Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/magento/community-edition@2.4.4-p8
Typecomposer
Namespacemagento
Namecommunity-edition
Version2.4.4-p8
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.4.6-p13
Latest_non_vulnerable_version2.4.9-alpha3
Affected_by_vulnerabilities
0
url VCID-1jsp-392b-2fgb
vulnerability_id VCID-1jsp-392b-2fgb
summary 
Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
Magento versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability by manipulating the timing between the check of a resource's state and its use, allowing unauthorized write access. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-49558
reference_id
reference_type
scores
0
value 0.00505
scoring_system epss
scoring_elements 0.66592
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-49558
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb25-71.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-13T15:04:13Z/
url https://helpx.adobe.com/security/products/magento/apsb25-71.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-49558
reference_id CVE-2025-49558
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-49558
4
reference_url https://github.com/advisories/GHSA-wcmw-8xpp-rwfj
reference_id GHSA-wcmw-8xpp-rwfj
reference_type
scores
url https://github.com/advisories/GHSA-wcmw-8xpp-rwfj
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.5-p14
purl pkg:composer/magento/community-edition@2.4.5-p14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cafy-5dd8-rudj
1
vulnerability VCID-ccx1-qacj-2qev
2
vulnerability VCID-dj5a-35gt-u7dn
3
vulnerability VCID-qrwc-3gsb-zkfy
4
vulnerability VCID-th7y-aj51-mbaj
5
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p14
1
url pkg:composer/magento/community-edition@2.4.6-p12
purl pkg:composer/magento/community-edition@2.4.6-p12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cafy-5dd8-rudj
1
vulnerability VCID-ccx1-qacj-2qev
2
vulnerability VCID-dj5a-35gt-u7dn
3
vulnerability VCID-qrwc-3gsb-zkfy
4
vulnerability VCID-th7y-aj51-mbaj
5
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p12
2
url pkg:composer/magento/community-edition@2.4.7-p7
purl pkg:composer/magento/community-edition@2.4.7-p7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cafy-5dd8-rudj
1
vulnerability VCID-ccx1-qacj-2qev
2
vulnerability VCID-dj5a-35gt-u7dn
3
vulnerability VCID-qrwc-3gsb-zkfy
4
vulnerability VCID-th7y-aj51-mbaj
5
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p7
3
url pkg:composer/magento/community-edition@2.4.8-p2
purl pkg:composer/magento/community-edition@2.4.8-p2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cafy-5dd8-rudj
1
vulnerability VCID-ccx1-qacj-2qev
2
vulnerability VCID-dj5a-35gt-u7dn
3
vulnerability VCID-qrwc-3gsb-zkfy
4
vulnerability VCID-th7y-aj51-mbaj
5
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p2
4
url pkg:composer/magento/community-edition@2.4.9-alpha2
purl pkg:composer/magento/community-edition@2.4.9-alpha2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cafy-5dd8-rudj
1
vulnerability VCID-ccx1-qacj-2qev
2
vulnerability VCID-dj5a-35gt-u7dn
3
vulnerability VCID-qrwc-3gsb-zkfy
4
vulnerability VCID-th7y-aj51-mbaj
5
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha2
aliases CVE-2025-49558, GHSA-wcmw-8xpp-rwfj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1jsp-392b-2fgb
1
url VCID-3g5s-hryc-5qa9
vulnerability_id VCID-3g5s-hryc-5qa9
summary 
Magneto contains stored XSS vulnerability
Magento versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-47110
reference_id
reference_type
scores
0
value 0.00709
scoring_system epss
scoring_elements 0.72632
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-47110
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb25-50.html
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-10T18:09:25Z/
url https://helpx.adobe.com/security/products/magento/apsb25-50.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-47110
reference_id CVE-2025-47110
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-47110
4
reference_url https://github.com/advisories/GHSA-j934-vjh5-vf9r
reference_id GHSA-j934-vjh5-vf9r
reference_type
scores
url https://github.com/advisories/GHSA-j934-vjh5-vf9r
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.5-p13
purl pkg:composer/magento/community-edition@2.4.5-p13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jsp-392b-2fgb
1
vulnerability VCID-cafy-5dd8-rudj
2
vulnerability VCID-ccx1-qacj-2qev
3
vulnerability VCID-cm2a-1yc5-v3cy
4
vulnerability VCID-dj5a-35gt-u7dn
5
vulnerability VCID-eygc-ra9u-gyej
6
vulnerability VCID-fzm9-e6bg-r7aw
7
vulnerability VCID-qrwc-3gsb-zkfy
8
vulnerability VCID-th7y-aj51-mbaj
9
vulnerability VCID-tzug-ckkn-dyft
10
vulnerability VCID-wzu6-rbsv-mkde
11
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p13
1
url pkg:composer/magento/community-edition@2.4.6-p11
purl pkg:composer/magento/community-edition@2.4.6-p11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jsp-392b-2fgb
1
vulnerability VCID-cafy-5dd8-rudj
2
vulnerability VCID-ccx1-qacj-2qev
3
vulnerability VCID-cm2a-1yc5-v3cy
4
vulnerability VCID-dj5a-35gt-u7dn
5
vulnerability VCID-eygc-ra9u-gyej
6
vulnerability VCID-fzm9-e6bg-r7aw
7
vulnerability VCID-qrwc-3gsb-zkfy
8
vulnerability VCID-th7y-aj51-mbaj
9
vulnerability VCID-tzug-ckkn-dyft
10
vulnerability VCID-wzu6-rbsv-mkde
11
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p11
2
url pkg:composer/magento/community-edition@2.4.7-p6
purl pkg:composer/magento/community-edition@2.4.7-p6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jsp-392b-2fgb
1
vulnerability VCID-cafy-5dd8-rudj
2
vulnerability VCID-ccx1-qacj-2qev
3
vulnerability VCID-cm2a-1yc5-v3cy
4
vulnerability VCID-dj5a-35gt-u7dn
5
vulnerability VCID-eygc-ra9u-gyej
6
vulnerability VCID-fzm9-e6bg-r7aw
7
vulnerability VCID-qrwc-3gsb-zkfy
8
vulnerability VCID-th7y-aj51-mbaj
9
vulnerability VCID-tzug-ckkn-dyft
10
vulnerability VCID-wzu6-rbsv-mkde
11
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p6
3
url pkg:composer/magento/community-edition@2.4.8-p1
purl pkg:composer/magento/community-edition@2.4.8-p1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jsp-392b-2fgb
1
vulnerability VCID-cafy-5dd8-rudj
2
vulnerability VCID-ccx1-qacj-2qev
3
vulnerability VCID-cm2a-1yc5-v3cy
4
vulnerability VCID-dj5a-35gt-u7dn
5
vulnerability VCID-eygc-ra9u-gyej
6
vulnerability VCID-qrwc-3gsb-zkfy
7
vulnerability VCID-th7y-aj51-mbaj
8
vulnerability VCID-tzug-ckkn-dyft
9
vulnerability VCID-wzu6-rbsv-mkde
10
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p1
4
url pkg:composer/magento/community-edition@2.4.9-alpha1
purl pkg:composer/magento/community-edition@2.4.9-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jsp-392b-2fgb
1
vulnerability VCID-cafy-5dd8-rudj
2
vulnerability VCID-ccx1-qacj-2qev
3
vulnerability VCID-cm2a-1yc5-v3cy
4
vulnerability VCID-dj5a-35gt-u7dn
5
vulnerability VCID-eygc-ra9u-gyej
6
vulnerability VCID-qrwc-3gsb-zkfy
7
vulnerability VCID-th7y-aj51-mbaj
8
vulnerability VCID-tzug-ckkn-dyft
9
vulnerability VCID-wzu6-rbsv-mkde
10
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha1
aliases CVE-2025-47110, GHSA-j934-vjh5-vf9r
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3g5s-hryc-5qa9
2
url VCID-4dae-vty8-b7hk
vulnerability_id VCID-4dae-vty8-b7hk
summary 
Magento Improper Access Control leads to security feature bypass
Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited write access. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-27206
reference_id
reference_type
scores
0
value 0.00706
scoring_system epss
scoring_elements 0.72543
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-27206
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb25-50.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T18:08:33Z/
url https://helpx.adobe.com/security/products/magento/apsb25-50.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-27206
reference_id CVE-2025-27206
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-27206
4
reference_url https://github.com/advisories/GHSA-g2pj-xmxq-3r9q
reference_id GHSA-g2pj-xmxq-3r9q
reference_type
scores
url https://github.com/advisories/GHSA-g2pj-xmxq-3r9q
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.5-p13
purl pkg:composer/magento/community-edition@2.4.5-p13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jsp-392b-2fgb
1
vulnerability VCID-cafy-5dd8-rudj
2
vulnerability VCID-ccx1-qacj-2qev
3
vulnerability VCID-cm2a-1yc5-v3cy
4
vulnerability VCID-dj5a-35gt-u7dn
5
vulnerability VCID-eygc-ra9u-gyej
6
vulnerability VCID-fzm9-e6bg-r7aw
7
vulnerability VCID-qrwc-3gsb-zkfy
8
vulnerability VCID-th7y-aj51-mbaj
9
vulnerability VCID-tzug-ckkn-dyft
10
vulnerability VCID-wzu6-rbsv-mkde
11
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p13
1
url pkg:composer/magento/community-edition@2.4.6-p11
purl pkg:composer/magento/community-edition@2.4.6-p11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jsp-392b-2fgb
1
vulnerability VCID-cafy-5dd8-rudj
2
vulnerability VCID-ccx1-qacj-2qev
3
vulnerability VCID-cm2a-1yc5-v3cy
4
vulnerability VCID-dj5a-35gt-u7dn
5
vulnerability VCID-eygc-ra9u-gyej
6
vulnerability VCID-fzm9-e6bg-r7aw
7
vulnerability VCID-qrwc-3gsb-zkfy
8
vulnerability VCID-th7y-aj51-mbaj
9
vulnerability VCID-tzug-ckkn-dyft
10
vulnerability VCID-wzu6-rbsv-mkde
11
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p11
2
url pkg:composer/magento/community-edition@2.4.7-p6
purl pkg:composer/magento/community-edition@2.4.7-p6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jsp-392b-2fgb
1
vulnerability VCID-cafy-5dd8-rudj
2
vulnerability VCID-ccx1-qacj-2qev
3
vulnerability VCID-cm2a-1yc5-v3cy
4
vulnerability VCID-dj5a-35gt-u7dn
5
vulnerability VCID-eygc-ra9u-gyej
6
vulnerability VCID-fzm9-e6bg-r7aw
7
vulnerability VCID-qrwc-3gsb-zkfy
8
vulnerability VCID-th7y-aj51-mbaj
9
vulnerability VCID-tzug-ckkn-dyft
10
vulnerability VCID-wzu6-rbsv-mkde
11
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p6
3
url pkg:composer/magento/community-edition@2.4.8-beta1
purl pkg:composer/magento/community-edition@2.4.8-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jsp-392b-2fgb
1
vulnerability VCID-2vsw-t8k2-4bfm
2
vulnerability VCID-3g5s-hryc-5qa9
3
vulnerability VCID-6tx4-wexr-fkbb
4
vulnerability VCID-7s74-rdkp-vyaf
5
vulnerability VCID-8hx4-r8bb-n7ge
6
vulnerability VCID-8ky6-w2nk-9bds
7
vulnerability VCID-8shb-t5zp-rqbu
8
vulnerability VCID-a9b6-tenb-afdw
9
vulnerability VCID-b3cn-pjp3-4yhm
10
vulnerability VCID-cafy-5dd8-rudj
11
vulnerability VCID-ccx1-qacj-2qev
12
vulnerability VCID-cm2a-1yc5-v3cy
13
vulnerability VCID-d6mk-hg8h-7qbc
14
vulnerability VCID-dj5a-35gt-u7dn
15
vulnerability VCID-egy6-nku7-zyap
16
vulnerability VCID-eygc-ra9u-gyej
17
vulnerability VCID-fz5y-um7w-63f4
18
vulnerability VCID-gedj-39p5-ubd6
19
vulnerability VCID-hbau-7tvg-cygz
20
vulnerability VCID-j6ss-8f4e-e7g2
21
vulnerability VCID-jr49-4fs3-8qcp
22
vulnerability VCID-mhvf-2keh-2qar
23
vulnerability VCID-mjb6-7au8-5fdx
24
vulnerability VCID-qp7s-amch-v3cd
25
vulnerability VCID-qrwc-3gsb-zkfy
26
vulnerability VCID-qzqd-271b-ybfj
27
vulnerability VCID-r4bw-w4t9-23ek
28
vulnerability VCID-re84-qg3k-3ub3
29
vulnerability VCID-s4bp-kzfu-8qfy
30
vulnerability VCID-scg7-ugdn-53b9
31
vulnerability VCID-te3b-exz5-zke1
32
vulnerability VCID-th7y-aj51-mbaj
33
vulnerability VCID-tvz9-8s4d-gbg6
34
vulnerability VCID-tzug-ckkn-dyft
35
vulnerability VCID-wzu6-rbsv-mkde
36
vulnerability VCID-xfvu-2zg4-ruf6
37
vulnerability VCID-xsq8-ztqh-ubb8
38
vulnerability VCID-y7x4-664r-3fbk
39
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1
4
url pkg:composer/magento/community-edition@2.4.9-alpha1
purl pkg:composer/magento/community-edition@2.4.9-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jsp-392b-2fgb
1
vulnerability VCID-cafy-5dd8-rudj
2
vulnerability VCID-ccx1-qacj-2qev
3
vulnerability VCID-cm2a-1yc5-v3cy
4
vulnerability VCID-dj5a-35gt-u7dn
5
vulnerability VCID-eygc-ra9u-gyej
6
vulnerability VCID-qrwc-3gsb-zkfy
7
vulnerability VCID-th7y-aj51-mbaj
8
vulnerability VCID-tzug-ckkn-dyft
9
vulnerability VCID-wzu6-rbsv-mkde
10
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha1
aliases CVE-2025-27206, GHSA-g2pj-xmxq-3r9q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4dae-vty8-b7hk
3
url VCID-6p6q-ctya-q3bv
vulnerability_id VCID-6p6q-ctya-q3bv
summary 
Magento Authenticated Security feature bypass
Magento versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized access. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-49549
reference_id
reference_type
scores
0
value 0.00514
scoring_system epss
scoring_elements 0.66971
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-49549
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb25-50.html
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T18:12:28Z/
url https://helpx.adobe.com/security/products/magento/apsb25-50.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-49549
reference_id CVE-2025-49549
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-49549
4
reference_url https://github.com/advisories/GHSA-85jx-x9r4-45m2
reference_id GHSA-85jx-x9r4-45m2
reference_type
scores
url https://github.com/advisories/GHSA-85jx-x9r4-45m2
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.5-p13
purl pkg:composer/magento/community-edition@2.4.5-p13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jsp-392b-2fgb
1
vulnerability VCID-cafy-5dd8-rudj
2
vulnerability VCID-ccx1-qacj-2qev
3
vulnerability VCID-cm2a-1yc5-v3cy
4
vulnerability VCID-dj5a-35gt-u7dn
5
vulnerability VCID-eygc-ra9u-gyej
6
vulnerability VCID-fzm9-e6bg-r7aw
7
vulnerability VCID-qrwc-3gsb-zkfy
8
vulnerability VCID-th7y-aj51-mbaj
9
vulnerability VCID-tzug-ckkn-dyft
10
vulnerability VCID-wzu6-rbsv-mkde
11
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p13
1
url pkg:composer/magento/community-edition@2.4.6-p11
purl pkg:composer/magento/community-edition@2.4.6-p11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jsp-392b-2fgb
1
vulnerability VCID-cafy-5dd8-rudj
2
vulnerability VCID-ccx1-qacj-2qev
3
vulnerability VCID-cm2a-1yc5-v3cy
4
vulnerability VCID-dj5a-35gt-u7dn
5
vulnerability VCID-eygc-ra9u-gyej
6
vulnerability VCID-fzm9-e6bg-r7aw
7
vulnerability VCID-qrwc-3gsb-zkfy
8
vulnerability VCID-th7y-aj51-mbaj
9
vulnerability VCID-tzug-ckkn-dyft
10
vulnerability VCID-wzu6-rbsv-mkde
11
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p11
2
url pkg:composer/magento/community-edition@2.4.7-p6
purl pkg:composer/magento/community-edition@2.4.7-p6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jsp-392b-2fgb
1
vulnerability VCID-cafy-5dd8-rudj
2
vulnerability VCID-ccx1-qacj-2qev
3
vulnerability VCID-cm2a-1yc5-v3cy
4
vulnerability VCID-dj5a-35gt-u7dn
5
vulnerability VCID-eygc-ra9u-gyej
6
vulnerability VCID-fzm9-e6bg-r7aw
7
vulnerability VCID-qrwc-3gsb-zkfy
8
vulnerability VCID-th7y-aj51-mbaj
9
vulnerability VCID-tzug-ckkn-dyft
10
vulnerability VCID-wzu6-rbsv-mkde
11
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p6
3
url pkg:composer/magento/community-edition@2.4.8-beta1
purl pkg:composer/magento/community-edition@2.4.8-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jsp-392b-2fgb
1
vulnerability VCID-2vsw-t8k2-4bfm
2
vulnerability VCID-3g5s-hryc-5qa9
3
vulnerability VCID-6tx4-wexr-fkbb
4
vulnerability VCID-7s74-rdkp-vyaf
5
vulnerability VCID-8hx4-r8bb-n7ge
6
vulnerability VCID-8ky6-w2nk-9bds
7
vulnerability VCID-8shb-t5zp-rqbu
8
vulnerability VCID-a9b6-tenb-afdw
9
vulnerability VCID-b3cn-pjp3-4yhm
10
vulnerability VCID-cafy-5dd8-rudj
11
vulnerability VCID-ccx1-qacj-2qev
12
vulnerability VCID-cm2a-1yc5-v3cy
13
vulnerability VCID-d6mk-hg8h-7qbc
14
vulnerability VCID-dj5a-35gt-u7dn
15
vulnerability VCID-egy6-nku7-zyap
16
vulnerability VCID-eygc-ra9u-gyej
17
vulnerability VCID-fz5y-um7w-63f4
18
vulnerability VCID-gedj-39p5-ubd6
19
vulnerability VCID-hbau-7tvg-cygz
20
vulnerability VCID-j6ss-8f4e-e7g2
21
vulnerability VCID-jr49-4fs3-8qcp
22
vulnerability VCID-mhvf-2keh-2qar
23
vulnerability VCID-mjb6-7au8-5fdx
24
vulnerability VCID-qp7s-amch-v3cd
25
vulnerability VCID-qrwc-3gsb-zkfy
26
vulnerability VCID-qzqd-271b-ybfj
27
vulnerability VCID-r4bw-w4t9-23ek
28
vulnerability VCID-re84-qg3k-3ub3
29
vulnerability VCID-s4bp-kzfu-8qfy
30
vulnerability VCID-scg7-ugdn-53b9
31
vulnerability VCID-te3b-exz5-zke1
32
vulnerability VCID-th7y-aj51-mbaj
33
vulnerability VCID-tvz9-8s4d-gbg6
34
vulnerability VCID-tzug-ckkn-dyft
35
vulnerability VCID-wzu6-rbsv-mkde
36
vulnerability VCID-xfvu-2zg4-ruf6
37
vulnerability VCID-xsq8-ztqh-ubb8
38
vulnerability VCID-y7x4-664r-3fbk
39
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1
4
url pkg:composer/magento/community-edition@2.4.9-alpha1
purl pkg:composer/magento/community-edition@2.4.9-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jsp-392b-2fgb
1
vulnerability VCID-cafy-5dd8-rudj
2
vulnerability VCID-ccx1-qacj-2qev
3
vulnerability VCID-cm2a-1yc5-v3cy
4
vulnerability VCID-dj5a-35gt-u7dn
5
vulnerability VCID-eygc-ra9u-gyej
6
vulnerability VCID-qrwc-3gsb-zkfy
7
vulnerability VCID-th7y-aj51-mbaj
