2019-8114.yaml"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-8114","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-8114"},{"reference_url":"https://web.archive.org/web/20211209030216/https://magento.com/security/patches/supee-11219","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20211209030216/https://magento.com/security/patches/supee-11219"},{"reference_url":"https://github.com/advisories/GHSA-crv7-r357-gw3w","reference_id":"GHSA-crv7-r357-gw3w","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-crv7-r357-gw3w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/386143?format=json","purl":"pkg:composer/magento/project-community-edition@1.9.4%2B3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/project-community-edition@1.9.4%252B3"},{"url":"http://public2.vulnerablecode.io/api/packages/561997?format=json","purl":"pkg:composer/magento/project-community-edition@2.0.0-rc","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-164z-z5n3-wuhx"},{"vulnerability":"VCID-1bn5-82qw-k3a6"},{"vulnerability":"VCID-1bw2-wubb-hqdf"},{"vulnerability":"VCID-1nhy-rppa-3ugt"},{"vulnerability":"VCID-29d9-8pwn-xuew"},{"vulnerability":"VCID-2cra-khmt-jfgr"},{"vulnerability":"VCID-2pwj-32vy-c7cx"},{"vulnerability":"VCID-2sac-dap5-67cm"},{"vulnerability":"VCID-2tge-6ken-kqge"},{"vulnerability":"VCID-2zcu-9c1u-2fhg"},{"vulnerability":"VCID-3w11-7use-6kfv"},{"vulnerability":"VCID-3w6r-qvwp-cudu"},{"vulnerability":"VCID-42ja-fh9j-fqcc"},{"vulnerability":"VCID-466x-mpt9-gbgy"},{"vulnerability":"VCID-4dqv-w8zx-jbfx"},{"vulnerability":"VCID-5a9b-cba8-mbas"},{"vulnerability":"VCID-68y4-rbft-7qd4"},{"vulnerability":"VCID-6gtw-hr2w-5fcd"},{"vulnerability":"VCID-7hqr-a671-wfhq"},{"vulnerability":"VCID-7nw6-fepu-jqg1"},{"vulnerability":"VCID-7ygu-rw4h-gqea"},{"vulnerability":"VCID-8hfe-bt2u-37f9"},{"vulnerability":"VCID-8r3a-tuwb-k3f5"},{"vulnerability":"VCID-96hr-sbyj-27dw"},{"vulnerability":"VCID-9kv7-4rer-m3fs"},{"vulnerability":"VCID-9qq4-5w4p-wfez"},{"vulnerability":"VCID-9yw4-j8uq-guaz"},{"vulnerability":"VCID-afft-etfr-n3ep"},{"vulnerability":"VCID-b5rs-kmfc-b7ae"},{"vulnerability":"VCID-bbvn-enze-yyb6"},{"vulnerability":"VCID-bxr5-e3nd-73dr"},{"vulnerability":"VCID-c7fp-hh37-nyfk"},{"vulnerability":"VCID-cp9m-gxkz-ebf5"},{"vulnerability":"VCID-cq15-uetg-77fp"},{"vulnerability":"VCID-cxfd-jhqn-m3bb"},{"vulnerability":"VCID-d6hb-89kc-nkb6"},{"vulnerability":"VCID-df8h-8pgg-efg2"},{"vulnerability":"VCID-dj4m-m82g-7ybz"},{"vulnerability":"VCID-e22v-vjrd-v3gx"},{"vulnerability":"VCID-e9g4-n5c8-6yf9"},{"vulnerability":"VCID-ebf6-hmqh-77ae"},{"vulnerability":"VCID-eebb-ec8n-fkh4"},{"vulnerability":"VCID-ek7b-5h7x-4bem"},{"vulnerability":"VCID-eygz-u15g-mkgq"},{"vulnerability":"VCID-ezee-pmc6-tuc2"},{"vulnerability":"VCID-fa8x-8f5h-vqdu"},{"vulnerability":"VCID-faxs-pnwr-8udn"},{"vulnerability":"VCID-fb5x-afrq-87aj"},{"vulnerability":"VCID-ff1h-49j6-fygj"},{"vulnerability":"VCID-fz2x-ms14-pkfs"},{"vulnerability":"VCID-hg41-tf2t-4yew"},{"vulnerability":"VCID-huy7-57jw-z3bp"},{"vulnerability":"VCID-jde1-ssj2-2bc9"},{"vulnerability":"VCID-jkrp-j7st-27f3"},{"vulnerability":"VCID-jnuu-9mt7-jyd5"},{"vulnerability":"VCID-jrdr-8ehx-7qet"},{"vulnerability":"VCID-k7kn-kacp-rqa6"},{"vulnerability":"VCID-kbkg-d58m-h7bf"},{"vulnerability":"VCID-ksmk-3u16-2fa5"},{"vulnerability":"VCID-m57a-9g8b-4ban"},{"vulnerability":"VCID-mb5s-j22m-3qdx"},{"vulnerability":"VCID-mtu1-7ww6-vucq"},{"vulnerability":"VCID-n3fq-47aa-qff7"},{"vulnerability":"VCID-n4vb-dqt3-g3ff"},{"vulnerability":"VCID-pk6p-a3rt-h7df"},{"vulnerability":"VCID-pzjb-n7ah-ffcg"},{"vulnerability":"VCID-q12a-kwpk-yufv"},{"vulnerability":"VCID-qcwq-814h-63c2"},{"vulnerability":"VCID-qgse-3kg2-7ke7"},{"vulnerability":"VCID-qhah-73w3-sqbp"},{"vulnerability":"VCID-qkzw-58hc-sfhr"},{"vulnerability":"VCID-qr8w-qwb5-6uag"},{"vulnerability":"VCID-qry6-3fd2-xbha"},{"vulnerability":"VCID-qs5t-4dc4-xyed"},{"vulnerability":"VCID-qvq2-tfke-w7g8"},{"vulnerability":"VCID-rd7c-5nbe-9qbn"},{"vulnerability":"VCID-s6y3-6ycj-vugy"},{"vulnerability":"VCID-st4g-zp7x-u3ba"},{"vulnerability":"VCID-swsg-c57z-1fe5"},{"vulnerability":"VCID-u7kq-477v-jqc5"},{"vulnerability":"VCID-u7wj-vk3w-sbb8"},{"vulnerability":"VCID-uz87-qmx6-wbh3"},{"vulnerability":"VCID-v4kk-tszr-puge"},{"vulnerability":"VCID-v5gv-qmy3-67fd"},{"vulnerability":"VCID-vd65-b296-q7d3"},{"vulnerability":"VCID-vdf7-p4x1-j3dt"},{"vulnerability":"VCID-veep-9n16-y7bv"},{"vulnerability":"VCID-vgck-qufa-y7g8"},{"vulnerability":"VCID-vmjw-y7tt-x7gv"},{"vulnerability":"VCID-vv16-jtmz-9yar"},{"vulnerability":"VCID-w54j-vx36-3qhs"},{"vulnerability":"VCID-x8wc-8zj4-1qgx"},{"vulnerability":"VCID-xrwz-zqgd-7yc5"},{"vulnerability":"VCID-yw2c-atdh-jucd"},{"vulnerability":"VCID-zffj-3gkp-nycc"},{"vulnerability":"VCID-zssu-1dmn-sycb"},{"vulnerability":"VCID-zw8c-fe8p-e7e3"},{"vulnerability":"VCID-zwem-swqk-1kaz"},{"vulnerability":"VCID-zym7-1cr7-mkaa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/project-community-edition@2.0.0-rc"}],"aliases":["CVE-2019-8114","GHSA-crv7-r357-gw3w"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ms33-zruj-fqem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210224?format=json","vulnerability_id":"VCID-mtu1-7ww6-vucq","summary":"Magento 2 Community Edition Incorrect Authorization","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-24401","reference_id":"","reference_type":"","scores":[{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.5214","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-24401"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb20-59.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://helpx.adobe.com/security/products/magento/apsb20-59.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-24401","reference_id":"CVE-2020-24401","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-24401"},{"reference_url":"https://github.com/advisories/GHSA-f2g3-3c6q-4478","reference_id":"GHSA-f2g3-3c6q-4478","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f2g3-3c6q-4478"}],"fixed_packages":[],"aliases":["CVE-2020-24401","GHSA-f2g3-3c6q-4478"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mtu1-7ww6-vucq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210528?format=json","vulnerability_id":"VCID-n3fq-47aa-qff7","summary":"Magento improper authorization vulnerability","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36029","reference_id":"","reference_type":"","scores":[{"value":"0.0345","scoring_system":"epss","scoring_elements":"0.87785","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36029"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36029","reference_id":"CVE-2021-36029","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36029"},{"reference_url":"https://github.com/advisories/GHSA-m8wx-whpp-q283","reference_id":"GHSA-m8wx-whpp-q283","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m8wx-whpp-q283"}],"fixed_packages":[],"aliases":["CVE-2021-36029","GHSA-m8wx-whpp-q283"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n3fq-47aa-qff7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210225?format=json","vulnerability_id":"VCID-n4vb-dqt3-g3ff","summary":"Magento incorrect user permissions vulnerability within the Inventory component","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-24403","reference_id":"","reference_type":"","scores":[{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40848","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-24403"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb20-59.html","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://helpx.adobe.com/security/products/magento/apsb20-59.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-24403","reference_id":"CVE-2020-24403","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-24403"},{"reference_url":"https://github.com/advisories/GHSA-39rw-4m66-82gf","reference_id":"GHSA-39rw-4m66-82gf","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-39rw-4m66-82gf"}],"fixed_packages":[],"aliases":["CVE-2020-24403","GHSA-39rw-4m66-82gf"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n4vb-dqt3-g3ff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210650?format=json","vulnerability_id":"VCID-pk6p-a3rt-h7df","summary":"Magento stored cross-site scripting vulnerability in the customer address upload feature","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36026","reference_id":"","reference_type":"","scores":[{"value":"0.01528","scoring_system":"epss","scoring_elements":"0.81702","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36026"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36026","reference_id":"CVE-2021-36026","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36026"},{"reference_url":"https://github.com/advisories/GHSA-8gfq-m4cf-w975","reference_id":"GHSA-8gfq-m4cf-w975","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8gfq-m4cf-w975"}],"fixed_packages":[],"aliases":["CVE-2021-36026","GHSA-8gfq-m4cf-w975"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pk6p-a3rt-h7df"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55272?format=json","vulnerability_id":"VCID-pzjb-n7ah-ffcg","summary":"Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-20720","reference_id":"","reference_type":"","scores":[{"value":"0.07195","scoring_system":"epss","scoring_elements":"0.91784","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-20720"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-03.html","reference_id":"apsb24-03.html","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-11T17:46:31Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-03.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-20720","reference_id":"CVE-2024-20720","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-20720"},{"reference_url":"https://github.com/advisories/GHSA-525f-pvj5-vqmq","reference_id":"GHSA-525f-pvj5-vqmq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-525f-pvj5-vqmq"}],"fixed_packages":[],"aliases":["CVE-2024-20720","GHSA-525f-pvj5-vqmq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pzjb-n7ah-ffcg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/135957?format=json","vulnerability_id":"VCID-q12a-kwpk-yufv","summary":"Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privileged authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction, scope is changed due to the fact that an attacker can enforce file read outside the application's path boundary.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26366","reference_id":"","reference_type":"","scores":[{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.5823","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26366"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"5.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26366","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"5.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26366"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-50.html","reference_id":"apsb23-50.html","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"5.