8
vulnerability VCID-tzug-ckkn-dyft
9
vulnerability VCID-wzu6-rbsv-mkde
10
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha1
aliases CVE-2025-49549, GHSA-85jx-x9r4-45m2
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6p6q-ctya-q3bv
4
url VCID-ayfe-5a7g-u7b7
vulnerability_id VCID-ayfe-5a7g-u7b7
summary 
Magento Open Source affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-34102
reference_id
reference_type
scores
0
value 0.94171
scoring_system epss
scoring_elements 0.9992
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-34102
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2024-34102.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2024-34102.yaml
2
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
3
reference_url https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799
4
reference_url https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2
5
reference_url https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c
6
reference_url https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482#diff-84a0773a6287fbbaadf3b9103f4a137fc0b6946de2437ddfd6f60a0722cf8d23
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482#diff-84a0773a6287fbbaadf3b9103f4a137fc0b6946de2437ddfd6f60a0722cf8d23
7
reference_url https://helpx.adobe.com/security/products/magento/apsb24-40.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-07-18T03:55:19Z/
url https://helpx.adobe.com/security/products/magento/apsb24-40.html
8
reference_url https://www.vicarius.io/vsociety/posts/cosmicsting-critical-unauthenticated-xxe-vulnerability-in-adobe-commerce-and-magento-cve-2024-34102
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-07-18T03:55:19Z/
url https://www.vicarius.io/vsociety/posts/cosmicsting-critical-unauthenticated-xxe-vulnerability-in-adobe-commerce-and-magento-cve-2024-34102
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-34102
reference_id CVE-2024-34102
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-34102
10
reference_url https://github.com/advisories/GHSA-m8cj-3v68-3cxj
reference_id GHSA-m8cj-3v68-3cxj
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m8cj-3v68-3cxj
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p9
purl pkg:composer/magento/community-edition@2.4.4-p9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jsp-392b-2fgb
1
vulnerability VCID-3g5s-hryc-5qa9
2
vulnerability VCID-4dae-vty8-b7hk
3
vulnerability VCID-6p6q-ctya-q3bv
4
vulnerability VCID-cafy-5dd8-rudj
5
vulnerability VCID-ccx1-qacj-2qev
6
vulnerability VCID-cm2a-1yc5-v3cy
7
vulnerability VCID-dj5a-35gt-u7dn
8
vulnerability VCID-eygc-ra9u-gyej
9
vulnerability VCID-md7v-w5aq-t7h1
10
vulnerability VCID-qrwc-3gsb-zkfy
11
vulnerability VCID-tc3m-4bkg-qkcf
12
vulnerability VCID-th7y-aj51-mbaj
13
vulnerability VCID-tzug-ckkn-dyft
14
vulnerability VCID-wzu6-rbsv-mkde
15
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p9
1
url pkg:composer/magento/community-edition@2.4.5-p8
purl pkg:composer/magento/community-edition@2.4.5-p8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3zcy-b3th-ukhd
1
vulnerability VCID-5gxr-xksz-5ydb
2
vulnerability VCID-6t9w-cnkz-s3c3
3
vulnerability VCID-7hrm-jtbx-sqgm
4
vulnerability VCID-8msu-s38a-p7e3
5
vulnerability VCID-9cc9-npdc-8bac
6
vulnerability VCID-9vrt-uccb-myev
7
vulnerability VCID-a8gs-ervm-e3hm
8
vulnerability VCID-agtm-nkhp-dkdn
9
vulnerability VCID-b9ry-u6qy-j7cc
10
vulnerability VCID-bkpz-ratd-e7ab
11
vulnerability VCID-cafy-5dd8-rudj
12
vulnerability VCID-cc8x-6es1-8kc5
13
vulnerability VCID-cqjn-3z6n-sff1
14
vulnerability VCID-dj5a-35gt-u7dn
15
vulnerability VCID-dpgz-dacm-sqg6
16
vulnerability VCID-du16-f2wp-t3cw
17
vulnerability VCID-e9zx-zy9y-2fcp
18
vulnerability VCID-kezx-5nw5-hfen
19
vulnerability VCID-kuzc-uv5b-v7an
20
vulnerability VCID-m5z8-hz81-j7b7
21
vulnerability VCID-qj4x-u7gx-9uf1
22
vulnerability VCID-qrwc-3gsb-zkfy
23
vulnerability VCID-shfz-pxan-v3ar
24
vulnerability VCID-th7y-aj51-mbaj
25
vulnerability VCID-y4u6-cy8y-hyae
26
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p8
2
url pkg:composer/magento/community-edition@2.4.6-p6
purl pkg:composer/magento/community-edition@2.4.6-p6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2vsw-t8k2-4bfm
1
vulnerability VCID-3zcy-b3th-ukhd
2
vulnerability VCID-5gxr-xksz-5ydb
3
vulnerability VCID-6t9w-cnkz-s3c3
4
vulnerability VCID-6tx4-wexr-fkbb
5
vulnerability VCID-7hrm-jtbx-sqgm
6
vulnerability VCID-7pr7-uqp1-sugt
7
vulnerability VCID-7s3w-8dn6-jqh7
8
vulnerability VCID-7s74-rdkp-vyaf
9
vulnerability VCID-8hx4-r8bb-n7ge
10
vulnerability VCID-8ky6-w2nk-9bds
11
vulnerability VCID-8msu-s38a-p7e3
12
vulnerability VCID-9cc9-npdc-8bac
13
vulnerability VCID-9vrt-uccb-myev
14
vulnerability VCID-a8gs-ervm-e3hm
15
vulnerability VCID-a9b6-tenb-afdw
16
vulnerability VCID-agtm-nkhp-dkdn
17
vulnerability VCID-b3cn-pjp3-4yhm
18
vulnerability VCID-b9ry-u6qy-j7cc
19
vulnerability VCID-bch8-kq49-skhm
20
vulnerability VCID-bkpz-ratd-e7ab
21
vulnerability VCID-cc8x-6es1-8kc5
22
vulnerability VCID-cqjn-3z6n-sff1
23
vulnerability VCID-d6mk-hg8h-7qbc
24
vulnerability VCID-dpgz-dacm-sqg6
25
vulnerability VCID-du16-f2wp-t3cw
26
vulnerability VCID-e9zx-zy9y-2fcp
27
vulnerability VCID-eahe-s41f-ckc1
28
vulnerability VCID-evth-swm9-k3de
29
vulnerability VCID-fz5y-um7w-63f4
30
vulnerability VCID-gedj-39p5-ubd6
31
vulnerability VCID-gxj9-a1hc-47de
32
vulnerability VCID-hbau-7tvg-cygz
33
vulnerability VCID-jr49-4fs3-8qcp
34
vulnerability VCID-kezx-5nw5-hfen
35
vulnerability VCID-kje4-asu6-dfg2
36
vulnerability VCID-kuzc-uv5b-v7an
37
vulnerability VCID-m5z8-hz81-j7b7
38
vulnerability VCID-mhvf-2keh-2qar
39
vulnerability VCID-mjb6-7au8-5fdx
40
vulnerability VCID-ns8t-vtcn-aqh4
41
vulnerability VCID-qgpx-hgzu-5qgp
42
vulnerability VCID-qj4x-u7gx-9uf1
43
vulnerability VCID-qp7s-amch-v3cd
44
vulnerability VCID-qzqd-271b-ybfj
45
vulnerability VCID-r4bw-w4t9-23ek
46
vulnerability VCID-rduw-apr6-4fdu
47
vulnerability VCID-re84-qg3k-3ub3
48
vulnerability VCID-rxac-w9pd-aqe1
49
vulnerability VCID-s4bp-kzfu-8qfy
50
vulnerability VCID-scg7-ugdn-53b9
51
vulnerability VCID-shfz-pxan-v3ar
52
vulnerability VCID-te3b-exz5-zke1
53
vulnerability VCID-tvz9-8s4d-gbg6
54
vulnerability VCID-txb3-ez5r-r7ek
55
vulnerability VCID-ugyc-gehq-rudu
56
vulnerability VCID-vu36-a1g1-nugt
57
vulnerability VCID-vx13-4b1d-wbgp
58
vulnerability VCID-wvyx-2bbb-9yf7
59
vulnerability VCID-xk5y-7a1w-zba9
60
vulnerability VCID-xsq8-ztqh-ubb8
61
vulnerability VCID-y1v3-9tyq-uqhd
62
vulnerability VCID-y4u6-cy8y-hyae
63
vulnerability VCID-y7x4-664r-3fbk
64
vulnerability VCID-z2v2-n138-6ydv
65
vulnerability VCID-zdpz-8tc2-6kah
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p6
3
url pkg:composer/magento/community-edition@2.4.7-beta1
purl pkg:composer/magento/community-edition@2.4.7-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jsp-392b-2fgb
1
vulnerability VCID-2vsw-t8k2-4bfm
2
vulnerability VCID-3g5s-hryc-5qa9
3
vulnerability VCID-3zcy-b3th-ukhd
4
vulnerability VCID-4dae-vty8-b7hk
5
vulnerability VCID-5gxr-xksz-5ydb
6
vulnerability VCID-6p6q-ctya-q3bv
7
vulnerability VCID-6t9w-cnkz-s3c3
8
vulnerability VCID-6tx4-wexr-fkbb
9
vulnerability VCID-7hrm-jtbx-sqgm
10
vulnerability VCID-7pr7-uqp1-sugt
11
vulnerability VCID-7s3w-8dn6-jqh7
12
vulnerability VCID-7s74-rdkp-vyaf
13
vulnerability VCID-8hx4-r8bb-n7ge
14
vulnerability VCID-8ky6-w2nk-9bds
15
vulnerability VCID-8msu-s38a-p7e3
16
vulnerability VCID-8shb-t5zp-rqbu
17
vulnerability VCID-9cc9-npdc-8bac
18
vulnerability VCID-9vrt-uccb-myev
19
vulnerability VCID-a8gs-ervm-e3hm
20
vulnerability VCID-a9b6-tenb-afdw
21
vulnerability VCID-agtm-nkhp-dkdn
22
vulnerability VCID-b3cn-pjp3-4yhm
23
vulnerability VCID-b4jg-dj1a-9qd5
24
vulnerability VCID-b9ry-u6qy-j7cc
25
vulnerability VCID-bch8-kq49-skhm
26
vulnerability VCID-cafy-5dd8-rudj
27
vulnerability VCID-cc8x-6es1-8kc5
28
vulnerability VCID-ccx1-qacj-2qev
29
vulnerability VCID-cm2a-1yc5-v3cy
30
vulnerability VCID-cqjn-3z6n-sff1
31
vulnerability VCID-d6mk-hg8h-7qbc
32
vulnerability VCID-dj5a-35gt-u7dn
33
vulnerability VCID-dpgz-dacm-sqg6
34
vulnerability VCID-e9zx-zy9y-2fcp
35
vulnerability VCID-eahe-s41f-ckc1
36
vulnerability VCID-egy6-nku7-zyap
37
vulnerability VCID-evth-swm9-k3de
38
vulnerability VCID-eygc-ra9u-gyej
39
vulnerability VCID-fz5y-um7w-63f4
40
vulnerability VCID-gedj-39p5-ubd6
41
vulnerability VCID-gxj9-a1hc-47de
42
vulnerability VCID-hbau-7tvg-cygz
43
vulnerability VCID-j6ss-8f4e-e7g2
44
vulnerability VCID-jr49-4fs3-8qcp
45
vulnerability VCID-kezx-5nw5-hfen
46
vulnerability VCID-kje4-asu6-dfg2
47
vulnerability VCID-kxnm-y19k-mqg2
48
vulnerability VCID-m5z8-hz81-j7b7
49
vulnerability VCID-m83v-51cy-uqar
50
vulnerability VCID-md7v-w5aq-t7h1
51
vulnerability VCID-mhvf-2keh-2qar
52
vulnerability VCID-mjb6-7au8-5fdx
53
vulnerability VCID-ns8t-vtcn-aqh4
54
vulnerability VCID-qfw5-3tdu-x7g4
55
vulnerability VCID-qgpx-hgzu-5qgp
56
vulnerability VCID-qj4x-u7gx-9uf1
57
vulnerability VCID-qp7s-amch-v3cd
58
vulnerability VCID-qrwc-3gsb-zkfy
59
vulnerability VCID-qzqd-271b-ybfj
60
vulnerability VCID-r4bw-w4t9-23ek
61
vulnerability VCID-r7nh-arcj-8fb3
62
vulnerability VCID-rbjk-3gcs-2qb5
63
vulnerability VCID-rduw-apr6-4fdu
64
vulnerability VCID-re84-qg3k-3ub3
65
vulnerability VCID-rf6p-ct86-5bgz
66
vulnerability VCID-ruru-fwmn-5kes
67
vulnerability VCID-rxac-w9pd-aqe1
68
vulnerability VCID-s4bp-kzfu-8qfy
69
vulnerability VCID-s5e2-d6n8-kkbr
70
vulnerability VCID-scg7-ugdn-53b9
71
vulnerability VCID-tc3m-4bkg-qkcf
72
vulnerability VCID-te3b-exz5-zke1
73
vulnerability VCID-th7y-aj51-mbaj
74
vulnerability VCID-tvz9-8s4d-gbg6
75
vulnerability VCID-txb3-ez5r-r7ek
76
vulnerability VCID-tzug-ckkn-dyft
77
vulnerability VCID-ugyc-gehq-rudu
78
vulnerability VCID-vu36-a1g1-nugt
79
vulnerability VCID-vx13-4b1d-wbgp
80
vulnerability VCID-wvyx-2bbb-9yf7
81
vulnerability VCID-wzu6-rbsv-mkde
82
vulnerability VCID-xk5y-7a1w-zba9
83
vulnerability VCID-xsq8-ztqh-ubb8
84
vulnerability VCID-y1v3-9tyq-uqhd
85
vulnerability VCID-y4r1-yr69-uuf6
86
vulnerability VCID-y7x4-664r-3fbk
87
vulnerability VCID-yyq6-dvyx-3bb9
88
vulnerability VCID-z2v2-n138-6ydv
89
vulnerability VCID-zdpz-8tc2-6kah
90
vulnerability VCID-zt9b-9sjx-7qb4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1
aliases CVE-2024-34102, GHSA-m8cj-3v68-3cxj
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ayfe-5a7g-u7b7
5
url VCID-bera-73sm-bbh7
vulnerability_id VCID-bera-73sm-bbh7
summary 
Magento Open Source Incorrect Authorization vulnerability
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to gain unauthorized access or perform actions with the privileges of another user. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-34106
reference_id
reference_type
scores
0
value 0.00654
scoring_system epss
scoring_elements 0.71367
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-34106
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799
3
reference_url https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2
4
reference_url https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c
5
reference_url https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482
6
reference_url https://helpx.adobe.com/security/products/magento/apsb24-40.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-13T16:21:10Z/
url https://helpx.adobe.com/security/products/magento/apsb24-40.html
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-34106
reference_id CVE-2024-34106
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-34106
8
reference_url https://github.com/advisories/GHSA-p6h9-gx5g-wg64
reference_id GHSA-p6h9-gx5g-wg64
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p6h9-gx5g-wg64
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p9
purl pkg:composer/magento/community-edition@2.4.4-p9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jsp-392b-2fgb
1
vulnerability VCID-3g5s-hryc-5qa9
2
vulnerability VCID-4dae-vty8-b7hk
3
vulnerability VCID-6p6q-ctya-q3bv
4
vulnerability VCID-cafy-5dd8-rudj
5
vulnerability VCID-ccx1-qacj-2qev
6
vulnerability VCID-cm2a-1yc5-v3cy
7
vulnerability VCID-dj5a-35gt-u7dn
8
vulnerability VCID-eygc-ra9u-gyej
9
vulnerability VCID-md7v-w5aq-t7h1
10
vulnerability VCID-qrwc-3gsb-zkfy
11
vulnerability VCID-tc3m-4bkg-qkcf
12
vulnerability VCID-th7y-aj51-mbaj
13
vulnerability VCID-tzug-ckkn-dyft
14
vulnerability VCID-wzu6-rbsv-mkde
15
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p9
1
url pkg:composer/magento/community-edition@2.4.5-p8
purl pkg:composer/magento/community-edition@2.4.5-p8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3zcy-b3th-ukhd
1
vulnerability VCID-5gxr-xksz-5ydb
2
vulnerability VCID-6t9w-cnkz-s3c3
3
vulnerability VCID-7hrm-jtbx-sqgm
4
vulnerability VCID-8msu-s38a-p7e3
5
vulnerability VCID-9cc9-npdc-8bac
6
vulnerability VCID-9vrt-uccb-myev
7
vulnerability VCID-a8gs-ervm-e3hm
8
vulnerability VCID-agtm-nkhp-dkdn
9
vulnerability VCID-b9ry-u6qy-j7cc
10
vulnerability VCID-bkpz-ratd-e7ab
11
vulnerability VCID-cafy-5dd8-rudj
12
vulnerability VCID-cc8x-6es1-8kc5
13
vulnerability VCID-cqjn-3z6n-sff1
14
vulnerability VCID-dj5a-35gt-u7dn
15
vulnerability VCID-dpgz-dacm-sqg6
16
vulnerability VCID-du16-f2wp-t3cw
17
vulnerability VCID-e9zx-zy9y-2fcp
18
vulnerability VCID-kezx-5nw5-hfen
19
vulnerability VCID-kuzc-uv5b-v7an
20
vulnerability VCID-m5z8-hz81-j7b7
21
vulnerability VCID-qj4x-u7gx-9uf1
22
vulnerability VCID-qrwc-3gsb-zkfy
23
vulnerability VCID-shfz-pxan-v3ar
24
vulnerability VCID-th7y-aj51-mbaj
25
vulnerability VCID-y4u6-cy8y-hyae
26
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p8
2
url pkg:composer/magento/community-edition@2.4.6-p6
purl pkg:composer/magento/community-edition@2.4.6-p6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2vsw-t8k2-4bfm
1
vulnerability VCID-3zcy-b3th-ukhd
2
vulnerability VCID-5gxr-xksz-5ydb
3
vulnerability VCID-6t9w-cnkz-s3c3
4
vulnerability VCID-6tx4-wexr-fkbb
5
vulnerability VCID-7hrm-jtbx-sqgm
6
vulnerability VCID-7pr7-uqp1-sugt
7
vulnerability VCID-7s3w-8dn6-jqh7
8
vulnerability VCID-7s74-rdkp-vyaf
9
vulnerability VCID-8hx4-r8bb-n7ge
10
vulnerability VCID-8ky6-w2nk-9bds
11
vulnerability VCID-8msu-s38a-p7e3
12
vulnerability VCID-9cc9-npdc-8bac
13
vulnerability VCID-9vrt-uccb-myev
14
vulnerability VCID-a8gs-ervm-e3hm
15
vulnerability VCID-a9b6-tenb-afdw
16
vulnerability VCID-agtm-nkhp-dkdn
17
vulnerability VCID-b3cn-pjp3-4yhm
18
vulnerability VCID-b9ry-u6qy-j7cc
19
vulnerability VCID-bch8-kq49-skhm
20
vulnerability VCID-bkpz-ratd-e7ab
21
vulnerability VCID-cc8x-6es1-8kc5
22
vulnerability VCID-cqjn-3z6n-sff1
23
vulnerability VCID-d6mk-hg8h-7qbc
24
vulnerability VCID-dpgz-dacm-sqg6
25
vulnerability VCID-du16-f2wp-t3cw
26
vulnerability VCID-e9zx-zy9y-2fcp
27
vulnerability VCID-eahe-s41f-ckc1
28
vulnerability VCID-evth-swm9-k3de
29
vulnerability VCID-fz5y-um7w-63f4
30
vulnerability VCID-gedj-39p5-ubd6
31
vulnerability VCID-gxj9-a1hc-47de
32
vulnerability VCID-hbau-7tvg-cygz
33
vulnerability VCID-jr49-4fs3-8qcp
34
vulnerability VCID-kezx-5nw5-hfen
35
vulnerability VCID-kje4-asu6-dfg2
36
vulnerability VCID-kuzc-uv5b-v7an
37
vulnerability VCID-m5z8-hz81-j7b7
38
vulnerability VCID-mhvf-2keh-2qar
39
vulnerability VCID-mjb6-7au8-5fdx
40
vulnerability VCID-ns8t-vtcn-aqh4
41
vulnerability VCID-qgpx-hgzu-5qgp
42
vulnerability VCID-qj4x-u7gx-9uf1
43
vulnerability VCID-qp7s-amch-v3cd
44
vulnerability VCID-qzqd-271b-ybfj
45
vulnerability VCID-r4bw-w4t9-23ek
46
vulnerability VCID-rduw-apr6-4fdu
47
vulnerability VCID-re84-qg3k-3ub3
48
vulnerability VCID-rxac-w9pd-aqe1
49
vulnerability VCID-s4bp-kzfu-8qfy
50
vulnerability VCID-scg7-ugdn-53b9
51
vulnerability VCID-shfz-pxan-v3ar
52
vulnerability VCID-te3b-exz5-zke1
53
vulnerability VCID-tvz9-8s4d-gbg6
54
vulnerability VCID-txb3-ez5r-r7ek
55
vulnerability VCID-ugyc-gehq-rudu
56
vulnerability VCID-vu36-a1g1-nugt
57
vulnerability VCID-vx13-4b1d-wbgp
58
vulnerability VCID-wvyx-2bbb-9yf7
59
vulnerability VCID-xk5y-7a1w-zba9
60
vulnerability VCID-xsq8-ztqh-ubb8
61
vulnerability VCID-y1v3-9tyq-uqhd
62
vulnerability VCID-y4u6-cy8y-hyae
63
vulnerability VCID-y7x4-664r-3fbk
64
vulnerability VCID-z2v2-n138-6ydv
65
vulnerability VCID-zdpz-8tc2-6kah
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p6
3
url pkg:composer/magento/community-edition@2.4.7-beta1
purl pkg:composer/magento/community-edition@2.4.7-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jsp-392b-2fgb
1
vulnerability VCID-2vsw-t8k2-4bfm
2
vulnerability VCID-3g5s-hryc-5qa9
3
vulnerability VCID-3zcy-b3th-ukhd
4
vulnerability VCID-4dae-vty8-b7hk
5
vulnerability VCID-5gxr-xksz-5ydb
6
vulnerability VCID-6p6q-ctya-q3bv
7
vulnerability VCID-6t9w-cnkz-s3c3
8
vulnerability VCID-6tx4-wexr-fkbb
9
vulnerability VCID-7hrm-jtbx-sqgm
10
vulnerability VCID-7pr7-uqp1-sugt
11
vulnerability VCID-7s3w-8dn6-jqh7
12
vulnerability VCID-7s74-rdkp-vyaf
13
vulnerability VCID-8hx4-r8bb-n7ge
14
vulnerability VCID-8ky6-w2nk-9bds
15
vulnerability VCID-8msu-s38a-p7e3
16
vulnerability VCID-8shb-t5zp-rqbu
17
vulnerability VCID-9cc9-npdc-8bac
18
vulnerability VCID-9vrt-uccb-myev
19
vulnerability VCID-a8gs-ervm-e3hm
20