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:49:13Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb23-50.html"},{"reference_url":"https://github.com/advisories/GHSA-8jxc-5f94-22vh","reference_id":"GHSA-8jxc-5f94-22vh","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8jxc-5f94-22vh"}],"fixed_packages":[],"aliases":["CVE-2023-26366","GHSA-8jxc-5f94-22vh"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q12a-kwpk-yufv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/149491?format=json","vulnerability_id":"VCID-qcwq-814h-63c2","summary":"Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an XML Injection vulnerability that could lead to arbitrary file system read. An unauthenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22247","reference_id":"","reference_type":"","scores":[{"value":"0.04774","scoring_system":"epss","scoring_elements":"0.89697","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22247"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22247","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22247"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-17.html","reference_id":"apsb23-17.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:39:24Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb23-17.html"},{"reference_url":"https://github.com/advisories/GHSA-2444-8gj8-6fmx","reference_id":"GHSA-2444-8gj8-6fmx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2444-8gj8-6fmx"}],"fixed_packages":[],"aliases":["CVE-2023-22247","GHSA-2444-8gj8-6fmx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qcwq-814h-63c2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/140643?format=json","vulnerability_id":"VCID-qgse-3kg2-7ke7","summary":"Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an XML Injection vulnerability. An attacker with low privileges can trigger a specially crafted script to a security feature bypass. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29289","reference_id":"","reference_type":"","scores":[{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.58383","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29289"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29289","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29289"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html","reference_id":"apsb23-35.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:36:23Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html"},{"reference_url":"https://github.com/advisories/GHSA-wh42-8r2w-873x","reference_id":"GHSA-wh42-8r2w-873x","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wh42-8r2w-873x"}],"fixed_packages":[],"aliases":["CVE-2023-29289","GHSA-wh42-8r2w-873x"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qgse-3kg2-7ke7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210227?format=json","vulnerability_id":"VCID-qhah-73w3-sqbp","summary":"Magento 2 Community Edition RCE via Unsafe File Upload","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-24407","reference_id":"","reference_type":"","scores":[{"value":"0.03057","scoring_system":"epss","scoring_elements":"0.87001","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-24407"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb20-59.html","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://helpx.adobe.com/security/products/magento/apsb20-59.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-24407","reference_id":"CVE-2020-24407","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-24407"},{"reference_url":"https://github.com/advisories/GHSA-7pxg-6p87-8c9v","reference_id":"GHSA-7pxg-6p87-8c9v","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7pxg-6p87-8c9v"}],"fixed_packages":[],"aliases":["CVE-2020-24407","GHSA-7pxg-6p87-8c9v"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qhah-73w3-sqbp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/332117?format=json","vulnerability_id":"VCID-qkzw-58hc-sfhr","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9577","reference_id":"","reference_type":"","scores":[{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.55406","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9577"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb20-22.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://helpx.adobe.com/security/products/magento/apsb20-22.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9577","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9577"},{"reference_url":"https://github.com/advisories/GHSA-689w-2f93-2x67","reference_id":"GHSA-689w-2f93-2x67","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-689w-2f93-2x67"}],"fixed_packages":[],"aliases":["CVE-2020-9577","GHSA-689w-2f93-2x67"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qkzw-58hc-sfhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/136042?format=json","vulnerability_id":"VCID-qr8w-qwb5-6uag","summary":"Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26367","reference_id":"","reference_type":"","scores":[{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58788","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26367"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26367","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26367"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-50.html","reference_id":"apsb23-50.html","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:49:12Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb23-50.html"},{"reference_url":"https://github.com/advisories/GHSA-9mx6-4gg4-85xj","reference_id":"GHSA-9mx6-4gg4-85xj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9mx6-4gg4-85xj"}],"fixed_packages":[],"aliases":["CVE-2023-26367","GHSA-9mx6-4gg4-85xj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qr8w-qwb5-6uag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210536?format=json","vulnerability_id":"VCID-qry6-3fd2-xbha","summary":"Magento affected by a business logic error in the placeOrder graphql mutation","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36012","reference_id":"","reference_type":"","scores":[{"value":"0.00792","scoring_system":"epss","scoring_elements":"0.74359","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36012"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36012","reference_id":"CVE-2021-36012","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36012"},{"reference_url":"https://github.com/advisories/GHSA-3f97-7pgv-gmgr","reference_id":"GHSA-3f97-7pgv-gmgr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3f97-7pgv-gmgr"}],"fixed_packages":[],"aliases":["CVE-2021-36012","GHSA-3f97-7pgv-gmgr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qry6-3fd2-xbha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210226?format=json","vulnerability_id":"VCID-qs5t-4dc4-xyed","summary":"Magento incorrect permissions vulnerability in the Integrations component","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-24402","reference_id":"","reference_type":"","scores":[{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40848","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-24402"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb20-59.html","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://helpx.adobe.com/security/products/magento/apsb20-59.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-24402","reference_id":"CVE-2020-24402","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-24402"},{"reference_url":"https://github.com/advisories/GHSA-hvf5-4jr9-fghh","reference_id":"GHSA-hvf5-4jr9-fghh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hvf5-4jr9-fghh"}],"fixed_packages":[],"aliases":["CVE-2020-24402","GHSA-hvf5-4jr9-fghh"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qs5t-4dc4-xyed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210538?format=json","vulnerability_id":"VCID-qvq2-tfke-w7g8","summary":"Magento Improper Authorization vulnerability in the customers module","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28567","reference_id":"","reference_type":"","scores":[{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27747","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28567"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://github.com/magento/magento2/commit/1bd5cb8c065e44779526c0b044ce19b884707695","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/1bd5cb8c065e44779526c0b044ce19b884707695"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb21-30.html","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://helpx.adobe.com/security/products/magento/apsb21-30.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28567","reference_id":"CVE-2021-28567","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28567"},{"reference_url":"https://github.com/advisories/GHSA-cc3w-r3w8-hfh7","reference_id":"GHSA-cc3w-r3w8-hfh7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cc3w-r3w8-hfh7"}],"fixed_packages":[],"aliases":["CVE-2021-28567","GHSA-cc3w-r3w8-hfh7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qvq2-tfke-w7g8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/332222?format=json","vulnerability_id":"VCID-rd7c-5nbe-9qbn","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9689","reference_id":"","reference_type":"","scores":[{"value":"0.01219","scoring_system":"epss","scoring_elements":"0.79461","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9689"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://github.com/magento/magento2/commit/9436781734e47c83e96977fa770d255217680d5e#diff-7c7399d1d47cdaf120a1a503b7ad87f496d98790203dc82b395ec6bc2d430a55","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/9436781734e47c83e96977fa770d255217680d5e#diff-7c7399d1d47cdaf120a1a503b7ad87f496d98790203dc82b395ec6bc2d430a55"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb20-47.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://helpx.adobe.com/security/products/magento/apsb20-47.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9689","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9689"},{"reference_url":"https://github.com/advisories/GHSA-fr6f-xmfx-rrpq","reference_id":"GHSA-fr6f-xmfx-rrpq","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fr6f-xmfx-rrpq"}],"fixed_packages":[],"aliases":["CVE-2020-9689","GHSA-fr6f-xmfx-rrpq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rd7c-5nbe-9qbn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210533?format=json","vulnerability_id":"VCID-s6y3-6ycj-vugy","summary":"Magento is affected by an os command injection via the Data collection endpoint","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36024","reference_id":"","reference_type":"","scores":[{"value":"0.08668","scoring_system":"epss","scoring_elements":"0.92647","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36024"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36024","reference_id":"CVE-2021-36024","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36024"},{"reference_url":"https://github.com/advisories/GHSA-qmq6-jpvg-j547","reference_id":"GHSA-qmq6-jpvg-j547","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qmq6-jpvg-j547"}],"fixed_packages":[],"aliases":["CVE-2021-36024","GHSA-qmq6-jpvg-j547"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s6y3-6ycj-vugy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210312?format=json","vulnerability_id":"VCID-st4g-zp7x-u3ba","summary":"Magento improper authorization vulnerability in the integrations module","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21026","reference_id":"","reference_type":"","scores":[{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.72058","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21026"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://github.com/magento/magento2/commit/a2eb7e29ea92a8bbc86c3b6b81b59d8533088497","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/a2eb7e29ea92a8bbc86c3b6b81b59d8533088497"},{"reference_url":"https://github.com/magento/magento2/commit/a349e022c9ae070e7da262021f9ef182105aa00b","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/a349e022c9ae070e7da262021f9ef182105aa00b"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb21-08.