vulnerability VCID-a9b6-tenb-afdw
21
vulnerability VCID-agtm-nkhp-dkdn
22
vulnerability VCID-b3cn-pjp3-4yhm
23
vulnerability VCID-b4jg-dj1a-9qd5
24
vulnerability VCID-b9ry-u6qy-j7cc
25
vulnerability VCID-bch8-kq49-skhm
26
vulnerability VCID-cafy-5dd8-rudj
27
vulnerability VCID-cc8x-6es1-8kc5
28
vulnerability VCID-ccx1-qacj-2qev
29
vulnerability VCID-cm2a-1yc5-v3cy
30
vulnerability VCID-cqjn-3z6n-sff1
31
vulnerability VCID-d6mk-hg8h-7qbc
32
vulnerability VCID-dj5a-35gt-u7dn
33
vulnerability VCID-dpgz-dacm-sqg6
34
vulnerability VCID-e9zx-zy9y-2fcp
35
vulnerability VCID-eahe-s41f-ckc1
36
vulnerability VCID-egy6-nku7-zyap
37
vulnerability VCID-evth-swm9-k3de
38
vulnerability VCID-eygc-ra9u-gyej
39
vulnerability VCID-fz5y-um7w-63f4
40
vulnerability VCID-gedj-39p5-ubd6
41
vulnerability VCID-gxj9-a1hc-47de
42
vulnerability VCID-hbau-7tvg-cygz
43
vulnerability VCID-j6ss-8f4e-e7g2
44
vulnerability VCID-jr49-4fs3-8qcp
45
vulnerability VCID-kezx-5nw5-hfen
46
vulnerability VCID-kje4-asu6-dfg2
47
vulnerability VCID-kxnm-y19k-mqg2
48
vulnerability VCID-m5z8-hz81-j7b7
49
vulnerability VCID-m83v-51cy-uqar
50
vulnerability VCID-md7v-w5aq-t7h1
51
vulnerability VCID-mhvf-2keh-2qar
52
vulnerability VCID-mjb6-7au8-5fdx
53
vulnerability VCID-ns8t-vtcn-aqh4
54
vulnerability VCID-qfw5-3tdu-x7g4
55
vulnerability VCID-qgpx-hgzu-5qgp
56
vulnerability VCID-qj4x-u7gx-9uf1
57
vulnerability VCID-qp7s-amch-v3cd
58
vulnerability VCID-qrwc-3gsb-zkfy
59
vulnerability VCID-qzqd-271b-ybfj
60
vulnerability VCID-r4bw-w4t9-23ek
61
vulnerability VCID-r7nh-arcj-8fb3
62
vulnerability VCID-rbjk-3gcs-2qb5
63
vulnerability VCID-rduw-apr6-4fdu
64
vulnerability VCID-re84-qg3k-3ub3
65
vulnerability VCID-rf6p-ct86-5bgz
66
vulnerability VCID-ruru-fwmn-5kes
67
vulnerability VCID-rxac-w9pd-aqe1
68
vulnerability VCID-s4bp-kzfu-8qfy
69
vulnerability VCID-s5e2-d6n8-kkbr
70
vulnerability VCID-scg7-ugdn-53b9
71
vulnerability VCID-tc3m-4bkg-qkcf
72
vulnerability VCID-te3b-exz5-zke1
73
vulnerability VCID-th7y-aj51-mbaj
74
vulnerability VCID-tvz9-8s4d-gbg6
75
vulnerability VCID-txb3-ez5r-r7ek
76
vulnerability VCID-tzug-ckkn-dyft
77
vulnerability VCID-ugyc-gehq-rudu
78
vulnerability VCID-vu36-a1g1-nugt
79
vulnerability VCID-vx13-4b1d-wbgp
80
vulnerability VCID-wvyx-2bbb-9yf7
81
vulnerability VCID-wzu6-rbsv-mkde
82
vulnerability VCID-xk5y-7a1w-zba9
83
vulnerability VCID-xsq8-ztqh-ubb8
84
vulnerability VCID-y1v3-9tyq-uqhd
85
vulnerability VCID-y4r1-yr69-uuf6
86
vulnerability VCID-y7x4-664r-3fbk
87
vulnerability VCID-yyq6-dvyx-3bb9
88
vulnerability VCID-z2v2-n138-6ydv
89
vulnerability VCID-zdpz-8tc2-6kah
90
vulnerability VCID-zt9b-9sjx-7qb4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1
aliases CVE-2024-34106, GHSA-p6h9-gx5g-wg64
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bera-73sm-bbh7
6
url VCID-bzyh-c5tm-j7dn
vulnerability_id VCID-bzyh-c5tm-j7dn
summary 
Magento Open Source Cross-Site Scripting (XSS) vulnerability
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-34105
reference_id
reference_type
scores
0
value 0.01961
scoring_system epss
scoring_elements 0.83856
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-34105
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799
3
reference_url https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2
4
reference_url https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c
5
reference_url https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482
6
reference_url https://helpx.adobe.com/security/products/magento/apsb24-40.html
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-13T16:04:12Z/
url https://helpx.adobe.com/security/products/magento/apsb24-40.html
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-34105
reference_id CVE-2024-34105
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-34105
8
reference_url https://github.com/advisories/GHSA-5632-wq7m-gfq9
reference_id GHSA-5632-wq7m-gfq9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5632-wq7m-gfq9
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p9
purl pkg:composer/magento/community-edition@2.4.4-p9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jsp-392b-2fgb
1
vulnerability VCID-3g5s-hryc-5qa9
2
vulnerability VCID-4dae-vty8-b7hk
3
vulnerability VCID-6p6q-ctya-q3bv
4
vulnerability VCID-cafy-5dd8-rudj
5
vulnerability VCID-ccx1-qacj-2qev
6
vulnerability VCID-cm2a-1yc5-v3cy
7
vulnerability VCID-dj5a-35gt-u7dn
8
vulnerability VCID-eygc-ra9u-gyej
9
vulnerability VCID-md7v-w5aq-t7h1
10
vulnerability VCID-qrwc-3gsb-zkfy
11
vulnerability VCID-tc3m-4bkg-qkcf
12
vulnerability VCID-th7y-aj51-mbaj
13
vulnerability VCID-tzug-ckkn-dyft
14
vulnerability VCID-wzu6-rbsv-mkde
15
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p9
1
url pkg:composer/magento/community-edition@2.4.5-p8
purl pkg:composer/magento/community-edition@2.4.5-p8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3zcy-b3th-ukhd
1
vulnerability VCID-5gxr-xksz-5ydb
2
vulnerability VCID-6t9w-cnkz-s3c3
3
vulnerability VCID-7hrm-jtbx-sqgm
4
vulnerability VCID-8msu-s38a-p7e3
5
vulnerability VCID-9cc9-npdc-8bac
6
vulnerability VCID-9vrt-uccb-myev
7
vulnerability VCID-a8gs-ervm-e3hm
8
vulnerability VCID-agtm-nkhp-dkdn
9
vulnerability VCID-b9ry-u6qy-j7cc
10
vulnerability VCID-bkpz-ratd-e7ab
11
vulnerability VCID-cafy-5dd8-rudj
12
vulnerability VCID-cc8x-6es1-8kc5
13
vulnerability VCID-cqjn-3z6n-sff1
14
vulnerability VCID-dj5a-35gt-u7dn
15
vulnerability VCID-dpgz-dacm-sqg6
16
vulnerability VCID-du16-f2wp-t3cw
17
vulnerability VCID-e9zx-zy9y-2fcp
18
vulnerability VCID-kezx-5nw5-hfen
19
vulnerability VCID-kuzc-uv5b-v7an
20
vulnerability VCID-m5z8-hz81-j7b7
21
vulnerability VCID-qj4x-u7gx-9uf1
22
vulnerability VCID-qrwc-3gsb-zkfy
23
vulnerability VCID-shfz-pxan-v3ar
24
vulnerability VCID-th7y-aj51-mbaj
25
vulnerability VCID-y4u6-cy8y-hyae
26
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p8
2
url pkg:composer/magento/community-edition@2.4.6-p6
purl pkg:composer/magento/community-edition@2.4.6-p6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2vsw-t8k2-4bfm
1
vulnerability VCID-3zcy-b3th-ukhd
2
vulnerability VCID-5gxr-xksz-5ydb
3
vulnerability VCID-6t9w-cnkz-s3c3
4
vulnerability VCID-6tx4-wexr-fkbb
5
vulnerability VCID-7hrm-jtbx-sqgm
6
vulnerability VCID-7pr7-uqp1-sugt
7
vulnerability VCID-7s3w-8dn6-jqh7
8
vulnerability VCID-7s74-rdkp-vyaf
9
vulnerability VCID-8hx4-r8bb-n7ge
10
vulnerability VCID-8ky6-w2nk-9bds
11
vulnerability VCID-8msu-s38a-p7e3
12
vulnerability VCID-9cc9-npdc-8bac
13
vulnerability VCID-9vrt-uccb-myev
14
vulnerability VCID-a8gs-ervm-e3hm
15
vulnerability VCID-a9b6-tenb-afdw
16
vulnerability VCID-agtm-nkhp-dkdn
17
vulnerability VCID-b3cn-pjp3-4yhm
18
vulnerability VCID-b9ry-u6qy-j7cc
19
vulnerability VCID-bch8-kq49-skhm
20
vulnerability VCID-bkpz-ratd-e7ab
21
vulnerability VCID-cc8x-6es1-8kc5
22
vulnerability VCID-cqjn-3z6n-sff1
23
vulnerability VCID-d6mk-hg8h-7qbc
24
vulnerability VCID-dpgz-dacm-sqg6
25
vulnerability VCID-du16-f2wp-t3cw
26
vulnerability VCID-e9zx-zy9y-2fcp
27
vulnerability VCID-eahe-s41f-ckc1
28
vulnerability VCID-evth-swm9-k3de
29
vulnerability VCID-fz5y-um7w-63f4
30
vulnerability VCID-gedj-39p5-ubd6
31
vulnerability VCID-gxj9-a1hc-47de
32
vulnerability VCID-hbau-7tvg-cygz
33
vulnerability VCID-jr49-4fs3-8qcp
34
vulnerability VCID-kezx-5nw5-hfen
35
vulnerability VCID-kje4-asu6-dfg2
36
vulnerability VCID-kuzc-uv5b-v7an
37
vulnerability VCID-m5z8-hz81-j7b7
38
vulnerability VCID-mhvf-2keh-2qar
39
vulnerability VCID-mjb6-7au8-5fdx
40
vulnerability VCID-ns8t-vtcn-aqh4
41
vulnerability VCID-qgpx-hgzu-5qgp
42
vulnerability VCID-qj4x-u7gx-9uf1
43
vulnerability VCID-qp7s-amch-v3cd
44
vulnerability VCID-qzqd-271b-ybfj
45
vulnerability VCID-r4bw-w4t9-23ek
46
vulnerability VCID-rduw-apr6-4fdu
47
vulnerability VCID-re84-qg3k-3ub3
48
vulnerability VCID-rxac-w9pd-aqe1
49
vulnerability VCID-s4bp-kzfu-8qfy
50
vulnerability VCID-scg7-ugdn-53b9
51
vulnerability VCID-shfz-pxan-v3ar
52
vulnerability VCID-te3b-exz5-zke1
53
vulnerability VCID-tvz9-8s4d-gbg6
54
vulnerability VCID-txb3-ez5r-r7ek
55
vulnerability VCID-ugyc-gehq-rudu
56
vulnerability VCID-vu36-a1g1-nugt
57
vulnerability VCID-vx13-4b1d-wbgp
58
vulnerability VCID-wvyx-2bbb-9yf7
59
vulnerability VCID-xk5y-7a1w-zba9
60
vulnerability VCID-xsq8-ztqh-ubb8
61
vulnerability VCID-y1v3-9tyq-uqhd
62
vulnerability VCID-y4u6-cy8y-hyae
63
vulnerability VCID-y7x4-664r-3fbk
64
vulnerability VCID-z2v2-n138-6ydv
65
vulnerability VCID-zdpz-8tc2-6kah
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p6
3
url pkg:composer/magento/community-edition@2.4.7-beta1
purl pkg:composer/magento/community-edition@2.4.7-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jsp-392b-2fgb
1
vulnerability VCID-2vsw-t8k2-4bfm
2
vulnerability VCID-3g5s-hryc-5qa9
3
vulnerability VCID-3zcy-b3th-ukhd
4
vulnerability VCID-4dae-vty8-b7hk
5
vulnerability VCID-5gxr-xksz-5ydb
6
vulnerability VCID-6p6q-ctya-q3bv
7
vulnerability VCID-6t9w-cnkz-s3c3
8
vulnerability VCID-6tx4-wexr-fkbb
9
vulnerability VCID-7hrm-jtbx-sqgm
10
vulnerability VCID-7pr7-uqp1-sugt
11
vulnerability VCID-7s3w-8dn6-jqh7
12
vulnerability VCID-7s74-rdkp-vyaf
13
vulnerability VCID-8hx4-r8bb-n7ge
14
vulnerability VCID-8ky6-w2nk-9bds
15
vulnerability VCID-8msu-s38a-p7e3
16
vulnerability VCID-8shb-t5zp-rqbu
17
vulnerability VCID-9cc9-npdc-8bac
18
vulnerability VCID-9vrt-uccb-myev
19
vulnerability VCID-a8gs-ervm-e3hm
20
vulnerability VCID-a9b6-tenb-afdw
21
vulnerability VCID-agtm-nkhp-dkdn
22
vulnerability VCID-b3cn-pjp3-4yhm
23
vulnerability VCID-b4jg-dj1a-9qd5
24
vulnerability VCID-b9ry-u6qy-j7cc
25
vulnerability VCID-bch8-kq49-skhm
26
vulnerability VCID-cafy-5dd8-rudj
27
vulnerability VCID-cc8x-6es1-8kc5
28
vulnerability VCID-ccx1-qacj-2qev
29
vulnerability VCID-cm2a-1yc5-v3cy
30
vulnerability VCID-cqjn-3z6n-sff1
31
vulnerability VCID-d6mk-hg8h-7qbc
32
vulnerability VCID-dj5a-35gt-u7dn
33
vulnerability VCID-dpgz-dacm-sqg6
34
vulnerability VCID-e9zx-zy9y-2fcp
35
vulnerability VCID-eahe-s41f-ckc1
36
vulnerability VCID-egy6-nku7-zyap
37
vulnerability VCID-evth-swm9-k3de
38
vulnerability VCID-eygc-ra9u-gyej
39
vulnerability VCID-fz5y-um7w-63f4
40
vulnerability VCID-gedj-39p5-ubd6
41
vulnerability VCID-gxj9-a1hc-47de
42
vulnerability VCID-hbau-7tvg-cygz
43
vulnerability VCID-j6ss-8f4e-e7g2
44
vulnerability VCID-jr49-4fs3-8qcp
45
vulnerability VCID-kezx-5nw5-hfen
46
vulnerability VCID-kje4-asu6-dfg2
47
vulnerability VCID-kxnm-y19k-mqg2
48
vulnerability VCID-m5z8-hz81-j7b7
49
vulnerability VCID-m83v-51cy-uqar
50
vulnerability VCID-md7v-w5aq-t7h1
51
vulnerability VCID-mhvf-2keh-2qar
52
vulnerability VCID-mjb6-7au8-5fdx
53
vulnerability VCID-ns8t-vtcn-aqh4
54
vulnerability VCID-qfw5-3tdu-x7g4
55
vulnerability VCID-qgpx-hgzu-5qgp
56
vulnerability VCID-qj4x-u7gx-9uf1
57
vulnerability VCID-qp7s-amch-v3cd
58
vulnerability VCID-qrwc-3gsb-zkfy
59
vulnerability VCID-qzqd-271b-ybfj
60
vulnerability VCID-r4bw-w4t9-23ek
61
vulnerability VCID-r7nh-arcj-8fb3
62
vulnerability VCID-rbjk-3gcs-2qb5
63
vulnerability VCID-rduw-apr6-4fdu
64
vulnerability VCID-re84-qg3k-3ub3
65
vulnerability VCID-rf6p-ct86-5bgz
66
vulnerability VCID-ruru-fwmn-5kes
67
vulnerability VCID-rxac-w9pd-aqe1
68
vulnerability VCID-s4bp-kzfu-8qfy
69
vulnerability VCID-s5e2-d6n8-kkbr
70
vulnerability VCID-scg7-ugdn-53b9
71
vulnerability VCID-tc3m-4bkg-qkcf
72
vulnerability VCID-te3b-exz5-zke1
73
vulnerability VCID-th7y-aj51-mbaj
74
vulnerability VCID-tvz9-8s4d-gbg6
75
vulnerability VCID-txb3-ez5r-r7ek
76
vulnerability VCID-tzug-ckkn-dyft
77
vulnerability VCID-ugyc-gehq-rudu
78
vulnerability VCID-vu36-a1g1-nugt
79
vulnerability VCID-vx13-4b1d-wbgp
80
vulnerability VCID-wvyx-2bbb-9yf7
81
vulnerability VCID-wzu6-rbsv-mkde
82
vulnerability VCID-xk5y-7a1w-zba9
83
vulnerability VCID-xsq8-ztqh-ubb8
84
vulnerability VCID-y1v3-9tyq-uqhd
85
vulnerability VCID-y4r1-yr69-uuf6
86
vulnerability VCID-y7x4-664r-3fbk
87
vulnerability VCID-yyq6-dvyx-3bb9
88
vulnerability VCID-z2v2-n138-6ydv
89
vulnerability VCID-zdpz-8tc2-6kah
90
vulnerability VCID-zt9b-9sjx-7qb4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1
aliases CVE-2024-34105, GHSA-5632-wq7m-gfq9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bzyh-c5tm-j7dn
7
url VCID-cafy-5dd8-rudj
vulnerability_id VCID-cafy-5dd8-rudj
summary 
Magento allows incorrect authorization
Magento versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-54265
reference_id
reference_type
scores
0
value 0.00113
scoring_system epss
scoring_elements 0.29548
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-54265
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb25-94.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T20:35:42Z/
url https://helpx.adobe.com/security/products/magento/apsb25-94.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-54265
reference_id CVE-2025-54265
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-54265
4
reference_url https://github.com/advisories/GHSA-r355-75hw-r8jf
reference_id GHSA-r355-75hw-r8jf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r355-75hw-r8jf
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.6-p13
purl pkg:composer/magento/community-edition@2.4.6-p13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p13
1
url pkg:composer/magento/community-edition@2.4.7-p8
purl pkg:composer/magento/community-edition@2.4.7-p8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p8
2
url pkg:composer/magento/community-edition@2.4.8-p3
purl pkg:composer/magento/community-edition@2.4.8-p3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p3
3
url pkg:composer/magento/community-edition@2.4.9-alpha3
purl pkg:composer/magento/community-edition@2.4.9-alpha3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha3
aliases CVE-2025-54265, GHSA-r355-75hw-r8jf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cafy-5dd8-rudj
8
url VCID-ccx1-qacj-2qev
vulnerability_id VCID-ccx1-qacj-2qev
summary 
Magento Community Edition Improper Input Validation vulnerability
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact to high. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-54236
reference_id
reference_type
scores
0
value 0.72152
scoring_system epss
scoring_elements 0.98771
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-54236
1
reference_url https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397
2
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
3
reference_url https://helpx.adobe.com/security/products/magento/apsb25-88.html
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-24T14:08:30Z/
url https://helpx.adobe.com/security/products/magento/apsb25-88.html
4
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-54236
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-54236
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-54236
reference_id CVE-2025-54236
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-54236
6
reference_url https://nullsecurityx.codes/cve-2025-54236-sessionreaper-unauthenticated-rce-in-magento
reference_id CVE-2025-54236-SESSIONREAPER-UNAUTHENTICATED-RCE-IN-MAGENTO
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nullsecurityx.codes/cve-2025-54236-sessionreaper-unauthenticated-rce-in-magento
7
reference_url https://github.com/advisories/GHSA-wh92-6q6g-px7j
reference_id GHSA-wh92-6q6g-px7j
reference_type
scores
url https://github.com/advisories/GHSA-wh92-6q6g-px7j
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.5-p2
purl pkg:composer/magento/community-edition@2.4.5-p2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2h52-3pt6-dfcw
1
vulnerability VCID-3et4-3zad-1qfn
2
vulnerability VCID-3zcy-b3th-ukhd
3
vulnerability VCID-525q-afzj-tkcp
4
vulnerability VCID-5gxr-xksz-5ydb
5
vulnerability VCID-6t9w-cnkz-s3c3
6
vulnerability VCID-7hrm-jtbx-sqgm
7
vulnerability VCID-7s7e-adr6-h3dc
8
vulnerability VCID-8msu-s38a-p7e3
9
vulnerability VCID-9cc9-npdc-8bac
10
vulnerability VCID-9vrt-uccb-myev
11
vulnerability VCID-a8gs-ervm-e3hm
12
vulnerability VCID-agtm-nkhp-dkdn
13
vulnerability VCID-ayfe-5a7g-u7b7
14
vulnerability VCID-az2w-5xhy-5fe4
15
vulnerability VCID-b4jg-dj1a-9qd5
16
vulnerability VCID-b9ry-u6qy-j7cc
17
vulnerability VCID-bera-73sm-bbh7
18
vulnerability VCID-bkpz-ratd-e7ab
19
vulnerability VCID-bzyh-c5tm-j7dn
20
vulnerability VCID-cafy-5dd8-rudj
21
vulnerability VCID-cc8x-6es1-8kc5
22
vulnerability VCID-cgwk-hn4t-n7c1
23
vulnerability VCID-cqjn-3z6n-sff1
24
vulnerability VCID-dj5a-35gt-u7dn
25
vulnerability VCID-dpgz-dacm-sqg6
26
vulnerability VCID-du16-f2wp-t3cw
27
vulnerability VCID-dur2-pfke-h7hf
28
vulnerability VCID-dx43-89w9-a7dg
29
vulnerability VCID-e7zd-dn28-4bf1
30
vulnerability VCID-e9zx-zy9y-2fcp
31
vulnerability VCID-fzam-yuyg-qyd5
32
vulnerability VCID-hfbb-ax6r-tbaz
33
vulnerability VCID-j124-q39m-mkby
34
vulnerability VCID-j5vp-2jrx-ukf4
35
vulnerability VCID-jhd5-tqph-3ufu
36
vulnerability VCID-kezx-5nw5-hfen
37
vulnerability VCID-kq4m-anrt-rugn
38
vulnerability VCID-kuzc-uv5b-v7an
39
vulnerability VCID-kxnm-y19k-mqg2
40
vulnerability VCID-m5z8-hz81-j7b7
41
vulnerability VCID-m83v-51cy-uqar
42
vulnerability VCID-msac-ptqf-pyg1
43
vulnerability VCID-mtr5-suag-2bdj