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://helpx.adobe.com/security/products/magento/apsb21-08.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21026","reference_id":"CVE-2021-21026","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21026"},{"reference_url":"https://github.com/advisories/GHSA-crjc-2v9m-8w7r","reference_id":"GHSA-crjc-2v9m-8w7r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-crjc-2v9m-8w7r"}],"fixed_packages":[],"aliases":["CVE-2021-21026","GHSA-crjc-2v9m-8w7r"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-st4g-zp7x-u3ba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/140875?format=json","vulnerability_id":"VCID-swsg-c57z-1fe5","summary":"Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29290","reference_id":"","reference_type":"","scores":[{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34832","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29290"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29290","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29290"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html","reference_id":"apsb23-35.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:39:03Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html"},{"reference_url":"https://github.com/advisories/GHSA-qw5m-vmp3-f553","reference_id":"GHSA-qw5m-vmp3-f553","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qw5m-vmp3-f553"}],"fixed_packages":[],"aliases":["CVE-2023-29290","GHSA-qw5m-vmp3-f553"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-swsg-c57z-1fe5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210530?format=json","vulnerability_id":"VCID-u7kq-477v-jqc5","summary":"Magento Path Traversal vulnerability via the `theme[preview_image]` parameter","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36031","reference_id":"","reference_type":"","scores":[{"value":"0.1031","scoring_system":"epss","scoring_elements":"0.93346","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36031"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36031","reference_id":"CVE-2021-36031","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36031"},{"reference_url":"https://github.com/advisories/GHSA-7w95-qwhh-q9p3","reference_id":"GHSA-7w95-qwhh-q9p3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7w95-qwhh-q9p3"}],"fixed_packages":[],"aliases":["CVE-2021-36031","GHSA-7w95-qwhh-q9p3"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u7kq-477v-jqc5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/140815?format=json","vulnerability_id":"VCID-u7wj-vk3w-sbb8","summary":"Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Business Logic Errors vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29294","reference_id":"","reference_type":"","scores":[{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41709","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29294"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29294","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29294"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html","reference_id":"apsb23-35.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:36:09Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html"},{"reference_url":"https://github.com/advisories/GHSA-28vp-39rf-3q2j","reference_id":"GHSA-28vp-39rf-3q2j","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-28vp-39rf-3q2j"}],"fixed_packages":[],"aliases":["CVE-2023-29294","GHSA-28vp-39rf-3q2j"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u7wj-vk3w-sbb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210519?format=json","vulnerability_id":"VCID-uz87-qmx6-wbh3","summary":"Magento executes code via the API File Option Upload Extension","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36042","reference_id":"","reference_type":"","scores":[{"value":"0.04108","scoring_system":"epss","scoring_elements":"0.88854","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36042"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36042","reference_id":"CVE-2021-36042","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36042"},{"reference_url":"https://github.com/advisories/GHSA-6cwv-wj7v-73xp","reference_id":"GHSA-6cwv-wj7v-73xp","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6cwv-wj7v-73xp"}],"fixed_packages":[],"aliases":["CVE-2021-36042","GHSA-6cwv-wj7v-73xp"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uz87-qmx6-wbh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/140391?format=json","vulnerability_id":"VCID-v4kk-tszr-puge","summary":"Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Information Exposure vulnerability that could lead to a security feature bypass. An attacker could leverage this vulnerability to leak minor user data. Exploitation of this issue does not require user interaction..","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29287","reference_id":"","reference_type":"","scores":[{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54383","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29287"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29287","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29287"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html","reference_id":"apsb23-35.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:39:07Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html"},{"reference_url":"https://github.com/advisories/GHSA-85m4-g9vq-xpxj","reference_id":"GHSA-85m4-g9vq-xpxj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-85m4-g9vq-xpxj"}],"fixed_packages":[],"aliases":["CVE-2023-29287","GHSA-85m4-g9vq-xpxj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v4kk-tszr-puge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/156106?format=json","vulnerability_id":"VCID-v5gv-qmy3-67fd","summary":"Adobe Commerce versions 2.4.2-p2 (and earlier), 2.4.3 (and earlier) and 2.3.7p1 (and earlier) are affected by a cross-site request forgery (CSRF) vulnerability via a Wishlist Share Link. Successful exploitation could lead to unauthorized addition to customer cart by an unauthenticated attacker. Access to the admin console is not required for successful exploitation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39864","reference_id":"","reference_type":"","scores":[{"value":"0.00997","scoring_system":"epss","scoring_elements":"0.77386","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39864"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb21-86.html","reference_id":"apsb21-86.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:10:33Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb21-86.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-39864","reference_id":"CVE-2021-39864","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"4.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-39864"},{"reference_url":"https://github.com/advisories/GHSA-94wq-87g6-8h77","reference_id":"GHSA-94wq-87g6-8h77","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-94wq-87g6-8h77"}],"fixed_packages":[],"aliases":["CVE-2021-39864","GHSA-94wq-87g6-8h77"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v5gv-qmy3-67fd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210308?format=json","vulnerability_id":"VCID-vd65-b296-q7d3","summary":"Magento Improper Access Control","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21020","reference_id":"","reference_type":"","scores":[{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29115","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21020"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb21-08.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://helpx.adobe.com/security/products/magento/apsb21-08.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21020","reference_id":"CVE-2021-21020","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21020"},{"reference_url":"https://github.com/advisories/GHSA-2j6v-829g-885q","reference_id":"GHSA-2j6v-829g-885q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2j6v-829g-885q"}],"fixed_packages":[],"aliases":["CVE-2021-21020","GHSA-2j6v-829g-885q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vd65-b296-q7d3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/332123?format=json","vulnerability_id":"VCID-vdf7-p4x1-j3dt","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9583","reference_id":"","reference_type":"","scores":[{"value":"0.031","scoring_system":"epss","scoring_elements":"0.87093","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9583"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb20-22.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://helpx.adobe.com/security/products/magento/apsb20-22.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9583","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9583"},{"reference_url":"https://github.com/advisories/GHSA-c55h-7q4j-g6rq","reference_id":"GHSA-c55h-7q4j-g6rq","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-c55h-7q4j-g6rq"}],"fixed_packages":[],"aliases":["CVE-2020-9583","GHSA-c55h-7q4j-g6rq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vdf7-p4x1-j3dt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210523?format=json","vulnerability_id":"VCID-veep-9n16-y7bv","summary":"Magento affected by remote code execution via a file upload","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36034","reference_id":"","reference_type":"","scores":[{"value":"0.05476","scoring_system":"epss","scoring_elements":"0.9041","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36034"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36034","reference_id":"CVE-2021-36034","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36034"},{"reference_url":"https://github.com/advisories/GHSA-j46h-qjjv-cxfj","reference_id":"GHSA-j46h-qjjv-cxfj","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j46h-qjjv-cxfj"}],"fixed_packages":[],"aliases":["CVE-2021-36034","GHSA-j46h-qjjv-cxfj"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-veep-9n16-y7bv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/149776?format=json","vulnerability_id":"VCID-vgck-qufa-y7g8","summary":"Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22250","reference_id":"","reference_type":"","scores":[{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.63437","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22250"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22250","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22250"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-17.html","reference_id":"apsb23-17.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:39:21Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb23-17.html"},{"reference_url":"https://github.com/advisories/GHSA-4h7p-4vq8-g2gh","reference_id":"GHSA-4h7p-4vq8-g2gh","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4h7p-4vq8-g2gh"}],"fixed_packages":[],"aliases":["CVE-2023-22250","GHSA-4h7p-4vq8-g2gh"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vgck-qufa-y7g8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/332118?format=json","vulnerability_id":"VCID-vmjw-y7tt-x7gv","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9578","reference_id":"","reference_type":"","scores":[{"value":"0.0323","scoring_system":"epss","scoring_elements":"0.87355","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9578"},{"reference_url":"https://github.com/magento/magento2/commit/52d92dbd07f09620d23693ba0c4d4bdb4ba09916","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/52d92dbd07f09620d23693ba0c4d4bdb4ba09916"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb20-22.