44
vulnerability VCID-p222-28c1-vfhy
45
vulnerability VCID-qfw5-3tdu-x7g4
46
vulnerability VCID-qj4x-u7gx-9uf1
47
vulnerability VCID-qrwc-3gsb-zkfy
48
vulnerability VCID-r7nh-arcj-8fb3
49
vulnerability VCID-rbjk-3gcs-2qb5
50
vulnerability VCID-rf6p-ct86-5bgz
51
vulnerability VCID-ruru-fwmn-5kes
52
vulnerability VCID-s5e2-d6n8-kkbr
53
vulnerability VCID-shfz-pxan-v3ar
54
vulnerability VCID-th7y-aj51-mbaj
55
vulnerability VCID-w3zd-fezc-nuhd
56
vulnerability VCID-wjfe-wh5k-1qft
57
vulnerability VCID-ws6y-k3tx-r3gb
58
vulnerability VCID-x46d-a16g-nkg9
59
vulnerability VCID-y4r1-yr69-uuf6
60
vulnerability VCID-y4u6-cy8y-hyae
61
vulnerability VCID-yuvf-e7hk-kqf9
62
vulnerability VCID-yyq6-dvyx-3bb9
63
vulnerability VCID-zt9b-9sjx-7qb4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p2
1
url pkg:composer/magento/community-edition@2.4.6-p2
purl pkg:composer/magento/community-edition@2.4.6-p2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2vsw-t8k2-4bfm
1
vulnerability VCID-3zcy-b3th-ukhd
2
vulnerability VCID-5gxr-xksz-5ydb
3
vulnerability VCID-6t9w-cnkz-s3c3
4
vulnerability VCID-6tx4-wexr-fkbb
5
vulnerability VCID-7hrm-jtbx-sqgm
6
vulnerability VCID-7pr7-uqp1-sugt
7
vulnerability VCID-7s3w-8dn6-jqh7
8
vulnerability VCID-7s74-rdkp-vyaf
9
vulnerability VCID-8hx4-r8bb-n7ge
10
vulnerability VCID-8ky6-w2nk-9bds
11
vulnerability VCID-8msu-s38a-p7e3
12
vulnerability VCID-9cc9-npdc-8bac
13
vulnerability VCID-9vrt-uccb-myev
14
vulnerability VCID-a8gs-ervm-e3hm
15
vulnerability VCID-a9b6-tenb-afdw
16
vulnerability VCID-agtm-nkhp-dkdn
17
vulnerability VCID-ayfe-5a7g-u7b7
18
vulnerability VCID-b3cn-pjp3-4yhm
19
vulnerability VCID-b4jg-dj1a-9qd5
20
vulnerability VCID-b9ry-u6qy-j7cc
21
vulnerability VCID-bch8-kq49-skhm
22
vulnerability VCID-bera-73sm-bbh7
23
vulnerability VCID-bkpz-ratd-e7ab
24
vulnerability VCID-bzyh-c5tm-j7dn
25
vulnerability VCID-cc8x-6es1-8kc5
26
vulnerability VCID-cqjn-3z6n-sff1
27
vulnerability VCID-d6mk-hg8h-7qbc
28
vulnerability VCID-dpgz-dacm-sqg6
29
vulnerability VCID-du16-f2wp-t3cw
30
vulnerability VCID-dur2-pfke-h7hf
31
vulnerability VCID-e7zd-dn28-4bf1
32
vulnerability VCID-e9zx-zy9y-2fcp
33
vulnerability VCID-eahe-s41f-ckc1
34
vulnerability VCID-evth-swm9-k3de
35
vulnerability VCID-fz5y-um7w-63f4
36
vulnerability VCID-gedj-39p5-ubd6
37
vulnerability VCID-gxj9-a1hc-47de
38
vulnerability VCID-hbau-7tvg-cygz
39
vulnerability VCID-hfbb-ax6r-tbaz
40
vulnerability VCID-j124-q39m-mkby
41
vulnerability VCID-j5vp-2jrx-ukf4
42
vulnerability VCID-jr49-4fs3-8qcp
43
vulnerability VCID-kezx-5nw5-hfen
44
vulnerability VCID-kje4-asu6-dfg2
45
vulnerability VCID-kq4m-anrt-rugn
46
vulnerability VCID-kuzc-uv5b-v7an
47
vulnerability VCID-kxnm-y19k-mqg2
48
vulnerability VCID-m5z8-hz81-j7b7
49
vulnerability VCID-m83v-51cy-uqar
50
vulnerability VCID-mhvf-2keh-2qar
51
vulnerability VCID-mjb6-7au8-5fdx
52
vulnerability VCID-msac-ptqf-pyg1
53
vulnerability VCID-ns8t-vtcn-aqh4
54
vulnerability VCID-p222-28c1-vfhy
55
vulnerability VCID-qfw5-3tdu-x7g4
56
vulnerability VCID-qgpx-hgzu-5qgp
57
vulnerability VCID-qj4x-u7gx-9uf1
58
vulnerability VCID-qp7s-amch-v3cd
59
vulnerability VCID-qzqd-271b-ybfj
60
vulnerability VCID-r4bw-w4t9-23ek
61
vulnerability VCID-r7nh-arcj-8fb3
62
vulnerability VCID-rbjk-3gcs-2qb5
63
vulnerability VCID-rduw-apr6-4fdu
64
vulnerability VCID-re84-qg3k-3ub3
65
vulnerability VCID-rf6p-ct86-5bgz
66
vulnerability VCID-ruru-fwmn-5kes
67
vulnerability VCID-rxac-w9pd-aqe1
68
vulnerability VCID-s4bp-kzfu-8qfy
69
vulnerability VCID-s5e2-d6n8-kkbr
70
vulnerability VCID-scg7-ugdn-53b9
71
vulnerability VCID-shfz-pxan-v3ar
72
vulnerability VCID-te3b-exz5-zke1
73
vulnerability VCID-tvz9-8s4d-gbg6
74
vulnerability VCID-txb3-ez5r-r7ek
75
vulnerability VCID-ugyc-gehq-rudu
76
vulnerability VCID-vu36-a1g1-nugt
77
vulnerability VCID-vx13-4b1d-wbgp
78
vulnerability VCID-wvyx-2bbb-9yf7
79
vulnerability VCID-xk5y-7a1w-zba9
80
vulnerability VCID-xsq8-ztqh-ubb8
81
vulnerability VCID-y1v3-9tyq-uqhd
82
vulnerability VCID-y4r1-yr69-uuf6
83
vulnerability VCID-y4u6-cy8y-hyae
84
vulnerability VCID-y7x4-664r-3fbk
85
vulnerability VCID-z2v2-n138-6ydv
86
vulnerability VCID-zdpz-8tc2-6kah
87
vulnerability VCID-zt9b-9sjx-7qb4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p2
aliases CVE-2025-54236, GHSA-wh92-6q6g-px7j
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ccx1-qacj-2qev
9
url VCID-cm2a-1yc5-v3cy
vulnerability_id VCID-cm2a-1yc5-v3cy
summary 
Magento has incorrect authorization issue that leads to arbitrary file system read
Magento versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction, and scope is unchanged.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-49556
reference_id
reference_type
scores
0
value 0.00265
scoring_system epss
scoring_elements 0.50269
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-49556
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb25-71.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-13T14:18:25Z/
url https://helpx.adobe.com/security/products/magento/apsb25-71.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-49556
reference_id CVE-2025-49556
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-49556
4
reference_url https://github.com/advisories/GHSA-7hrj-3c9x-xv5h
reference_id GHSA-7hrj-3c9x-xv5h
reference_type
scores
url https://github.com/advisories/GHSA-7hrj-3c9x-xv5h
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.5-p14
purl pkg:composer/magento/community-edition@2.4.5-p14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cafy-5dd8-rudj
1
vulnerability VCID-ccx1-qacj-2qev
2
vulnerability VCID-dj5a-35gt-u7dn
3
vulnerability VCID-qrwc-3gsb-zkfy
4
vulnerability VCID-th7y-aj51-mbaj
5
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p14
1
url pkg:composer/magento/community-edition@2.4.6-p12
purl pkg:composer/magento/community-edition@2.4.6-p12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cafy-5dd8-rudj
1
vulnerability VCID-ccx1-qacj-2qev
2
vulnerability VCID-dj5a-35gt-u7dn
3
vulnerability VCID-qrwc-3gsb-zkfy
4
vulnerability VCID-th7y-aj51-mbaj
5
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p12
2
url pkg:composer/magento/community-edition@2.4.7-p7
purl pkg:composer/magento/community-edition@2.4.7-p7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cafy-5dd8-rudj
1
vulnerability VCID-ccx1-qacj-2qev
2
vulnerability VCID-dj5a-35gt-u7dn
3
vulnerability VCID-qrwc-3gsb-zkfy
4
vulnerability VCID-th7y-aj51-mbaj
5
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p7
3
url pkg:composer/magento/community-edition@2.4.8-p2
purl pkg:composer/magento/community-edition@2.4.8-p2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cafy-5dd8-rudj
1
vulnerability VCID-ccx1-qacj-2qev
2
vulnerability VCID-dj5a-35gt-u7dn
3
vulnerability VCID-qrwc-3gsb-zkfy
4
vulnerability VCID-th7y-aj51-mbaj
5
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p2
4
url pkg:composer/magento/community-edition@2.4.9-alpha2
purl pkg:composer/magento/community-edition@2.4.9-alpha2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cafy-5dd8-rudj
1
vulnerability VCID-ccx1-qacj-2qev
2
vulnerability VCID-dj5a-35gt-u7dn
3
vulnerability VCID-qrwc-3gsb-zkfy
4
vulnerability VCID-th7y-aj51-mbaj
5
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha2
aliases CVE-2025-49556, GHSA-7hrj-3c9x-xv5h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cm2a-1yc5-v3cy
10
url VCID-dj5a-35gt-u7dn
vulnerability_id VCID-dj5a-35gt-u7dn
summary 
Magento vulnerable to privilege escalation due to incorrect authorization
Magento versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to elevated privileges that increase integrity impact to high. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-54267
reference_id
reference_type
scores
0
value 0.00065
scoring_system epss
scoring_elements 0.20523
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-54267
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb25-94.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-16T03:56:04Z/
url https://helpx.adobe.com/security/products/magento/apsb25-94.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-54267
reference_id CVE-2025-54267
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-54267
4
reference_url https://github.com/advisories/GHSA-qvwr-p3hj-j6jf
reference_id GHSA-qvwr-p3hj-j6jf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qvwr-p3hj-j6jf
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.6-p13
purl pkg:composer/magento/community-edition@2.4.6-p13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p13
1
url pkg:composer/magento/community-edition@2.4.7-p8
purl pkg:composer/magento/community-edition@2.4.7-p8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p8
2
url pkg:composer/magento/community-edition@2.4.8-p3
purl pkg:composer/magento/community-edition@2.4.8-p3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p3
3
url pkg:composer/magento/community-edition@2.4.9-alpha3
purl pkg:composer/magento/community-edition@2.4.9-alpha3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha3
aliases CVE-2025-54267, GHSA-qvwr-p3hj-j6jf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dj5a-35gt-u7dn
11
url VCID-dur2-pfke-h7hf
vulnerability_id VCID-dur2-pfke-h7hf
summary 
Magento Open Source Improper Access Control vulnerability
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-34107
reference_id
reference_type
scores
0
value 0.00729
scoring_system epss
scoring_elements 0.73067
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-34107
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799
3
reference_url https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2
4
reference_url https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c
5
reference_url https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482
6
reference_url https://helpx.adobe.com/security/products/magento/apsb24-40.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-06-14T13:30:50Z/
url https://helpx.adobe.com/security/products/magento/apsb24-40.html
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-34107
reference_id CVE-2024-34107
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-34107
8
reference_url https://github.com/advisories/GHSA-r7cm-g469-wm4g
reference_id GHSA-r7cm-g469-wm4g
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r7cm-g469-wm4g
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p9
purl pkg:composer/magento/community-edition@2.4.4-p9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jsp-392b-2fgb
1
vulnerability VCID-3g5s-hryc-5qa9
2
vulnerability VCID-4dae-vty8-b7hk
3
vulnerability VCID-6p6q-ctya-q3bv
4
vulnerability VCID-cafy-5dd8-rudj
5
vulnerability VCID-ccx1-qacj-2qev
6
vulnerability VCID-cm2a-1yc5-v3cy
7
vulnerability VCID-dj5a-35gt-u7dn
8
vulnerability VCID-eygc-ra9u-gyej
9
vulnerability VCID-md7v-w5aq-t7h1
10
vulnerability VCID-qrwc-3gsb-zkfy
11
vulnerability VCID-tc3m-4bkg-qkcf
12
vulnerability VCID-th7y-aj51-mbaj
13
vulnerability VCID-tzug-ckkn-dyft
14
vulnerability VCID-wzu6-rbsv-mkde
15
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p9
1
url pkg:composer/magento/community-edition@2.4.5-p8
purl pkg:composer/magento/community-edition@2.4.5-p8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3zcy-b3th-ukhd
1
vulnerability VCID-5gxr-xksz-5ydb
2
vulnerability VCID-6t9w-cnkz-s3c3
3
vulnerability VCID-7hrm-jtbx-sqgm
4
vulnerability VCID-8msu-s38a-p7e3
5
vulnerability VCID-9cc9-npdc-8bac
6
vulnerability VCID-9vrt-uccb-myev
7
vulnerability VCID-a8gs-ervm-e3hm
8
vulnerability VCID-agtm-nkhp-dkdn
9
vulnerability VCID-b9ry-u6qy-j7cc
10
vulnerability VCID-bkpz-ratd-e7ab
11
vulnerability VCID-cafy-5dd8-rudj
12
vulnerability VCID-cc8x-6es1-8kc5
13
vulnerability VCID-cqjn-3z6n-sff1
14
vulnerability VCID-dj5a-35gt-u7dn
15
vulnerability VCID-dpgz-dacm-sqg6
16
vulnerability VCID-du16-f2wp-t3cw
17
vulnerability VCID-e9zx-zy9y-2fcp
18
vulnerability VCID-kezx-5nw5-hfen
19
vulnerability VCID-kuzc-uv5b-v7an
20
vulnerability VCID-m5z8-hz81-j7b7
21
vulnerability VCID-qj4x-u7gx-9uf1
22
vulnerability VCID-qrwc-3gsb-zkfy
23
vulnerability VCID-shfz-pxan-v3ar
24
vulnerability VCID-th7y-aj51-mbaj
25
vulnerability VCID-y4u6-cy8y-hyae
26
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p8
2
url pkg:composer/magento/community-edition@2.4.6-p6
purl pkg:composer/magento/community-edition@2.4.6-p6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2vsw-t8k2-4bfm
1
vulnerability VCID-3zcy-b3th-ukhd
2
vulnerability VCID-5gxr-xksz-5ydb
3
vulnerability VCID-6t9w-cnkz-s3c3
4
vulnerability VCID-6tx4-wexr-fkbb
5
vulnerability VCID-7hrm-jtbx-sqgm
6
vulnerability VCID-7pr7-uqp1-sugt
7
vulnerability VCID-7s3w-8dn6-jqh7
8
vulnerability VCID-7s74-rdkp-vyaf
9
vulnerability VCID-8hx4-r8bb-n7ge
10
vulnerability VCID-8ky6-w2nk-9bds
11
vulnerability VCID-8msu-s38a-p7e3
12
vulnerability VCID-9cc9-npdc-8bac
13
vulnerability VCID-9vrt-uccb-myev
14
vulnerability VCID-a8gs-ervm-e3hm
15
vulnerability VCID-a9b6-tenb-afdw
16
vulnerability VCID-agtm-nkhp-dkdn
17
vulnerability VCID-b3cn-pjp3-4yhm
18
vulnerability VCID-b9ry-u6qy-j7cc
19
vulnerability VCID-bch8-kq49-skhm
20
vulnerability VCID-bkpz-ratd-e7ab
21
vulnerability VCID-cc8x-6es1-8kc5
22
vulnerability VCID-cqjn-3z6n-sff1
23
vulnerability VCID-d6mk-hg8h-7qbc
24
vulnerability VCID-dpgz-dacm-sqg6
25
vulnerability VCID-du16-f2wp-t3cw
26
vulnerability VCID-e9zx-zy9y-2fcp
27
vulnerability VCID-eahe-s41f-ckc1
28
vulnerability VCID-evth-swm9-k3de
29
vulnerability VCID-fz5y-um7w-63f4
30
vulnerability VCID-gedj-39p5-ubd6
31
vulnerability VCID-gxj9-a1hc-47de
32
vulnerability VCID-hbau-7tvg-cygz
33
vulnerability VCID-jr49-4fs3-8qcp
34
vulnerability VCID-kezx-5nw5-hfen
35
vulnerability VCID-kje4-asu6-dfg2
36
vulnerability VCID-kuzc-uv5b-v7an
37
vulnerability VCID-m5z8-hz81-j7b7
38
vulnerability VCID-mhvf-2keh-2qar
39
vulnerability VCID-mjb6-7au8-5fdx
40
vulnerability VCID-ns8t-vtcn-aqh4
41
vulnerability VCID-qgpx-hgzu-5qgp
42
vulnerability VCID-qj4x-u7gx-9uf1
43
vulnerability VCID-qp7s-amch-v3cd
44
vulnerability VCID-qzqd-271b-ybfj
45
vulnerability VCID-r4bw-w4t9-23ek
46
vulnerability VCID-rduw-apr6-4fdu
47
vulnerability VCID-re84-qg3k-3ub3
48
vulnerability VCID-rxac-w9pd-aqe1
49
vulnerability VCID-s4bp-kzfu-8qfy
50
vulnerability VCID-scg7-ugdn-53b9
51
vulnerability VCID-shfz-pxan-v3ar
52
vulnerability VCID-te3b-exz5-zke1
53
vulnerability VCID-tvz9-8s4d-gbg6
54
vulnerability VCID-txb3-ez5r-r7ek
55
vulnerability VCID-ugyc-gehq-rudu
56
vulnerability VCID-vu36-a1g1-nugt
57
vulnerability VCID-vx13-4b1d-wbgp
58
vulnerability VCID-wvyx-2bbb-9yf7
59
vulnerability VCID-xk5y-7a1w-zba9
60
vulnerability VCID-xsq8-ztqh-ubb8
61
vulnerability VCID-y1v3-9tyq-uqhd
62
vulnerability VCID-y4u6-cy8y-hyae
63
vulnerability VCID-y7x4-664r-3fbk
64
vulnerability VCID-z2v2-n138-6ydv
65
vulnerability VCID-zdpz-8tc2-6kah
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p6
3
url pkg:composer/magento/community-edition@2.4.7-beta1
purl pkg:composer/magento/community-edition@2.4.7-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jsp-392b-2fgb
1
vulnerability VCID-2vsw-t8k2-4bfm
2
vulnerability VCID-3g5s-hryc-5qa9
3
vulnerability VCID-3zcy-b3th-ukhd
4
vulnerability VCID-4dae-vty8-b7hk
5
vulnerability VCID-5gxr-xksz-5ydb
6
vulnerability VCID-6p6q-ctya-q3bv
7
vulnerability VCID-6t9w-cnkz-s3c3
8
vulnerability VCID-6tx4-wexr-fkbb
9
vulnerability VCID-7hrm-jtbx-sqgm
10
vulnerability VCID-7pr7-uqp1-sugt
11
vulnerability VCID-7s3w-8dn6-jqh7
12
vulnerability VCID-7s74-rdkp-vyaf
13
vulnerability VCID-8hx4-r8bb-n7ge
14
vulnerability VCID-8ky6-w2nk-9bds
15
vulnerability VCID-8msu-s38a-p7e3
16
vulnerability VCID-8shb-t5zp-rqbu
17
vulnerability VCID-9cc9-npdc-8bac
18
vulnerability VCID-9vrt-uccb-myev
19
vulnerability VCID-a8gs-ervm-e3hm
20
vulnerability VCID-a9b6-tenb-afdw
21
vulnerability VCID-agtm-nkhp-dkdn
22
vulnerability VCID-b3cn-pjp3-4yhm
23
vulnerability VCID-b4jg-dj1a-9qd5
24
vulnerability VCID-b9ry-u6qy-j7cc
25
vulnerability VCID-bch8-kq49-skhm
26
vulnerability VCID-cafy-5dd8-rudj
27
vulnerability VCID-cc8x-6es1-8kc5
28
vulnerability VCID-ccx1-qacj-2qev
29
vulnerability VCID-cm2a-1yc5-v3cy
30
vulnerability VCID-cqjn-3z6n-sff1
31
vulnerability VCID-d6mk-hg8h-7qbc
32
vulnerability VCID-dj5a-35gt-u7dn
33
vulnerability VCID-dpgz-dacm-sqg6
34
vulnerability VCID-e9zx-zy9y-2fcp
35
vulnerability VCID-eahe-s41f-ckc1
36
vulnerability VCID-egy6-nku7-zyap
37
vulnerability VCID-evth-swm9-k3de
38
vulnerability VCID-eygc-ra9u-gyej
39
vulnerability VCID-fz5y-um7w-63f4
40
vulnerability VCID-gedj-39p5-ubd6
41
vulnerability VCID-gxj9-a1hc-47de
42
vulnerability VCID-hbau-7tvg-cygz
43
vulnerability VCID-j6ss-8f4e-e7g2
44
vulnerability VCID-jr49-4fs3-8qcp
45
vulnerability VCID-kezx-5nw5-hfen
46
vulnerability VCID-kje4-asu6-dfg2
47
vulnerability VCID-kxnm-y19k-mqg2
48
vulnerability VCID-m5z8-hz81-j7b7
49
vulnerability VCID-m83v-51cy-uqar
50
vulnerability VCID-md7v-w5aq-t7h1
51
vulnerability VCID-mhvf-2keh-2qar
52
vulnerability VCID-mjb6-7au8-5fdx
53
vulnerability VCID-ns8t-vtcn-aqh4
54
vulnerability VCID-qfw5-3tdu-x7g4
55
vulnerability VCID-qgpx-hgzu-5qgp
56