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://helpx.adobe.com/security/products/magento/apsb20-22.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9578","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9578"},{"reference_url":"https://github.com/advisories/GHSA-724x-gqhv-9c5x","reference_id":"GHSA-724x-gqhv-9c5x","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-724x-gqhv-9c5x"}],"fixed_packages":[],"aliases":["CVE-2020-9578","GHSA-724x-gqhv-9c5x"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vmjw-y7tt-x7gv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210527?format=json","vulnerability_id":"VCID-vv16-jtmz-9yar","summary":"Magento XML Injection vulnerability in the Widgets Module","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36033","reference_id":"","reference_type":"","scores":[{"value":"0.11326","scoring_system":"epss","scoring_elements":"0.9371","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36033"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36033","reference_id":"CVE-2021-36033","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36033"},{"reference_url":"https://github.com/advisories/GHSA-p746-qw73-qmmx","reference_id":"GHSA-p746-qw73-qmmx","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p746-qw73-qmmx"}],"fixed_packages":[],"aliases":["CVE-2021-36033","GHSA-p746-qw73-qmmx"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vv16-jtmz-9yar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210451?format=json","vulnerability_id":"VCID-w54j-vx36-3qhs","summary":"Magento Path Traversal vulnerability","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28584","reference_id":"","reference_type":"","scores":[{"value":"0.00574","scoring_system":"epss","scoring_elements":"0.69225","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28584"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://github.com/magento/magento2/commit/1bd5cb8c065e44779526c0b044ce19b884707695","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/1bd5cb8c065e44779526c0b044ce19b884707695"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb21-30.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://helpx.adobe.com/security/products/magento/apsb21-30.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28584","reference_id":"CVE-2021-28584","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28584"},{"reference_url":"https://github.com/advisories/GHSA-7gpv-xrjr-f5h4","reference_id":"GHSA-7gpv-xrjr-f5h4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7gpv-xrjr-f5h4"}],"fixed_packages":[],"aliases":["CVE-2021-28584","GHSA-7gpv-xrjr-f5h4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w54j-vx36-3qhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210307?format=json","vulnerability_id":"VCID-x8wc-8zj4-1qgx","summary":"Magento OS command injection via the WebAPI","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21016","reference_id":"","reference_type":"","scores":[{"value":"0.04449","scoring_system":"epss","scoring_elements":"0.89306","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21016"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://github.com/magento/magento2/commit/a2eb7e29ea92a8bbc86c3b6b81b59d8533088497","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/a2eb7e29ea92a8bbc86c3b6b81b59d8533088497"},{"reference_url":"https://github.com/magento/magento2/commit/a349e022c9ae070e7da262021f9ef182105aa00b","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2/commit/a349e022c9ae070e7da262021f9ef182105aa00b"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb21-08.html","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://helpx.adobe.com/security/products/magento/apsb21-08.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21016","reference_id":"CVE-2021-21016","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21016"},{"reference_url":"https://github.com/advisories/GHSA-792f-c8mp-2cr5","reference_id":"GHSA-792f-c8mp-2cr5","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-792f-c8mp-2cr5"}],"fixed_packages":[],"aliases":["CVE-2021-21016","GHSA-792f-c8mp-2cr5"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x8wc-8zj4-1qgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/140382?format=json","vulnerability_id":"VCID-xrwz-zqgd-7yc5","summary":"Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29295","reference_id":"","reference_type":"","scores":[{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30594","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29295"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29295","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29295"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html","reference_id":"apsb23-35.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T18:36:06Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html"},{"reference_url":"https://github.com/advisories/GHSA-354h-fpmq-68v7","reference_id":"GHSA-354h-fpmq-68v7","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-354h-fpmq-68v7"}],"fixed_packages":[],"aliases":["CVE-2023-29295","GHSA-354h-fpmq-68v7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xrwz-zqgd-7yc5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210525?format=json","vulnerability_id":"VCID-yw2c-atdh-jucd","summary":"Magento has an XML Injection vulnerability","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36028","reference_id":"","reference_type":"","scores":[{"value":"0.11326","scoring_system":"epss","scoring_elements":"0.9371","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36028"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36028","reference_id":"CVE-2021-36028","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36028"},{"reference_url":"https://github.com/advisories/GHSA-5pjj-7fq8-9gpf","reference_id":"GHSA-5pjj-7fq8-9gpf","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5pjj-7fq8-9gpf"}],"fixed_packages":[],"aliases":["CVE-2021-36028","GHSA-5pjj-7fq8-9gpf"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yw2c-atdh-jucd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210526?format=json","vulnerability_id":"VCID-zffj-3gkp-nycc","summary":"Magento