vulnerability VCID-qj4x-u7gx-9uf1
57
vulnerability VCID-qp7s-amch-v3cd
58
vulnerability VCID-qrwc-3gsb-zkfy
59
vulnerability VCID-qzqd-271b-ybfj
60
vulnerability VCID-r4bw-w4t9-23ek
61
vulnerability VCID-r7nh-arcj-8fb3
62
vulnerability VCID-rbjk-3gcs-2qb5
63
vulnerability VCID-rduw-apr6-4fdu
64
vulnerability VCID-re84-qg3k-3ub3
65
vulnerability VCID-rf6p-ct86-5bgz
66
vulnerability VCID-ruru-fwmn-5kes
67
vulnerability VCID-rxac-w9pd-aqe1
68
vulnerability VCID-s4bp-kzfu-8qfy
69
vulnerability VCID-s5e2-d6n8-kkbr
70
vulnerability VCID-scg7-ugdn-53b9
71
vulnerability VCID-tc3m-4bkg-qkcf
72
vulnerability VCID-te3b-exz5-zke1
73
vulnerability VCID-th7y-aj51-mbaj
74
vulnerability VCID-tvz9-8s4d-gbg6
75
vulnerability VCID-txb3-ez5r-r7ek
76
vulnerability VCID-tzug-ckkn-dyft
77
vulnerability VCID-ugyc-gehq-rudu
78
vulnerability VCID-vu36-a1g1-nugt
79
vulnerability VCID-vx13-4b1d-wbgp
80
vulnerability VCID-wvyx-2bbb-9yf7
81
vulnerability VCID-wzu6-rbsv-mkde
82
vulnerability VCID-xk5y-7a1w-zba9
83
vulnerability VCID-xsq8-ztqh-ubb8
84
vulnerability VCID-y1v3-9tyq-uqhd
85
vulnerability VCID-y4r1-yr69-uuf6
86
vulnerability VCID-y7x4-664r-3fbk
87
vulnerability VCID-yyq6-dvyx-3bb9
88
vulnerability VCID-z2v2-n138-6ydv
89
vulnerability VCID-zdpz-8tc2-6kah
90
vulnerability VCID-zt9b-9sjx-7qb4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1
aliases CVE-2024-34107, GHSA-r7cm-g469-wm4g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dur2-pfke-h7hf
12
url VCID-e7zd-dn28-4bf1
vulnerability_id VCID-e7zd-dn28-4bf1
summary 
Magento Open Source Improper Authentication vulnerability
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction, but attack complexity is high.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-34103
reference_id
reference_type
scores
0
value 0.01824
scoring_system epss
scoring_elements 0.83255
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-34103
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799
3
reference_url https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2
4
reference_url https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c
5
reference_url https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482
6
reference_url https://helpx.adobe.com/security/products/magento/apsb24-40.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-14T03:55:29Z/
url https://helpx.adobe.com/security/products/magento/apsb24-40.html
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-34103
reference_id CVE-2024-34103
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-34103
8
reference_url https://github.com/advisories/GHSA-f7q4-9gwv-6774
reference_id GHSA-f7q4-9gwv-6774
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f7q4-9gwv-6774
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p9
purl pkg:composer/magento/community-edition@2.4.4-p9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jsp-392b-2fgb
1
vulnerability VCID-3g5s-hryc-5qa9
2
vulnerability VCID-4dae-vty8-b7hk
3
vulnerability VCID-6p6q-ctya-q3bv
4
vulnerability VCID-cafy-5dd8-rudj
5
vulnerability VCID-ccx1-qacj-2qev
6
vulnerability VCID-cm2a-1yc5-v3cy
7
vulnerability VCID-dj5a-35gt-u7dn
8
vulnerability VCID-eygc-ra9u-gyej
9
vulnerability VCID-md7v-w5aq-t7h1
10
vulnerability VCID-qrwc-3gsb-zkfy
11
vulnerability VCID-tc3m-4bkg-qkcf
12
vulnerability VCID-th7y-aj51-mbaj
13
vulnerability VCID-tzug-ckkn-dyft
14
vulnerability VCID-wzu6-rbsv-mkde
15
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p9
1
url pkg:composer/magento/community-edition@2.4.5-p8
purl pkg:composer/magento/community-edition@2.4.5-p8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3zcy-b3th-ukhd
1
vulnerability VCID-5gxr-xksz-5ydb
2
vulnerability VCID-6t9w-cnkz-s3c3
3
vulnerability VCID-7hrm-jtbx-sqgm
4
vulnerability VCID-8msu-s38a-p7e3
5
vulnerability VCID-9cc9-npdc-8bac
6
vulnerability VCID-9vrt-uccb-myev
7
vulnerability VCID-a8gs-ervm-e3hm
8
vulnerability VCID-agtm-nkhp-dkdn
9
vulnerability VCID-b9ry-u6qy-j7cc
10
vulnerability VCID-bkpz-ratd-e7ab
11
vulnerability VCID-cafy-5dd8-rudj
12
vulnerability VCID-cc8x-6es1-8kc5
13
vulnerability VCID-cqjn-3z6n-sff1
14
vulnerability VCID-dj5a-35gt-u7dn
15
vulnerability VCID-dpgz-dacm-sqg6
16
vulnerability VCID-du16-f2wp-t3cw
17
vulnerability VCID-e9zx-zy9y-2fcp
18
vulnerability VCID-kezx-5nw5-hfen
19
vulnerability VCID-kuzc-uv5b-v7an
20
vulnerability VCID-m5z8-hz81-j7b7
21
vulnerability VCID-qj4x-u7gx-9uf1
22
vulnerability VCID-qrwc-3gsb-zkfy
23
vulnerability VCID-shfz-pxan-v3ar
24
vulnerability VCID-th7y-aj51-mbaj
25
vulnerability VCID-y4u6-cy8y-hyae
26
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p8
2
url pkg:composer/magento/community-edition@2.4.6-p6
purl pkg:composer/magento/community-edition@2.4.6-p6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2vsw-t8k2-4bfm
1
vulnerability VCID-3zcy-b3th-ukhd
2
vulnerability VCID-5gxr-xksz-5ydb
3
vulnerability VCID-6t9w-cnkz-s3c3
4
vulnerability VCID-6tx4-wexr-fkbb
5
vulnerability VCID-7hrm-jtbx-sqgm
6
vulnerability VCID-7pr7-uqp1-sugt
7
vulnerability VCID-7s3w-8dn6-jqh7
8
vulnerability VCID-7s74-rdkp-vyaf
9
vulnerability VCID-8hx4-r8bb-n7ge
10
vulnerability VCID-8ky6-w2nk-9bds
11
vulnerability VCID-8msu-s38a-p7e3
12
vulnerability VCID-9cc9-npdc-8bac
13
vulnerability VCID-9vrt-uccb-myev
14
vulnerability VCID-a8gs-ervm-e3hm
15
vulnerability VCID-a9b6-tenb-afdw
16
vulnerability VCID-agtm-nkhp-dkdn
17
vulnerability VCID-b3cn-pjp3-4yhm
18
vulnerability VCID-b9ry-u6qy-j7cc
19
vulnerability VCID-bch8-kq49-skhm
20
vulnerability VCID-bkpz-ratd-e7ab
21
vulnerability VCID-cc8x-6es1-8kc5
22
vulnerability VCID-cqjn-3z6n-sff1
23
vulnerability VCID-d6mk-hg8h-7qbc
24
vulnerability VCID-dpgz-dacm-sqg6
25
vulnerability VCID-du16-f2wp-t3cw
26
vulnerability VCID-e9zx-zy9y-2fcp
27
vulnerability VCID-eahe-s41f-ckc1
28
vulnerability VCID-evth-swm9-k3de
29
vulnerability VCID-fz5y-um7w-63f4
30
vulnerability VCID-gedj-39p5-ubd6
31
vulnerability VCID-gxj9-a1hc-47de
32
vulnerability VCID-hbau-7tvg-cygz
33
vulnerability VCID-jr49-4fs3-8qcp
34
vulnerability VCID-kezx-5nw5-hfen
35
vulnerability VCID-kje4-asu6-dfg2
36
vulnerability VCID-kuzc-uv5b-v7an
37
vulnerability VCID-m5z8-hz81-j7b7
38
vulnerability VCID-mhvf-2keh-2qar
39
vulnerability VCID-mjb6-7au8-5fdx
40
vulnerability VCID-ns8t-vtcn-aqh4
41
vulnerability VCID-qgpx-hgzu-5qgp
42
vulnerability VCID-qj4x-u7gx-9uf1
43
vulnerability VCID-qp7s-amch-v3cd
44
vulnerability VCID-qzqd-271b-ybfj
45
vulnerability VCID-r4bw-w4t9-23ek
46
vulnerability VCID-rduw-apr6-4fdu
47
vulnerability VCID-re84-qg3k-3ub3
48
vulnerability VCID-rxac-w9pd-aqe1
49
vulnerability VCID-s4bp-kzfu-8qfy
50
vulnerability VCID-scg7-ugdn-53b9
51
vulnerability VCID-shfz-pxan-v3ar
52
vulnerability VCID-te3b-exz5-zke1
53
vulnerability VCID-tvz9-8s4d-gbg6
54
vulnerability VCID-txb3-ez5r-r7ek
55
vulnerability VCID-ugyc-gehq-rudu
56
vulnerability VCID-vu36-a1g1-nugt
57
vulnerability VCID-vx13-4b1d-wbgp
58
vulnerability VCID-wvyx-2bbb-9yf7
59
vulnerability VCID-xk5y-7a1w-zba9
60
vulnerability VCID-xsq8-ztqh-ubb8
61
vulnerability VCID-y1v3-9tyq-uqhd
62
vulnerability VCID-y4u6-cy8y-hyae
63
vulnerability VCID-y7x4-664r-3fbk
64
vulnerability VCID-z2v2-n138-6ydv
65
vulnerability VCID-zdpz-8tc2-6kah
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p6
3
url pkg:composer/magento/community-edition@2.4.7-beta1
purl pkg:composer/magento/community-edition@2.4.7-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jsp-392b-2fgb
1
vulnerability VCID-2vsw-t8k2-4bfm
2
vulnerability VCID-3g5s-hryc-5qa9
3
vulnerability VCID-3zcy-b3th-ukhd
4
vulnerability VCID-4dae-vty8-b7hk
5
vulnerability VCID-5gxr-xksz-5ydb
6
vulnerability VCID-6p6q-ctya-q3bv
7
vulnerability VCID-6t9w-cnkz-s3c3
8
vulnerability VCID-6tx4-wexr-fkbb
9
vulnerability VCID-7hrm-jtbx-sqgm
10
vulnerability VCID-7pr7-uqp1-sugt
11
vulnerability VCID-7s3w-8dn6-jqh7
12
vulnerability VCID-7s74-rdkp-vyaf
13
vulnerability VCID-8hx4-r8bb-n7ge
14
vulnerability VCID-8ky6-w2nk-9bds
15
vulnerability VCID-8msu-s38a-p7e3
16
vulnerability VCID-8shb-t5zp-rqbu
17
vulnerability VCID-9cc9-npdc-8bac
18
vulnerability VCID-9vrt-uccb-myev
19
vulnerability VCID-a8gs-ervm-e3hm
20
vulnerability VCID-a9b6-tenb-afdw
21
vulnerability VCID-agtm-nkhp-dkdn
22
vulnerability VCID-b3cn-pjp3-4yhm
23
vulnerability VCID-b4jg-dj1a-9qd5
24
vulnerability VCID-b9ry-u6qy-j7cc
25
vulnerability VCID-bch8-kq49-skhm
26
vulnerability VCID-cafy-5dd8-rudj
27
vulnerability VCID-cc8x-6es1-8kc5
28
vulnerability VCID-ccx1-qacj-2qev
29
vulnerability VCID-cm2a-1yc5-v3cy
30
vulnerability VCID-cqjn-3z6n-sff1
31
vulnerability VCID-d6mk-hg8h-7qbc
32
vulnerability VCID-dj5a-35gt-u7dn
33
vulnerability VCID-dpgz-dacm-sqg6
34
vulnerability VCID-e9zx-zy9y-2fcp
35
vulnerability VCID-eahe-s41f-ckc1
36
vulnerability VCID-egy6-nku7-zyap
37
vulnerability VCID-evth-swm9-k3de
38
vulnerability VCID-eygc-ra9u-gyej
39
vulnerability VCID-fz5y-um7w-63f4
40
vulnerability VCID-gedj-39p5-ubd6
41
vulnerability VCID-gxj9-a1hc-47de
42
vulnerability VCID-hbau-7tvg-cygz
43
vulnerability VCID-j6ss-8f4e-e7g2
44
vulnerability VCID-jr49-4fs3-8qcp
45
vulnerability VCID-kezx-5nw5-hfen
46
vulnerability VCID-kje4-asu6-dfg2
47
vulnerability VCID-kxnm-y19k-mqg2
48
vulnerability VCID-m5z8-hz81-j7b7
49
vulnerability VCID-m83v-51cy-uqar
50
vulnerability VCID-md7v-w5aq-t7h1
51
vulnerability VCID-mhvf-2keh-2qar
52
vulnerability VCID-mjb6-7au8-5fdx
53
vulnerability VCID-ns8t-vtcn-aqh4
54
vulnerability VCID-qfw5-3tdu-x7g4
55
vulnerability VCID-qgpx-hgzu-5qgp
56
vulnerability VCID-qj4x-u7gx-9uf1
57
vulnerability VCID-qp7s-amch-v3cd
58
vulnerability VCID-qrwc-3gsb-zkfy
59
vulnerability VCID-qzqd-271b-ybfj
60
vulnerability VCID-r4bw-w4t9-23ek
61
vulnerability VCID-r7nh-arcj-8fb3
62
vulnerability VCID-rbjk-3gcs-2qb5
63
vulnerability VCID-rduw-apr6-4fdu
64
vulnerability VCID-re84-qg3k-3ub3
65
vulnerability VCID-rf6p-ct86-5bgz
66
vulnerability VCID-ruru-fwmn-5kes
67
vulnerability VCID-rxac-w9pd-aqe1
68
vulnerability VCID-s4bp-kzfu-8qfy
69
vulnerability VCID-s5e2-d6n8-kkbr
70
vulnerability VCID-scg7-ugdn-53b9
71
vulnerability VCID-tc3m-4bkg-qkcf
72
vulnerability VCID-te3b-exz5-zke1
73
vulnerability VCID-th7y-aj51-mbaj
74
vulnerability VCID-tvz9-8s4d-gbg6
75
vulnerability VCID-txb3-ez5r-r7ek
76
vulnerability VCID-tzug-ckkn-dyft
77
vulnerability VCID-ugyc-gehq-rudu
78
vulnerability VCID-vu36-a1g1-nugt
79
vulnerability VCID-vx13-4b1d-wbgp
80
vulnerability VCID-wvyx-2bbb-9yf7
81
vulnerability VCID-wzu6-rbsv-mkde
82
vulnerability VCID-xk5y-7a1w-zba9
83
vulnerability VCID-xsq8-ztqh-ubb8
84
vulnerability VCID-y1v3-9tyq-uqhd
85
vulnerability VCID-y4r1-yr69-uuf6
86
vulnerability VCID-y7x4-664r-3fbk
87
vulnerability VCID-yyq6-dvyx-3bb9
88
vulnerability VCID-z2v2-n138-6ydv
89
vulnerability VCID-zdpz-8tc2-6kah
90
vulnerability VCID-zt9b-9sjx-7qb4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1
aliases CVE-2024-34103, GHSA-f7q4-9gwv-6774
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e7zd-dn28-4bf1
13
url VCID-eygc-ra9u-gyej
vulnerability_id VCID-eygc-ra9u-gyej
summary 
Magento Cross-Site Request Forgery (CSRF) vulnerability
Magento versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in privilege escalation. A high-privileged attacker could trick a victim into executing unintended actions on a web application where the victim is authenticated, potentially allowing unauthorized access or modification of sensitive data. Exploitation of this issue requires user interaction in that a victim must visit a malicious website or click on a crafted link. Scope is changed.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-49555
reference_id
reference_type
scores
0
value 0.00112
scoring_system epss
scoring_elements 0.2931
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-49555
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb25-71.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-13T15:04:10Z/
url https://helpx.adobe.com/security/products/magento/apsb25-71.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-49555
reference_id CVE-2025-49555
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-49555
4
reference_url https://github.com/advisories/GHSA-5777-jj7p-mpqw
reference_id GHSA-5777-jj7p-mpqw
reference_type
scores
url https://github.com/advisories/GHSA-5777-jj7p-mpqw
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.5-p14
purl pkg:composer/magento/community-edition@2.4.5-p14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cafy-5dd8-rudj
1
vulnerability VCID-ccx1-qacj-2qev
2
vulnerability VCID-dj5a-35gt-u7dn
3
vulnerability VCID-qrwc-3gsb-zkfy
4
vulnerability VCID-th7y-aj51-mbaj
5
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p14
1
url pkg:composer/magento/community-edition@2.4.6-p12
purl pkg:composer/magento/community-edition@2.4.6-p12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cafy-5dd8-rudj
1
vulnerability VCID-ccx1-qacj-2qev
2
vulnerability VCID-dj5a-35gt-u7dn
3
vulnerability VCID-qrwc-3gsb-zkfy
4
vulnerability VCID-th7y-aj51-mbaj
5
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p12
2
url pkg:composer/magento/community-edition@2.4.7-p7
purl pkg:composer/magento/community-edition@2.4.7-p7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cafy-5dd8-rudj
1
vulnerability VCID-ccx1-qacj-2qev
2
vulnerability VCID-dj5a-35gt-u7dn
3
vulnerability VCID-qrwc-3gsb-zkfy
4
vulnerability VCID-th7y-aj51-mbaj
5
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p7
3
url pkg:composer/magento/community-edition@2.4.8-p2
purl pkg:composer/magento/community-edition@2.4.8-p2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cafy-5dd8-rudj
1
vulnerability VCID-ccx1-qacj-2qev
2
vulnerability VCID-dj5a-35gt-u7dn
3
vulnerability VCID-qrwc-3gsb-zkfy
4
vulnerability VCID-th7y-aj51-mbaj
5
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p2
4
url pkg:composer/magento/community-edition@2.4.9-alpha2
purl pkg:composer/magento/community-edition@2.4.9-alpha2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cafy-5dd8-rudj
1
vulnerability VCID-ccx1-qacj-2qev
2
vulnerability VCID-dj5a-35gt-u7dn
3
vulnerability VCID-qrwc-3gsb-zkfy
4
vulnerability VCID-th7y-aj51-mbaj
5
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha2
aliases CVE-2025-49555, GHSA-5777-jj7p-mpqw
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eygc-ra9u-gyej
14
url VCID-hfbb-ax6r-tbaz
vulnerability_id VCID-hfbb-ax6r-tbaz
summary 
Magento Open Source Server-Side Request Forgery (SSRF) vulnerability
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted request to the server, which could then cause the server to execute arbitrary code. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-34111
reference_id
reference_type
scores
0
value 0.00759
scoring_system epss
scoring_elements 0.73715
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-34111
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799
3
reference_url https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2
4
reference_url https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c
5
reference_url https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482
6
reference_url https://helpx.adobe.com/security/products/magento/apsb24-40.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-13T21:18:03Z/
url https://helpx.adobe.com/security/products/magento/apsb24-40.html
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-34111
reference_id CVE-2024-34111
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-34111
8
reference_url https://github.com/advisories/GHSA-jmqp-r3gg-6jh3
reference_id GHSA-jmqp-r3gg-6jh3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jmqp-r3gg-6jh3
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p9
purl pkg:composer/magento/community-edition@2.4.4-p9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jsp-392b-2fgb
1
vulnerability VCID-3g5s-hryc-5qa9
2
vulnerability VCID-4dae-vty8-b7hk
3
vulnerability VCID-6p6q-ctya-q3bv
4
vulnerability VCID-cafy-5dd8-rudj
5
vulnerability VCID-ccx1-qacj-2qev
6
vulnerability VCID-cm2a-1yc5-v3cy
7
vulnerability VCID-dj5a-35gt-u7dn
8
vulnerability VCID-eygc-ra9u-gyej
9
vulnerability VCID-md7v-w5aq-t7h1
10
vulnerability VCID-qrwc-3gsb-zkfy
11
vulnerability VCID-tc3m-4bkg-qkcf
12
vulnerability VCID-th7y-aj51-mbaj
13
vulnerability VCID-tzug-ckkn-dyft
14
vulnerability VCID-wzu6-rbsv-mkde
15
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p9
1
url pkg:composer/magento/community-edition@2.4.5-p8
purl pkg:composer/magento/community-edition@2.4.5-p8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3zcy-b3th-ukhd
1
vulnerability VCID-5gxr-xksz-5ydb
2
vulnerability VCID-6t9w-cnkz-s3c3
3
vulnerability VCID-7hrm-jtbx-sqgm
4
vulnerability VCID-8msu-s38a-p7e3
5
vulnerability VCID-9cc9-npdc-8bac
6
vulnerability VCID-9vrt-uccb-myev
7
vulnerability VCID-a8gs-ervm-e3hm
8
vulnerability VCID-agtm-nkhp-dkdn
9
vulnerability VCID-b9ry-u6qy-j7cc
10
vulnerability VCID-bkpz-ratd-e7ab
11
vulnerability VCID-cafy-5dd8-rudj
12
vulnerability VCID-cc8x-6es1-8kc5
13
vulnerability VCID-cqjn-3z6n-sff1
14
vulnerability VCID-dj5a-35gt-u7dn
15
vulnerability VCID-dpgz-dacm-sqg6
16
vulnerability VCID-du16-f2wp-t3cw
17