is affected by an improper input validation vulnerability while saving a customer's details","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36025","reference_id":"","reference_type":"","scores":[{"value":"0.05476","scoring_system":"epss","scoring_elements":"0.9041","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36025"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36025","reference_id":"CVE-2021-36025","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36025"},{"reference_url":"https://github.com/advisories/GHSA-gvfx-9m9v-h839","reference_id":"GHSA-gvfx-9m9v-h839","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gvfx-9m9v-h839"}],"fixed_packages":[],"aliases":["CVE-2021-36025","GHSA-gvfx-9m9v-h839"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zffj-3gkp-nycc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/356273?format=json","vulnerability_id":"VCID-zssu-1dmn-sycb","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38218","reference_id":"","reference_type":"","scores":[{"value":"0.00692","scoring_system":"epss","scoring_elements":"0.7232","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38218"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38218","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38218"},{"reference_url":"https://github.com/advisories/GHSA-rpc7-gf58-v3x2","reference_id":"GHSA-rpc7-gf58-v3x2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rpc7-gf58-v3x2"}],"fixed_packages":[],"aliases":["CVE-2023-38218","GHSA-rpc7-gf58-v3x2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zssu-1dmn-sycb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/155704?format=json","vulnerability_id":"VCID-zw8c-fe8p-e7e3","summary":"Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an Improper input validation vulnerability within the CMS page scheduled update feature. An authenticated attacker with administrative privilege could leverage this vulnerability to achieve remote code execution on the system.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36021","reference_id":"","reference_type":"","scores":[{"value":"0.01308","scoring_system":"epss","scoring_elements":"0.80207","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36021"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36021","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36021"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb21-64.html","reference_id":"apsb21-64.html","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-13T15:48:42Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb21-64.html"},{"reference_url":"https://github.com/advisories/GHSA-4g27-q2w9-m8m8","reference_id":"GHSA-4g27-q2w9-m8m8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4g27-q2w9-m8m8"}],"fixed_packages":[],"aliases":["CVE-2021-36021","GHSA-4g27-q2w9-m8m8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zw8c-fe8p-e7e3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55183?format=json","vulnerability_id":"VCID-zwem-swqk-1kaz","summary":"Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to an application denial-of-service. A high-privileged attacker could leverage this vulnerability to exhaust system resources, causing the application to slow down or crash. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-20716","reference_id":"","reference_type":"","scores":[{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.50307","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-20716"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb24-03.html","reference_id":"apsb24-03.html","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-18T00:20:23Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb24-03.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-20716","reference_id":"CVE-2024-20716","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-20716"},{"reference_url":"https://github.com/advisories/GHSA-c9h9-h5gf-885r","reference_id":"GHSA-c9h9-h5gf-885r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c9h9-h5gf-885r"}],"fixed_packages":[],"aliases":["CVE-2024-20716","GHSA-c9h9-h5gf-885r"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zwem-swqk-1kaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/131843?format=json","vulnerability_id":"VCID-zym7-1cr7-mkaa","summary":"Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Authorization vulnerability that could lead in a security feature bypass in a way that an attacker could access unauthorised data. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38220","reference_id":"","reference_type":"","scores":[{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.3576","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38220"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38220","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38220"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb23-50.html","reference_id":"apsb23-50.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:50:06Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb23-50.html"},{"reference_url":"https://github.com/advisories/GHSA-grc6-r6f8-xj7c","reference_id":"GHSA-grc6-r6f8-xj7c","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-grc6-r6f8-xj7c"}],"fixed_packages":[],"aliases":["CVE-2023-38220","GHSA-grc6-r6f8-xj7c"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zym7-1cr7-mkaa"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/project-community-edition@0.74.0-beta5"}