vulnerability VCID-e9zx-zy9y-2fcp
18
vulnerability VCID-kezx-5nw5-hfen
19
vulnerability VCID-kuzc-uv5b-v7an
20
vulnerability VCID-m5z8-hz81-j7b7
21
vulnerability VCID-qj4x-u7gx-9uf1
22
vulnerability VCID-qrwc-3gsb-zkfy
23
vulnerability VCID-shfz-pxan-v3ar
24
vulnerability VCID-th7y-aj51-mbaj
25
vulnerability VCID-y4u6-cy8y-hyae
26
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p8
2
url pkg:composer/magento/community-edition@2.4.6-p6
purl pkg:composer/magento/community-edition@2.4.6-p6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2vsw-t8k2-4bfm
1
vulnerability VCID-3zcy-b3th-ukhd
2
vulnerability VCID-5gxr-xksz-5ydb
3
vulnerability VCID-6t9w-cnkz-s3c3
4
vulnerability VCID-6tx4-wexr-fkbb
5
vulnerability VCID-7hrm-jtbx-sqgm
6
vulnerability VCID-7pr7-uqp1-sugt
7
vulnerability VCID-7s3w-8dn6-jqh7
8
vulnerability VCID-7s74-rdkp-vyaf
9
vulnerability VCID-8hx4-r8bb-n7ge
10
vulnerability VCID-8ky6-w2nk-9bds
11
vulnerability VCID-8msu-s38a-p7e3
12
vulnerability VCID-9cc9-npdc-8bac
13
vulnerability VCID-9vrt-uccb-myev
14
vulnerability VCID-a8gs-ervm-e3hm
15
vulnerability VCID-a9b6-tenb-afdw
16
vulnerability VCID-agtm-nkhp-dkdn
17
vulnerability VCID-b3cn-pjp3-4yhm
18
vulnerability VCID-b9ry-u6qy-j7cc
19
vulnerability VCID-bch8-kq49-skhm
20
vulnerability VCID-bkpz-ratd-e7ab
21
vulnerability VCID-cc8x-6es1-8kc5
22
vulnerability VCID-cqjn-3z6n-sff1
23
vulnerability VCID-d6mk-hg8h-7qbc
24
vulnerability VCID-dpgz-dacm-sqg6
25
vulnerability VCID-du16-f2wp-t3cw
26
vulnerability VCID-e9zx-zy9y-2fcp
27
vulnerability VCID-eahe-s41f-ckc1
28
vulnerability VCID-evth-swm9-k3de
29
vulnerability VCID-fz5y-um7w-63f4
30
vulnerability VCID-gedj-39p5-ubd6
31
vulnerability VCID-gxj9-a1hc-47de
32
vulnerability VCID-hbau-7tvg-cygz
33
vulnerability VCID-jr49-4fs3-8qcp
34
vulnerability VCID-kezx-5nw5-hfen
35
vulnerability VCID-kje4-asu6-dfg2
36
vulnerability VCID-kuzc-uv5b-v7an
37
vulnerability VCID-m5z8-hz81-j7b7
38
vulnerability VCID-mhvf-2keh-2qar
39
vulnerability VCID-mjb6-7au8-5fdx
40
vulnerability VCID-ns8t-vtcn-aqh4
41
vulnerability VCID-qgpx-hgzu-5qgp
42
vulnerability VCID-qj4x-u7gx-9uf1
43
vulnerability VCID-qp7s-amch-v3cd
44
vulnerability VCID-qzqd-271b-ybfj
45
vulnerability VCID-r4bw-w4t9-23ek
46
vulnerability VCID-rduw-apr6-4fdu
47
vulnerability VCID-re84-qg3k-3ub3
48
vulnerability VCID-rxac-w9pd-aqe1
49
vulnerability VCID-s4bp-kzfu-8qfy
50
vulnerability VCID-scg7-ugdn-53b9
51
vulnerability VCID-shfz-pxan-v3ar
52
vulnerability VCID-te3b-exz5-zke1
53
vulnerability VCID-tvz9-8s4d-gbg6
54
vulnerability VCID-txb3-ez5r-r7ek
55
vulnerability VCID-ugyc-gehq-rudu
56
vulnerability VCID-vu36-a1g1-nugt
57
vulnerability VCID-vx13-4b1d-wbgp
58
vulnerability VCID-wvyx-2bbb-9yf7
59
vulnerability VCID-xk5y-7a1w-zba9
60
vulnerability VCID-xsq8-ztqh-ubb8
61
vulnerability VCID-y1v3-9tyq-uqhd
62
vulnerability VCID-y4u6-cy8y-hyae
63
vulnerability VCID-y7x4-664r-3fbk
64
vulnerability VCID-z2v2-n138-6ydv
65
vulnerability VCID-zdpz-8tc2-6kah
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p6
3
url pkg:composer/magento/community-edition@2.4.7-beta1
purl pkg:composer/magento/community-edition@2.4.7-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jsp-392b-2fgb
1
vulnerability VCID-2vsw-t8k2-4bfm
2
vulnerability VCID-3g5s-hryc-5qa9
3
vulnerability VCID-3zcy-b3th-ukhd
4
vulnerability VCID-4dae-vty8-b7hk
5
vulnerability VCID-5gxr-xksz-5ydb
6
vulnerability VCID-6p6q-ctya-q3bv
7
vulnerability VCID-6t9w-cnkz-s3c3
8
vulnerability VCID-6tx4-wexr-fkbb
9
vulnerability VCID-7hrm-jtbx-sqgm
10
vulnerability VCID-7pr7-uqp1-sugt
11
vulnerability VCID-7s3w-8dn6-jqh7
12
vulnerability VCID-7s74-rdkp-vyaf
13
vulnerability VCID-8hx4-r8bb-n7ge
14
vulnerability VCID-8ky6-w2nk-9bds
15
vulnerability VCID-8msu-s38a-p7e3
16
vulnerability VCID-8shb-t5zp-rqbu
17
vulnerability VCID-9cc9-npdc-8bac
18
vulnerability VCID-9vrt-uccb-myev
19
vulnerability VCID-a8gs-ervm-e3hm
20
vulnerability VCID-a9b6-tenb-afdw
21
vulnerability VCID-agtm-nkhp-dkdn
22
vulnerability VCID-b3cn-pjp3-4yhm
23
vulnerability VCID-b4jg-dj1a-9qd5
24
vulnerability VCID-b9ry-u6qy-j7cc
25
vulnerability VCID-bch8-kq49-skhm
26
vulnerability VCID-cafy-5dd8-rudj
27
vulnerability VCID-cc8x-6es1-8kc5
28
vulnerability VCID-ccx1-qacj-2qev
29
vulnerability VCID-cm2a-1yc5-v3cy
30
vulnerability VCID-cqjn-3z6n-sff1
31
vulnerability VCID-d6mk-hg8h-7qbc
32
vulnerability VCID-dj5a-35gt-u7dn
33
vulnerability VCID-dpgz-dacm-sqg6
34
vulnerability VCID-e9zx-zy9y-2fcp
35
vulnerability VCID-eahe-s41f-ckc1
36
vulnerability VCID-egy6-nku7-zyap
37
vulnerability VCID-evth-swm9-k3de
38
vulnerability VCID-eygc-ra9u-gyej
39
vulnerability VCID-fz5y-um7w-63f4
40
vulnerability VCID-gedj-39p5-ubd6
41
vulnerability VCID-gxj9-a1hc-47de
42
vulnerability VCID-hbau-7tvg-cygz
43
vulnerability VCID-j6ss-8f4e-e7g2
44
vulnerability VCID-jr49-4fs3-8qcp
45
vulnerability VCID-kezx-5nw5-hfen
46
vulnerability VCID-kje4-asu6-dfg2
47
vulnerability VCID-kxnm-y19k-mqg2
48
vulnerability VCID-m5z8-hz81-j7b7
49
vulnerability VCID-m83v-51cy-uqar
50
vulnerability VCID-md7v-w5aq-t7h1
51
vulnerability VCID-mhvf-2keh-2qar
52
vulnerability VCID-mjb6-7au8-5fdx
53
vulnerability VCID-ns8t-vtcn-aqh4
54
vulnerability VCID-qfw5-3tdu-x7g4
55
vulnerability VCID-qgpx-hgzu-5qgp
56
vulnerability VCID-qj4x-u7gx-9uf1
57
vulnerability VCID-qp7s-amch-v3cd
58
vulnerability VCID-qrwc-3gsb-zkfy
59
vulnerability VCID-qzqd-271b-ybfj
60
vulnerability VCID-r4bw-w4t9-23ek
61
vulnerability VCID-r7nh-arcj-8fb3
62
vulnerability VCID-rbjk-3gcs-2qb5
63
vulnerability VCID-rduw-apr6-4fdu
64
vulnerability VCID-re84-qg3k-3ub3
65
vulnerability VCID-rf6p-ct86-5bgz
66
vulnerability VCID-ruru-fwmn-5kes
67
vulnerability VCID-rxac-w9pd-aqe1
68
vulnerability VCID-s4bp-kzfu-8qfy
69
vulnerability VCID-s5e2-d6n8-kkbr
70
vulnerability VCID-scg7-ugdn-53b9
71
vulnerability VCID-tc3m-4bkg-qkcf
72
vulnerability VCID-te3b-exz5-zke1
73
vulnerability VCID-th7y-aj51-mbaj
74
vulnerability VCID-tvz9-8s4d-gbg6
75
vulnerability VCID-txb3-ez5r-r7ek
76
vulnerability VCID-tzug-ckkn-dyft
77
vulnerability VCID-ugyc-gehq-rudu
78
vulnerability VCID-vu36-a1g1-nugt
79
vulnerability VCID-vx13-4b1d-wbgp
80
vulnerability VCID-wvyx-2bbb-9yf7
81
vulnerability VCID-wzu6-rbsv-mkde
82
vulnerability VCID-xk5y-7a1w-zba9
83
vulnerability VCID-xsq8-ztqh-ubb8
84
vulnerability VCID-y1v3-9tyq-uqhd
85
vulnerability VCID-y4r1-yr69-uuf6
86
vulnerability VCID-y7x4-664r-3fbk
87
vulnerability VCID-yyq6-dvyx-3bb9
88
vulnerability VCID-z2v2-n138-6ydv
89
vulnerability VCID-zdpz-8tc2-6kah
90
vulnerability VCID-zt9b-9sjx-7qb4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1
aliases CVE-2024-34111, GHSA-jmqp-r3gg-6jh3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hfbb-ax6r-tbaz
15
url VCID-kq4m-anrt-rugn
vulnerability_id VCID-kq4m-anrt-rugn
summary 
Magento Open Source Improper Authorization vulnerability
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access, leading to both confidentiality and integrity impact. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-34104
reference_id
reference_type
scores
0
value 0.00617
scoring_system epss
scoring_elements 0.70373
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-34104
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799
3
reference_url https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2
4
reference_url https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c
5
reference_url https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482
6
reference_url https://helpx.adobe.com/security/products/magento/apsb24-40.html
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-06-14T13:48:20Z/
url https://helpx.adobe.com/security/products/magento/apsb24-40.html
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-34104
reference_id CVE-2024-34104
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-34104
8
reference_url https://github.com/advisories/GHSA-wwj3-573j-rvvm
reference_id GHSA-wwj3-573j-rvvm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wwj3-573j-rvvm
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p9
purl pkg:composer/magento/community-edition@2.4.4-p9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jsp-392b-2fgb
1
vulnerability VCID-3g5s-hryc-5qa9
2
vulnerability VCID-4dae-vty8-b7hk
3
vulnerability VCID-6p6q-ctya-q3bv
4
vulnerability VCID-cafy-5dd8-rudj
5
vulnerability VCID-ccx1-qacj-2qev
6
vulnerability VCID-cm2a-1yc5-v3cy
7
vulnerability VCID-dj5a-35gt-u7dn
8
vulnerability VCID-eygc-ra9u-gyej
9
vulnerability VCID-md7v-w5aq-t7h1
10
vulnerability VCID-qrwc-3gsb-zkfy
11
vulnerability VCID-tc3m-4bkg-qkcf
12
vulnerability VCID-th7y-aj51-mbaj
13
vulnerability VCID-tzug-ckkn-dyft
14
vulnerability VCID-wzu6-rbsv-mkde
15
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p9
1
url pkg:composer/magento/community-edition@2.4.5-p8
purl pkg:composer/magento/community-edition@2.4.5-p8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3zcy-b3th-ukhd
1
vulnerability VCID-5gxr-xksz-5ydb
2
vulnerability VCID-6t9w-cnkz-s3c3
3
vulnerability VCID-7hrm-jtbx-sqgm
4
vulnerability VCID-8msu-s38a-p7e3
5
vulnerability VCID-9cc9-npdc-8bac
6
vulnerability VCID-9vrt-uccb-myev
7
vulnerability VCID-a8gs-ervm-e3hm
8
vulnerability VCID-agtm-nkhp-dkdn
9
vulnerability VCID-b9ry-u6qy-j7cc
10
vulnerability VCID-bkpz-ratd-e7ab
11
vulnerability VCID-cafy-5dd8-rudj
12
vulnerability VCID-cc8x-6es1-8kc5
13
vulnerability VCID-cqjn-3z6n-sff1
14
vulnerability VCID-dj5a-35gt-u7dn
15
vulnerability VCID-dpgz-dacm-sqg6
16
vulnerability VCID-du16-f2wp-t3cw
17
vulnerability VCID-e9zx-zy9y-2fcp
18
vulnerability VCID-kezx-5nw5-hfen
19
vulnerability VCID-kuzc-uv5b-v7an
20
vulnerability VCID-m5z8-hz81-j7b7
21
vulnerability VCID-qj4x-u7gx-9uf1
22
vulnerability VCID-qrwc-3gsb-zkfy
23
vulnerability VCID-shfz-pxan-v3ar
24
vulnerability VCID-th7y-aj51-mbaj
25
vulnerability VCID-y4u6-cy8y-hyae
26
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p8
2
url pkg:composer/magento/community-edition@2.4.6-p6
purl pkg:composer/magento/community-edition@2.4.6-p6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2vsw-t8k2-4bfm
1
vulnerability VCID-3zcy-b3th-ukhd
2
vulnerability VCID-5gxr-xksz-5ydb
3
vulnerability VCID-6t9w-cnkz-s3c3
4
vulnerability VCID-6tx4-wexr-fkbb
5
vulnerability VCID-7hrm-jtbx-sqgm
6
vulnerability VCID-7pr7-uqp1-sugt
7
vulnerability VCID-7s3w-8dn6-jqh7
8
vulnerability VCID-7s74-rdkp-vyaf
9
vulnerability VCID-8hx4-r8bb-n7ge
10
vulnerability VCID-8ky6-w2nk-9bds
11
vulnerability VCID-8msu-s38a-p7e3
12
vulnerability VCID-9cc9-npdc-8bac
13
vulnerability VCID-9vrt-uccb-myev
14
vulnerability VCID-a8gs-ervm-e3hm
15
vulnerability VCID-a9b6-tenb-afdw
16
vulnerability VCID-agtm-nkhp-dkdn
17
vulnerability VCID-b3cn-pjp3-4yhm
18
vulnerability VCID-b9ry-u6qy-j7cc
19
vulnerability VCID-bch8-kq49-skhm
20
vulnerability VCID-bkpz-ratd-e7ab
21
vulnerability VCID-cc8x-6es1-8kc5
22
vulnerability VCID-cqjn-3z6n-sff1
23
vulnerability VCID-d6mk-hg8h-7qbc
24
vulnerability VCID-dpgz-dacm-sqg6
25
vulnerability VCID-du16-f2wp-t3cw
26
vulnerability VCID-e9zx-zy9y-2fcp
27
vulnerability VCID-eahe-s41f-ckc1
28
vulnerability VCID-evth-swm9-k3de
29
vulnerability VCID-fz5y-um7w-63f4
30
vulnerability VCID-gedj-39p5-ubd6
31
vulnerability VCID-gxj9-a1hc-47de
32
vulnerability VCID-hbau-7tvg-cygz
33
vulnerability VCID-jr49-4fs3-8qcp
34
vulnerability VCID-kezx-5nw5-hfen
35
vulnerability VCID-kje4-asu6-dfg2
36
vulnerability VCID-kuzc-uv5b-v7an
37
vulnerability VCID-m5z8-hz81-j7b7
38
vulnerability VCID-mhvf-2keh-2qar
39
vulnerability VCID-mjb6-7au8-5fdx
40
vulnerability VCID-ns8t-vtcn-aqh4
41
vulnerability VCID-qgpx-hgzu-5qgp
42
vulnerability VCID-qj4x-u7gx-9uf1
43
vulnerability VCID-qp7s-amch-v3cd
44
vulnerability VCID-qzqd-271b-ybfj
45
vulnerability VCID-r4bw-w4t9-23ek
46
vulnerability VCID-rduw-apr6-4fdu
47
vulnerability VCID-re84-qg3k-3ub3
48
vulnerability VCID-rxac-w9pd-aqe1
49
vulnerability VCID-s4bp-kzfu-8qfy
50
vulnerability VCID-scg7-ugdn-53b9
51
vulnerability VCID-shfz-pxan-v3ar
52
vulnerability VCID-te3b-exz5-zke1
53
vulnerability VCID-tvz9-8s4d-gbg6
54
vulnerability VCID-txb3-ez5r-r7ek
55
vulnerability VCID-ugyc-gehq-rudu
56
vulnerability VCID-vu36-a1g1-nugt
57
vulnerability VCID-vx13-4b1d-wbgp
58
vulnerability VCID-wvyx-2bbb-9yf7
59
vulnerability VCID-xk5y-7a1w-zba9
60
vulnerability VCID-xsq8-ztqh-ubb8
61
vulnerability VCID-y1v3-9tyq-uqhd
62
vulnerability VCID-y4u6-cy8y-hyae
63
vulnerability VCID-y7x4-664r-3fbk
64
vulnerability VCID-z2v2-n138-6ydv
65
vulnerability VCID-zdpz-8tc2-6kah
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p6
3
url pkg:composer/magento/community-edition@2.4.7-beta1
purl pkg:composer/magento/community-edition@2.4.7-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jsp-392b-2fgb
1
vulnerability VCID-2vsw-t8k2-4bfm
2
vulnerability VCID-3g5s-hryc-5qa9
3
vulnerability VCID-3zcy-b3th-ukhd
4
vulnerability VCID-4dae-vty8-b7hk
5
vulnerability VCID-5gxr-xksz-5ydb
6
vulnerability VCID-6p6q-ctya-q3bv
7
vulnerability VCID-6t9w-cnkz-s3c3
8
vulnerability VCID-6tx4-wexr-fkbb
9
vulnerability VCID-7hrm-jtbx-sqgm
10
vulnerability VCID-7pr7-uqp1-sugt
11
vulnerability VCID-7s3w-8dn6-jqh7
12
vulnerability VCID-7s74-rdkp-vyaf
13
vulnerability VCID-8hx4-r8bb-n7ge
14
vulnerability VCID-8ky6-w2nk-9bds
15
vulnerability VCID-8msu-s38a-p7e3
16
vulnerability VCID-8shb-t5zp-rqbu
17
vulnerability VCID-9cc9-npdc-8bac
18
vulnerability VCID-9vrt-uccb-myev
19
vulnerability VCID-a8gs-ervm-e3hm
20
vulnerability VCID-a9b6-tenb-afdw
21
vulnerability VCID-agtm-nkhp-dkdn
22
vulnerability VCID-b3cn-pjp3-4yhm
23
vulnerability VCID-b4jg-dj1a-9qd5
24
vulnerability VCID-b9ry-u6qy-j7cc
25
vulnerability VCID-bch8-kq49-skhm
26
vulnerability VCID-cafy-5dd8-rudj
27
vulnerability VCID-cc8x-6es1-8kc5
28
vulnerability VCID-ccx1-qacj-2qev
29
vulnerability VCID-cm2a-1yc5-v3cy
30
vulnerability VCID-cqjn-3z6n-sff1
31
vulnerability VCID-d6mk-hg8h-7qbc
32
vulnerability VCID-dj5a-35gt-u7dn
33
vulnerability VCID-dpgz-dacm-sqg6
34
vulnerability VCID-e9zx-zy9y-2fcp
35
vulnerability VCID-eahe-s41f-ckc1
36
vulnerability VCID-egy6-nku7-zyap
37
vulnerability VCID-evth-swm9-k3de
38
vulnerability VCID-eygc-ra9u-gyej
39
vulnerability VCID-fz5y-um7w-63f4
40
vulnerability VCID-gedj-39p5-ubd6
41
vulnerability VCID-gxj9-a1hc-47de
42
vulnerability VCID-hbau-7tvg-cygz
43
vulnerability VCID-j6ss-8f4e-e7g2
44
vulnerability VCID-jr49-4fs3-8qcp
45
vulnerability VCID-kezx-5nw5-hfen
46
vulnerability VCID-kje4-asu6-dfg2
47
vulnerability VCID-kxnm-y19k-mqg2
48
vulnerability VCID-m5z8-hz81-j7b7
49
vulnerability VCID-m83v-51cy-uqar
50
vulnerability VCID-md7v-w5aq-t7h1
51
vulnerability VCID-mhvf-2keh-2qar
52
vulnerability VCID-mjb6-7au8-5fdx
53
vulnerability VCID-ns8t-vtcn-aqh4
54
vulnerability VCID-qfw5-3tdu-x7g4
55
vulnerability VCID-qgpx-hgzu-5qgp
56
vulnerability VCID-qj4x-u7gx-9uf1
57
vulnerability VCID-qp7s-amch-v3cd
58
vulnerability VCID-qrwc-3gsb-zkfy
59
vulnerability VCID-qzqd-271b-ybfj
60
vulnerability VCID-r4bw-w4t9-23ek
61
vulnerability VCID-r7nh-arcj-8fb3
62
vulnerability VCID-rbjk-3gcs-2qb5
63
vulnerability VCID-rduw-apr6-4fdu
64
vulnerability VCID-re84-qg3k-3ub3
65
vulnerability VCID-rf6p-ct86-5bgz
66
vulnerability VCID-ruru-fwmn-5kes
67
vulnerability VCID-rxac-w9pd-aqe1
68
vulnerability VCID-s4bp-kzfu-8qfy
69
vulnerability VCID-s5e2-d6n8-kkbr
70
vulnerability VCID-scg7-ugdn-53b9
71
vulnerability VCID-tc3m-4bkg-qkcf
72
vulnerability VCID-te3b-exz5-zke1
73
vulnerability VCID-th7y-aj51-mbaj
74
vulnerability VCID-tvz9-8s4d-gbg6
75
vulnerability VCID-txb3-ez5r-r7ek
76
vulnerability VCID-tzug-ckkn-dyft
77
vulnerability VCID-ugyc-gehq-rudu
78
vulnerability VCID-vu36-a1g1-nugt
79
vulnerability VCID-vx13-4b1d-wbgp
80
vulnerability VCID-wvyx-2bbb-9yf7
81
vulnerability VCID-wzu6-rbsv-mkde
82
vulnerability VCID-xk5y-7a1w-zba9
83
vulnerability VCID-xsq8-ztqh-ubb8
84
vulnerability VCID-y1v3-9tyq-uqhd
85
vulnerability VCID-y4r1-yr69-uuf6
86
vulnerability VCID-y7x4-664r-3fbk
87
vulnerability VCID-yyq6-dvyx-3bb9
88
vulnerability VCID-z2v2-n138-6ydv
89
vulnerability VCID-zdpz-8tc2-6kah
90
vulnerability VCID-zt9b-9sjx-7qb4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1
aliases CVE-2024-34104, GHSA-wwj3-573j-rvvm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kq4m-anrt-rugn
16
url VCID-md7v-w5aq-t7h1
vulnerability_id VCID-md7v-w5aq-t7h1
summary 
Magento Security feature bypass
Magento versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized access. Exploitation of this issue requires user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-49550
reference_id
reference_type
scores
0
value 0.00468
scoring_system epss
scoring_elements 0.64889
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-49550
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb25-50.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T18:07:51Z/
url https://helpx.adobe.com/security/products/magento/apsb25-50.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-49550
reference_id CVE-2025-49550
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-49550
4
reference_url https://github.com/advisories/GHSA-8hcx-xvww-6c6h
reference_id GHSA-8hcx-xvww-6c6h
reference_type
scores
url https://github.com/advisories/GHSA-8hcx-xvww-6c6h
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.5-p13
purl pkg:composer/magento/community-edition@2.4.5-p13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jsp-392b-2fgb
1
vulnerability VCID-cafy-5dd8-rudj
2
vulnerability VCID-ccx1-qacj-2qev
3
vulnerability VCID-cm2a-1yc5-v3cy
4
vulnerability VCID-dj5a-35gt-u7dn
5
vulnerability VCID-eygc-ra9u-gyej
6
vulnerability VCID-fzm9-e6bg-r7aw
7
vulnerability VCID-qrwc-3gsb-zkfy
8
vulnerability VCID-th7y-aj51-mbaj
9
vulnerability VCID-tzug-ckkn-dyft
10
vulnerability VCID-wzu6-rbsv-mkde
11
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p13
1
url pkg:composer/magento/community-edition@2.4.6-p11
purl pkg:composer/magento/community-edition@2.4.6-p11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jsp-392b-2fgb
1
vulnerability VCID-cafy-5dd8-rudj
2
vulnerability VCID-ccx1-qacj-2qev
3
vulnerability VCID-cm2a-1yc5-v3cy
4
vulnerability VCID-dj5a-35gt-u7dn
5
vulnerability VCID-eygc-ra9u-gyej
6
vulnerability VCID-fzm9-e6bg-r7aw
7
vulnerability VCID-qrwc-3gsb-zkfy
8
vulnerability VCID-th7y-aj51-mbaj
9
vulnerability VCID-tzug-ckkn-dyft
10
vulnerability VCID-wzu6-rbsv-mkde
11
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p11
2
url pkg:composer/magento/community-edition@2.4.7-p6
purl pkg:composer/magento/community-edition@2.4.7-p6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jsp-392b-2fgb
1
vulnerability VCID-cafy-5dd8-rudj
2
vulnerability VCID-ccx1-qacj-2qev
3
vulnerability VCID-cm2a-1yc5-v3cy
4
vulnerability VCID-dj5a-35gt-u7dn
5
vulnerability VCID-eygc-ra9u-gyej
6
vulnerability VCID-fzm9-e6bg-r7aw
7
vulnerability VCID-qrwc-3gsb-zkfy
8
vulnerability VCID-th7y-aj51-mbaj
9
vulnerability VCID-tzug-ckkn-dyft
10
vulnerability VCID-wzu6-rbsv-mkde
11
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p6
3
url pkg:composer/magento/community-edition@2.4.8-beta1
purl pkg:composer/magento/community-edition@2.4.8-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jsp-392b-2fgb
1
vulnerability VCID-2vsw-t8k2-4bfm
2
vulnerability VCID-3g5s-hryc-5qa9
3
vulnerability VCID-6tx4-wexr-fkbb
4
vulnerability VCID-7s74-rdkp-vyaf
5
vulnerability VCID-8hx4-r8bb-n7ge
6
vulnerability VCID-8ky6-w2nk-9bds
7
vulnerability VCID-8shb-t5zp-rqbu
8
vulnerability VCID-a9b6-tenb-afdw
9
vulnerability VCID-b3cn-pjp3-4yhm
10
vulnerability VCID-cafy-5dd8-rudj
11
vulnerability VCID-ccx1-qacj-2qev
12
vulnerability VCID-cm2a-1yc5-v3cy
13
vulnerability VCID-d6mk-hg8h-7qbc
14
vulnerability VCID-dj5a-35gt-u7dn
15
vulnerability VCID-egy6-nku7-zyap
16
vulnerability VCID-eygc-ra9u-gyej
17
vulnerability VCID-fz5y-um7w-63f4
18
vulnerability VCID-gedj-39p5-ubd6
19
vulnerability VCID-hbau-7tvg-cygz
20
vulnerability VCID-j6ss-8f4e-e7g2
21
vulnerability VCID-jr49-4fs3-8qcp
22
vulnerability VCID-mhvf-2keh-2qar
23
vulnerability VCID-mjb6-7au8-5fdx
24
vulnerability VCID-qp7s-amch-v3cd
25
vulnerability VCID-qrwc-3gsb-zkfy
26
vulnerability VCID-qzqd-271b-ybfj
27
vulnerability VCID-r4bw-w4t9-23ek
28
vulnerability VCID-re84-qg3k-3ub3
29
vulnerability VCID-s4bp-kzfu-8qfy
30
vulnerability VCID-scg7-ugdn-53b9
31
vulnerability VCID-te3b-exz5-zke1
32
vulnerability VCID-th7y-aj51-mbaj
33
vulnerability VCID-tvz9-8s4d-gbg6
34
vulnerability VCID-tzug-ckkn-dyft
35
vulnerability VCID-wzu6-rbsv-mkde
36
vulnerability VCID-xfvu-2zg4-ruf6
37
vulnerability VCID-xsq8-ztqh-ubb8
38
vulnerability VCID-y7x4-664r-3fbk
39
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1
4
url pkg:composer/magento/community-edition@2.4.9-alpha1
purl pkg:composer/magento/community-edition@2.4.9-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jsp-392b-2fgb
1
vulnerability VCID-cafy-5dd8-rudj
2
vulnerability VCID-ccx1-qacj-2qev
3
vulnerability VCID-cm2a-1yc5-v3cy
4
vulnerability VCID-dj5a-35gt-u7dn
5
vulnerability VCID-eygc-ra9u-gyej
6
vulnerability VCID-qrwc-3gsb-zkfy
7
vulnerability VCID-th7y-aj51-mbaj
8
vulnerability VCID-tzug-ckkn-dyft
9
vulnerability VCID-wzu6-rbsv-mkde
10
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha1
aliases CVE-2025-49550, GHSA-8hcx-xvww-6c6h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-md7v-w5aq-t7h1
17
url VCID-qrwc-3gsb-zkfy
vulnerability_id VCID-qrwc-3gsb-zkfy
summary 
Magento provides incorrect authorization through a security feature bypass
Magento versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-privileged attacker could leverage this vulnerability to bypass security measures and maintain unauthorized access. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-54263
reference_id
reference_type
scores
0
value 0.00092
scoring_system epss
scoring_elements 0.25983
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-54263
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb25-94.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:29Z/
url https://helpx.adobe.com/security/products/magento/apsb25-94.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-54263
reference_id CVE-2025-54263
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-54263
4
reference_url https://github.com/advisories/GHSA-69x9-xp2j-w8g8
reference_id GHSA-69x9-xp2j-w8g8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-69x9-xp2j-w8g8
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.6-p13
purl pkg:composer/magento/community-edition@2.4.6-p13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p13
1
url pkg:composer/magento/community-edition@2.4.7-p8
purl pkg:composer/magento/community-edition@2.4.7-p8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p8
2
url pkg:composer/magento/community-edition@2.4.8-p3
purl pkg:composer/magento/community-edition@2.4.8-p3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p3
3
url pkg:composer/magento/community-edition@2.4.9-alpha3
purl pkg:composer/magento/community-edition@2.4.9-alpha3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha3
aliases CVE-2025-54263, GHSA-69x9-xp2j-w8g8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qrwc-3gsb-zkfy
18
url VCID-tc3m-4bkg-qkcf
vulnerability_id VCID-tc3m-4bkg-qkcf
summary 
Magento Improper Authorization leading to security feature bypass
Magento versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access leading to a limited impact to confidentiality and a high impact to integrity. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43585
reference_id
reference_type
scores
0
value 0.00591
scoring_system epss
scoring_elements 0.6963
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43585
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb25-50.html
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T17:23:05Z/
url https://helpx.adobe.com/security/products/magento/apsb25-50.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43585
reference_id CVE-2025-43585
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43585
4
reference_url https://github.com/advisories/GHSA-r487-9vv5-75gg
reference_id GHSA-r487-9vv5-75gg
reference_type
scores
url https://github.com/advisories/GHSA-r487-9vv5-75gg
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.5-p13
purl pkg:composer/magento/community-edition@2.4.5-p13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jsp-392b-2fgb
1
vulnerability VCID-cafy-5dd8-rudj
2
vulnerability VCID-ccx1-qacj-2qev
3
vulnerability VCID-cm2a-1yc5-v3cy
4
vulnerability VCID-dj5a-35gt-u7dn
5
vulnerability VCID-eygc-ra9u-gyej
6
vulnerability VCID-fzm9-e6bg-r7aw
7
vulnerability VCID-qrwc-3gsb-zkfy
8
vulnerability VCID-th7y-aj51-mbaj
9
vulnerability VCID-tzug-ckkn-dyft
10
vulnerability VCID-wzu6-rbsv-mkde
11
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p13
1
url pkg:composer/magento/community-edition@2.4.6-p11
purl pkg:composer/magento/community-edition@2.4.6-p11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jsp-392b-2fgb
1
vulnerability VCID-cafy-5dd8-rudj
2
vulnerability VCID-ccx1-qacj-2qev
3
vulnerability VCID-cm2a-1yc5-v3cy
4
vulnerability VCID-dj5a-35gt-u7dn
5
vulnerability VCID-eygc-ra9u-gyej
6
vulnerability VCID-fzm9-e6bg-r7aw
7
vulnerability VCID-qrwc-3gsb-zkfy
8
vulnerability VCID-th7y-aj51-mbaj
9
vulnerability VCID-tzug-ckkn-dyft
10
vulnerability VCID-wzu6-rbsv-mkde
11
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p11
2
url pkg:composer/magento/community-edition@2.4.7-p6
purl pkg:composer/magento/community-edition@2.4.7-p6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jsp-392b-2fgb
1
vulnerability VCID-cafy-5dd8-rudj
2
vulnerability VCID-ccx1-qacj-2qev
3
vulnerability VCID-cm2a-1yc5-v3cy
4
vulnerability VCID-dj5a-35gt-u7dn
5
vulnerability VCID-eygc-ra9u-gyej
6
vulnerability VCID-fzm9-e6bg-r7aw
7
vulnerability VCID-qrwc-3gsb-zkfy
8
vulnerability VCID-th7y-aj51-mbaj
9
vulnerability VCID-tzug-ckkn-dyft
10
vulnerability VCID-wzu6-rbsv-mkde
11
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p6
3
url pkg:composer/magento/community-edition@2.4.8-beta1
purl pkg:composer/magento/community-edition@2.4.8-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jsp-392b-2fgb
1
vulnerability VCID-2vsw-t8k2-4bfm
2
vulnerability VCID-3g5s-hryc-5qa9
3
vulnerability VCID-6tx4-wexr-fkbb
4
vulnerability VCID-7s74-rdkp-vyaf
5
vulnerability VCID-8hx4-r8bb-n7ge
6
vulnerability VCID-8ky6-w2nk-9bds
7
vulnerability VCID-8shb-t5zp-rqbu
8
vulnerability VCID-a9b6-tenb-afdw
9
vulnerability VCID-b3cn-pjp3-4yhm
10
vulnerability VCID-cafy-5dd8-rudj
11
vulnerability VCID-ccx1-qacj-2qev
12
vulnerability VCID-cm2a-1yc5-v3cy
13
vulnerability VCID-d6mk-hg8h-7qbc
14
vulnerability VCID-dj5a-35gt-u7dn
15
vulnerability VCID-egy6-nku7-zyap
16
vulnerability VCID-eygc-ra9u-gyej
17
vulnerability VCID-fz5y-um7w-63f4
18
vulnerability VCID-gedj-39p5-ubd6
19
vulnerability VCID-hbau-7tvg-cygz
20
vulnerability VCID-j6ss-8f4e-e7g2
21
vulnerability VCID-jr49-4fs3-8qcp
22
vulnerability VCID-mhvf-2keh-2qar
23
vulnerability VCID-mjb6-7au8-5fdx
24
vulnerability VCID-qp7s-amch-v3cd
25
vulnerability VCID-qrwc-3gsb-zkfy
26
vulnerability VCID-qzqd-271b-ybfj
27
vulnerability VCID-r4bw-w4t9-23ek
28
vulnerability VCID-re84-qg3k-3ub3
29
vulnerability VCID-s4bp-kzfu-8qfy
30
vulnerability VCID-scg7-ugdn-53b9
31
vulnerability VCID-te3b-exz5-zke1
32
vulnerability VCID-th7y-aj51-mbaj
33
vulnerability VCID-tvz9-8s4d-gbg6
34
vulnerability VCID-tzug-ckkn-dyft
35
vulnerability VCID-wzu6-rbsv-mkde
36
vulnerability VCID-xfvu-2zg4-ruf6
37
vulnerability VCID-xsq8-ztqh-ubb8
38
vulnerability VCID-y7x4-664r-3fbk
39
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1
4
url pkg:composer/magento/community-edition@2.4.9-alpha1
purl pkg:composer/magento/community-edition@2.4.9-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jsp-392b-2fgb
1
vulnerability VCID-cafy-5dd8-rudj
2
vulnerability VCID-ccx1-qacj-2qev
3
vulnerability VCID-cm2a-1yc5-v3cy
4
vulnerability VCID-dj5a-35gt-u7dn
5
vulnerability VCID-eygc-ra9u-gyej
6
vulnerability VCID-qrwc-3gsb-zkfy
7
vulnerability VCID-th7y-aj51-mbaj
8
vulnerability VCID-tzug-ckkn-dyft
9
vulnerability VCID-wzu6-rbsv-mkde
10
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha1
aliases CVE-2025-43585, GHSA-r487-9vv5-75gg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tc3m-4bkg-qkcf
19
url VCID-th7y-aj51-mbaj
vulnerability_id VCID-th7y-aj51-mbaj
summary 
Magento vulnerable to stored Cross-Site Scripting (XSS)
Magento versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. Scope is changed.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-54264
reference_id
reference_type
scores
0
value 0.00214
scoring_system epss
scoring_elements 0.44021
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-54264
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb25-94.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:28Z/
url https://helpx.adobe.com/security/products/magento/apsb25-94.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-54264
reference_id CVE-2025-54264
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-54264
4
reference_url https://github.com/advisories/GHSA-2768-5wmv-cfff
reference_id GHSA-2768-5wmv-cfff
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2768-5wmv-cfff
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.6-p13
purl pkg:composer/magento/community-edition@2.4.6-p13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p13
1
url pkg:composer/magento/community-edition@2.4.7-p8
purl pkg:composer/magento/community-edition@2.4.7-p8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p8
2
url pkg:composer/magento/community-edition@2.4.8-p3
purl pkg:composer/magento/community-edition@2.4.8-p3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p3
3
url pkg:composer/magento/community-edition@2.4.9-alpha3
purl pkg:composer/magento/community-edition@2.4.9-alpha3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha3
aliases CVE-2025-54264, GHSA-2768-5wmv-cfff
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-th7y-aj51-mbaj
20
url VCID-tzug-ckkn-dyft
vulnerability_id VCID-tzug-ckkn-dyft
summary 
Magento vulnerable to denial of service
Magento versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability by providing specially crafted input, causing the application to crash or become unresponsive. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-49554
reference_id
reference_type
scores
0
value 0.00289
scoring_system epss
scoring_elements 0.52681
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-49554
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb25-71.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-13T14:18:27Z/
url https://helpx.adobe.com/security/products/magento/apsb25-71.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-49554
reference_id CVE-2025-49554
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-49554
4
reference_url https://github.com/advisories/GHSA-xgfm-992v-h2hr
reference_id GHSA-xgfm-992v-h2hr
reference_type
scores
url https://github.com/advisories/GHSA-xgfm-992v-h2hr
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.5-p14
purl pkg:composer/magento/community-edition@2.4.5-p14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cafy-5dd8-rudj
1
vulnerability VCID-ccx1-qacj-2qev
2
vulnerability VCID-dj5a-35gt-u7dn
3
vulnerability VCID-qrwc-3gsb-zkfy
4
vulnerability VCID-th7y-aj51-mbaj
5
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p14
1
url pkg:composer/magento/community-edition@2.4.6-p12
purl pkg:composer/magento/community-edition@2.4.6-p12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cafy-5dd8-rudj
1
vulnerability VCID-ccx1-qacj-2qev
2
vulnerability VCID-dj5a-35gt-u7dn
3
vulnerability VCID-qrwc-3gsb-zkfy
4
vulnerability VCID-th7y-aj51-mbaj
5
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p12
2
url pkg:composer/magento/community-edition@2.4.7-p7
purl pkg:composer/magento/community-edition@2.4.7-p7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cafy-5dd8-rudj
1
vulnerability VCID-ccx1-qacj-2qev
2
vulnerability VCID-dj5a-35gt-u7dn
3
vulnerability VCID-qrwc-3gsb-zkfy
4
vulnerability VCID-th7y-aj51-mbaj
5
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p7
3
url pkg:composer/magento/community-edition@2.4.8-p2
purl pkg:composer/magento/community-edition@2.4.8-p2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cafy-5dd8-rudj
1
vulnerability VCID-ccx1-qacj-2qev
2
vulnerability VCID-dj5a-35gt-u7dn
3
vulnerability VCID-qrwc-3gsb-zkfy
4
vulnerability VCID-th7y-aj51-mbaj
5
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p2
4
url pkg:composer/magento/community-edition@2.4.9-alpha2
purl pkg:composer/magento/community-edition@2.4.9-alpha2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cafy-5dd8-rudj
1
vulnerability VCID-ccx1-qacj-2qev
2
vulnerability VCID-dj5a-35gt-u7dn
3
vulnerability VCID-qrwc-3gsb-zkfy
4
vulnerability VCID-th7y-aj51-mbaj
5
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha2
aliases CVE-2025-49554, GHSA-xgfm-992v-h2hr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tzug-ckkn-dyft
21
url VCID-wzu6-rbsv-mkde
vulnerability_id VCID-wzu6-rbsv-mkde
summary 
Magento vulnerable to path traversal
Magento versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to modify limited data. Exploitation of this issue does not require user interaction.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-49559
reference_id
reference_type
scores
0
value 0.00589
scoring_system epss
scoring_elements 0.69567
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-49559
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb25-71.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-13T15:04:14Z/
url https://helpx.adobe.com/security/products/magento/apsb25-71.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-49559
reference_id CVE-2025-49559
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-49559
4
reference_url https://github.com/advisories/GHSA-h4f4-gv6h-x824
reference_id GHSA-h4f4-gv6h-x824
reference_type
scores
url https://github.com/advisories/GHSA-h4f4-gv6h-x824
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.5-p14
purl pkg:composer/magento/community-edition@2.4.5-p14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cafy-5dd8-rudj
1
vulnerability VCID-ccx1-qacj-2qev
2
vulnerability VCID-dj5a-35gt-u7dn
3
vulnerability VCID-qrwc-3gsb-zkfy
4
vulnerability VCID-th7y-aj51-mbaj
5
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p14
1
url pkg:composer/magento/community-edition@2.4.6-p12
purl pkg:composer/magento/community-edition@2.4.6-p12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cafy-5dd8-rudj
1
vulnerability VCID-ccx1-qacj-2qev
2
vulnerability VCID-dj5a-35gt-u7dn
3
vulnerability VCID-qrwc-3gsb-zkfy
4
vulnerability VCID-th7y-aj51-mbaj
5
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p12
2
url pkg:composer/magento/community-edition@2.4.7-p7
purl pkg:composer/magento/community-edition@2.4.7-p7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cafy-5dd8-rudj
1
vulnerability VCID-ccx1-qacj-2qev
2
vulnerability VCID-dj5a-35gt-u7dn
3
vulnerability VCID-qrwc-3gsb-zkfy
4
vulnerability VCID-th7y-aj51-mbaj
5
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p7
3
url pkg:composer/magento/community-edition@2.4.8-p2
purl pkg:composer/magento/community-edition@2.4.8-p2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cafy-5dd8-rudj
1
vulnerability VCID-ccx1-qacj-2qev
2
vulnerability VCID-dj5a-35gt-u7dn
3
vulnerability VCID-qrwc-3gsb-zkfy
4
vulnerability VCID-th7y-aj51-mbaj
5
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p2
4
url pkg:composer/magento/community-edition@2.4.9-alpha2
purl pkg:composer/magento/community-edition@2.4.9-alpha2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cafy-5dd8-rudj
1
vulnerability VCID-ccx1-qacj-2qev
2
vulnerability VCID-dj5a-35gt-u7dn
3
vulnerability VCID-qrwc-3gsb-zkfy
4
vulnerability VCID-th7y-aj51-mbaj
5
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha2
aliases CVE-2025-49559, GHSA-h4f4-gv6h-x824
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wzu6-rbsv-mkde
22
url VCID-yyq6-dvyx-3bb9
vulnerability_id VCID-yyq6-dvyx-3bb9
summary 
Magento vulnerable to stored Cross-Site Scripting (XSS)
Magento versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. Scope is changed.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-54266
reference_id
reference_type
scores
0
value 0.00057
scoring_system epss
scoring_elements 0.18183
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-54266
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb25-94.html
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:24:32Z/
url https://helpx.adobe.com/security/products/magento/apsb25-94.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-54266
reference_id CVE-2025-54266
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-54266
4
reference_url https://github.com/advisories/GHSA-pcrx-r49h-x2w5
reference_id GHSA-pcrx-r49h-x2w5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pcrx-r49h-x2w5
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.6-p13
purl pkg:composer/magento/community-edition@2.4.6-p13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p13
1
url pkg:composer/magento/community-edition@2.4.7-p8
purl pkg:composer/magento/community-edition@2.4.7-p8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p8
2
url pkg:composer/magento/community-edition@2.4.8-p3
purl pkg:composer/magento/community-edition@2.4.8-p3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p3
3
url pkg:composer/magento/community-edition@2.4.9-alpha3
purl pkg:composer/magento/community-edition@2.4.9-alpha3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha3
aliases CVE-2025-54266, GHSA-pcrx-r49h-x2w5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yyq6-dvyx-3bb9
Fixing_vulnerabilities
0
url VCID-b4jg-dj1a-9qd5
vulnerability_id VCID-b4jg-dj1a-9qd5
summary 
Magento Open Source allows Cross-Site Scripting (XSS)
Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Confidentiality and integrity are considered high due to having admin impact.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-20759
reference_id
reference_type
scores
0
value 0.01627
scoring_system epss
scoring_elements 0.82238
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-20759
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value 6.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb24-18.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value 6.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-11T04:01:07Z/
url https://helpx.adobe.com/security/products/magento/apsb24-18.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-20759
reference_id CVE-2024-20759
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
1
value 6.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-20759
4
reference_url https://github.com/advisories/GHSA-59vf-hjxc-f9c5
reference_id GHSA-59vf-hjxc-f9c5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-59vf-hjxc-f9c5
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p8
purl pkg:composer/magento/community-edition@2.4.4-p8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jsp-392b-2fgb
1
vulnerability VCID-3g5s-hryc-5qa9
2
vulnerability VCID-4dae-vty8-b7hk
3
vulnerability VCID-6p6q-ctya-q3bv
4
vulnerability VCID-ayfe-5a7g-u7b7
5
vulnerability VCID-bera-73sm-bbh7
6
vulnerability VCID-bzyh-c5tm-j7dn
7
vulnerability VCID-cafy-5dd8-rudj
8
vulnerability VCID-ccx1-qacj-2qev
9
vulnerability VCID-cm2a-1yc5-v3cy
10
vulnerability VCID-dj5a-35gt-u7dn
11
vulnerability VCID-dur2-pfke-h7hf
12
vulnerability VCID-e7zd-dn28-4bf1
13
vulnerability VCID-eygc-ra9u-gyej
14
vulnerability VCID-hfbb-ax6r-tbaz
15
vulnerability VCID-kq4m-anrt-rugn
16
vulnerability VCID-md7v-w5aq-t7h1
17
vulnerability VCID-qrwc-3gsb-zkfy
18
vulnerability VCID-tc3m-4bkg-qkcf
19
vulnerability VCID-th7y-aj51-mbaj
20
vulnerability VCID-tzug-ckkn-dyft
21
vulnerability VCID-wzu6-rbsv-mkde
22
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p8
1
url pkg:composer/magento/community-edition@2.4.5-p7
purl pkg:composer/magento/community-edition@2.4.5-p7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3zcy-b3th-ukhd
1
vulnerability VCID-5gxr-xksz-5ydb
2
vulnerability VCID-6t9w-cnkz-s3c3
3
vulnerability VCID-7hrm-jtbx-sqgm
4
vulnerability VCID-8msu-s38a-p7e3
5
vulnerability VCID-9cc9-npdc-8bac
6
vulnerability VCID-9vrt-uccb-myev
7
vulnerability VCID-a8gs-ervm-e3hm
8
vulnerability VCID-agtm-nkhp-dkdn
9
vulnerability VCID-ayfe-5a7g-u7b7
10
vulnerability VCID-b9ry-u6qy-j7cc
11
vulnerability VCID-bera-73sm-bbh7
12
vulnerability VCID-bkpz-ratd-e7ab
13
vulnerability VCID-bzyh-c5tm-j7dn
14
vulnerability VCID-cafy-5dd8-rudj
15
vulnerability VCID-cc8x-6es1-8kc5
16
vulnerability VCID-cqjn-3z6n-sff1
17
vulnerability VCID-dj5a-35gt-u7dn
18
vulnerability VCID-dpgz-dacm-sqg6
19
vulnerability VCID-du16-f2wp-t3cw
20
vulnerability VCID-dur2-pfke-h7hf
21
vulnerability VCID-e7zd-dn28-4bf1
22
vulnerability VCID-e9zx-zy9y-2fcp
23
vulnerability VCID-hfbb-ax6r-tbaz
24
vulnerability VCID-kezx-5nw5-hfen
25
vulnerability VCID-kq4m-anrt-rugn
26
vulnerability VCID-kuzc-uv5b-v7an
27
vulnerability VCID-m5z8-hz81-j7b7
28
vulnerability VCID-qj4x-u7gx-9uf1
29
vulnerability VCID-qrwc-3gsb-zkfy
30
vulnerability VCID-shfz-pxan-v3ar
31
vulnerability VCID-th7y-aj51-mbaj
32
vulnerability VCID-y4u6-cy8y-hyae
33
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p7
2
url pkg:composer/magento/community-edition@2.4.6-p5
purl pkg:composer/magento/community-edition@2.4.6-p5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2vsw-t8k2-4bfm
1
vulnerability VCID-3zcy-b3th-ukhd
2
vulnerability VCID-5gxr-xksz-5ydb
3
vulnerability VCID-6t9w-cnkz-s3c3
4
vulnerability VCID-6tx4-wexr-fkbb
5
vulnerability VCID-7hrm-jtbx-sqgm
6
vulnerability VCID-7pr7-uqp1-sugt
7
vulnerability VCID-7s3w-8dn6-jqh7
8
vulnerability VCID-7s74-rdkp-vyaf
9
vulnerability VCID-8hx4-r8bb-n7ge
10
vulnerability VCID-8ky6-w2nk-9bds
11
vulnerability VCID-8msu-s38a-p7e3
12
vulnerability VCID-9cc9-npdc-8bac
13
vulnerability VCID-9vrt-uccb-myev
14
vulnerability VCID-a8gs-ervm-e3hm
15
vulnerability VCID-a9b6-tenb-afdw
16
vulnerability VCID-agtm-nkhp-dkdn
17
vulnerability VCID-ayfe-5a7g-u7b7
18
vulnerability VCID-b3cn-pjp3-4yhm
19
vulnerability VCID-b9ry-u6qy-j7cc
20
vulnerability VCID-bch8-kq49-skhm
21
vulnerability VCID-bera-73sm-bbh7
22
vulnerability VCID-bkpz-ratd-e7ab
23
vulnerability VCID-bzyh-c5tm-j7dn
24
vulnerability VCID-cc8x-6es1-8kc5
25
vulnerability VCID-cqjn-3z6n-sff1
26
vulnerability VCID-d6mk-hg8h-7qbc
27
vulnerability VCID-dpgz-dacm-sqg6
28
vulnerability VCID-du16-f2wp-t3cw
29
vulnerability VCID-dur2-pfke-h7hf
30
vulnerability VCID-e7zd-dn28-4bf1
31
vulnerability VCID-e9zx-zy9y-2fcp
32
vulnerability VCID-eahe-s41f-ckc1
33
vulnerability VCID-evth-swm9-k3de
34
vulnerability VCID-fz5y-um7w-63f4
35
vulnerability VCID-gedj-39p5-ubd6
36
vulnerability VCID-gxj9-a1hc-47de
37
vulnerability VCID-hbau-7tvg-cygz
38
vulnerability VCID-hfbb-ax6r-tbaz
39
vulnerability VCID-jr49-4fs3-8qcp
40
vulnerability VCID-kezx-5nw5-hfen
41
vulnerability VCID-kje4-asu6-dfg2
42
vulnerability VCID-kq4m-anrt-rugn
43
vulnerability VCID-kuzc-uv5b-v7an
44
vulnerability VCID-m5z8-hz81-j7b7
45
vulnerability VCID-mhvf-2keh-2qar
46
vulnerability VCID-mjb6-7au8-5fdx
47
vulnerability VCID-ns8t-vtcn-aqh4
48
vulnerability VCID-qgpx-hgzu-5qgp
49
vulnerability VCID-qj4x-u7gx-9uf1
50
vulnerability VCID-qp7s-amch-v3cd
51
vulnerability VCID-qzqd-271b-ybfj
52
vulnerability VCID-r4bw-w4t9-23ek
53
vulnerability VCID-rduw-apr6-4fdu
54
vulnerability VCID-re84-qg3k-3ub3
55
vulnerability VCID-rxac-w9pd-aqe1
56
vulnerability VCID-s4bp-kzfu-8qfy
57
vulnerability VCID-scg7-ugdn-53b9
58
vulnerability VCID-shfz-pxan-v3ar
59
vulnerability VCID-te3b-exz5-zke1
60
vulnerability VCID-tvz9-8s4d-gbg6
61
vulnerability VCID-txb3-ez5r-r7ek
62
vulnerability VCID-ugyc-gehq-rudu
63
vulnerability VCID-vu36-a1g1-nugt
64
vulnerability VCID-vx13-4b1d-wbgp
65
vulnerability VCID-wvyx-2bbb-9yf7
66
vulnerability VCID-xk5y-7a1w-zba9
67
vulnerability VCID-xsq8-ztqh-ubb8
68
vulnerability VCID-y1v3-9tyq-uqhd
69
vulnerability VCID-y4u6-cy8y-hyae
70
vulnerability VCID-y7x4-664r-3fbk
71
vulnerability VCID-z2v2-n138-6ydv
72
vulnerability VCID-zdpz-8tc2-6kah
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p5
3
url pkg:composer/magento/community-edition@2.4.7
purl pkg:composer/magento/community-edition@2.4.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jsp-392b-2fgb
1
vulnerability VCID-2vsw-t8k2-4bfm
2
vulnerability VCID-3g5s-hryc-5qa9
3
vulnerability VCID-3zcy-b3th-ukhd
4
vulnerability VCID-4dae-vty8-b7hk
5
vulnerability VCID-5gxr-xksz-5ydb
6
vulnerability VCID-6p6q-ctya-q3bv
7
vulnerability VCID-6t9w-cnkz-s3c3
8
vulnerability VCID-6tx4-wexr-fkbb
9
vulnerability VCID-7hrm-jtbx-sqgm
10
vulnerability VCID-7pr7-uqp1-sugt
11
vulnerability VCID-7s3w-8dn6-jqh7
12
vulnerability VCID-7s74-rdkp-vyaf
13
vulnerability VCID-8hx4-r8bb-n7ge
14
vulnerability VCID-8ky6-w2nk-9bds
15
vulnerability VCID-8msu-s38a-p7e3
16
vulnerability VCID-8shb-t5zp-rqbu
17
vulnerability VCID-9cc9-npdc-8bac
18
vulnerability VCID-9vrt-uccb-myev
19
vulnerability VCID-a8gs-ervm-e3hm
20
vulnerability VCID-a9b6-tenb-afdw
21
vulnerability VCID-agtm-nkhp-dkdn
22
vulnerability VCID-ayfe-5a7g-u7b7
23
vulnerability VCID-b3cn-pjp3-4yhm
24
vulnerability VCID-b9ry-u6qy-j7cc
25
vulnerability VCID-bch8-kq49-skhm
26
vulnerability VCID-bera-73sm-bbh7
27
vulnerability VCID-bkpz-ratd-e7ab
28
vulnerability VCID-bzyh-c5tm-j7dn
29
vulnerability VCID-cafy-5dd8-rudj
30
vulnerability VCID-cc8x-6es1-8kc5
31
vulnerability VCID-ccx1-qacj-2qev
32
vulnerability VCID-cm2a-1yc5-v3cy
33
vulnerability VCID-cqjn-3z6n-sff1
34
vulnerability VCID-d6mk-hg8h-7qbc
35
vulnerability VCID-dj5a-35gt-u7dn
36
vulnerability VCID-dpgz-dacm-sqg6
37
vulnerability VCID-du16-f2wp-t3cw
38
vulnerability VCID-dur2-pfke-h7hf
39
vulnerability VCID-e7zd-dn28-4bf1
40
vulnerability VCID-e9zx-zy9y-2fcp
41
vulnerability VCID-eahe-s41f-ckc1
42
vulnerability VCID-egy6-nku7-zyap
43
vulnerability VCID-evth-swm9-k3de
44
vulnerability VCID-eygc-ra9u-gyej
45
vulnerability VCID-fz5y-um7w-63f4
46
vulnerability VCID-gedj-39p5-ubd6
47
vulnerability VCID-gxj9-a1hc-47de
48
vulnerability VCID-hbau-7tvg-cygz
49
vulnerability VCID-hfbb-ax6r-tbaz
50
vulnerability VCID-j6ss-8f4e-e7g2
51
vulnerability VCID-kezx-5nw5-hfen
52
vulnerability VCID-kje4-asu6-dfg2
53
vulnerability VCID-kq4m-anrt-rugn
54
vulnerability VCID-kuzc-uv5b-v7an
55
vulnerability VCID-kxnm-y19k-mqg2
56
vulnerability VCID-m5z8-hz81-j7b7
57
vulnerability VCID-md7v-w5aq-t7h1
58
vulnerability VCID-mhvf-2keh-2qar
59
vulnerability VCID-mjb6-7au8-5fdx
60
vulnerability VCID-ns8t-vtcn-aqh4
61
vulnerability VCID-qfw5-3tdu-x7g4
62
vulnerability VCID-qgpx-hgzu-5qgp
63
vulnerability VCID-qj4x-u7gx-9uf1
64
vulnerability VCID-qp7s-amch-v3cd
65
vulnerability VCID-qrwc-3gsb-zkfy
66
vulnerability VCID-qzqd-271b-ybfj
67
vulnerability VCID-r4bw-w4t9-23ek
68
vulnerability VCID-r7nh-arcj-8fb3
69
vulnerability VCID-rduw-apr6-4fdu
70
vulnerability VCID-re84-qg3k-3ub3
71
vulnerability VCID-rf6p-ct86-5bgz
72
vulnerability VCID-rxac-w9pd-aqe1
73
vulnerability VCID-s4bp-kzfu-8qfy
74
vulnerability VCID-scg7-ugdn-53b9
75
vulnerability VCID-shfz-pxan-v3ar
76
vulnerability VCID-tc3m-4bkg-qkcf
77
vulnerability VCID-te3b-exz5-zke1
78
vulnerability VCID-th7y-aj51-mbaj
79
vulnerability VCID-tvz9-8s4d-gbg6
80
vulnerability VCID-txb3-ez5r-r7ek
81
vulnerability VCID-tzug-ckkn-dyft
82
vulnerability VCID-ugyc-gehq-rudu
83
vulnerability VCID-vu36-a1g1-nugt
84
vulnerability VCID-vx13-4b1d-wbgp
85
vulnerability VCID-wvyx-2bbb-9yf7
86
vulnerability VCID-wzu6-rbsv-mkde
87
vulnerability VCID-xfvu-2zg4-ruf6
88
vulnerability VCID-xk5y-7a1w-zba9
89
vulnerability VCID-xsq8-ztqh-ubb8
90
vulnerability VCID-y1v3-9tyq-uqhd
91
vulnerability VCID-y4r1-yr69-uuf6
92
vulnerability VCID-y4u6-cy8y-hyae
93
vulnerability VCID-y7x4-664r-3fbk
94
vulnerability VCID-yyq6-dvyx-3bb9
95
vulnerability VCID-z2v2-n138-6ydv
96
vulnerability VCID-zdpz-8tc2-6kah
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7
aliases CVE-2024-20759, GHSA-59vf-hjxc-f9c5
risk_score 3.6
exploitability 0.5
weighted_severity 7.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b4jg-dj1a-9qd5
1
url VCID-ruru-fwmn-5kes
vulnerability_id VCID-ruru-fwmn-5kes
summary 
Magento Open Source allows Improper Input Validation
Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but the attack complexity is high.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-20758
reference_id
reference_type
scores
0
value 0.02201
scoring_system epss
scoring_elements 0.84756
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-20758
1
reference_url https://github.com/magento/magento2
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/magento/magento2
2
reference_url https://helpx.adobe.com/security/products/magento/apsb24-18.html
reference_id
reference_type
scores
0
value 9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
2
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-04-11T04:01:06Z/
url https://helpx.adobe.com/security/products/magento/apsb24-18.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-20758
reference_id CVE-2024-20758
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-20758
4
reference_url https://github.com/advisories/GHSA-wh4m-6rh3-p4rq
reference_id GHSA-wh4m-6rh3-p4rq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wh4m-6rh3-p4rq
fixed_packages
0
url pkg:composer/magento/community-edition@2.4.4-p8
purl pkg:composer/magento/community-edition@2.4.4-p8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jsp-392b-2fgb
1
vulnerability VCID-3g5s-hryc-5qa9
2
vulnerability VCID-4dae-vty8-b7hk
3
vulnerability VCID-6p6q-ctya-q3bv
4
vulnerability VCID-ayfe-5a7g-u7b7
5
vulnerability VCID-bera-73sm-bbh7
6
vulnerability VCID-bzyh-c5tm-j7dn
7
vulnerability VCID-cafy-5dd8-rudj
8
vulnerability VCID-ccx1-qacj-2qev
9
vulnerability VCID-cm2a-1yc5-v3cy
10
vulnerability VCID-dj5a-35gt-u7dn
11
vulnerability VCID-dur2-pfke-h7hf
12
vulnerability VCID-e7zd-dn28-4bf1
13
vulnerability VCID-eygc-ra9u-gyej
14
vulnerability VCID-hfbb-ax6r-tbaz
15
vulnerability VCID-kq4m-anrt-rugn
16
vulnerability VCID-md7v-w5aq-t7h1
17
vulnerability VCID-qrwc-3gsb-zkfy
18
vulnerability VCID-tc3m-4bkg-qkcf
19
vulnerability VCID-th7y-aj51-mbaj
20
vulnerability VCID-tzug-ckkn-dyft
21
vulnerability VCID-wzu6-rbsv-mkde
22
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p8
1
url pkg:composer/magento/community-edition@2.4.5-p7
purl pkg:composer/magento/community-edition@2.4.5-p7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3zcy-b3th-ukhd
1
vulnerability VCID-5gxr-xksz-5ydb
2
vulnerability VCID-6t9w-cnkz-s3c3
3
vulnerability VCID-7hrm-jtbx-sqgm
4
vulnerability VCID-8msu-s38a-p7e3
5
vulnerability VCID-9cc9-npdc-8bac
6
vulnerability VCID-9vrt-uccb-myev
7
vulnerability VCID-a8gs-ervm-e3hm
8
vulnerability VCID-agtm-nkhp-dkdn
9
vulnerability VCID-ayfe-5a7g-u7b7
10
vulnerability VCID-b9ry-u6qy-j7cc
11
vulnerability VCID-bera-73sm-bbh7
12
vulnerability VCID-bkpz-ratd-e7ab
13
vulnerability VCID-bzyh-c5tm-j7dn
14
vulnerability VCID-cafy-5dd8-rudj
15
vulnerability VCID-cc8x-6es1-8kc5
16
vulnerability VCID-cqjn-3z6n-sff1
17
vulnerability VCID-dj5a-35gt-u7dn
18
vulnerability VCID-dpgz-dacm-sqg6
19
vulnerability VCID-du16-f2wp-t3cw
20
vulnerability VCID-dur2-pfke-h7hf
21
vulnerability VCID-e7zd-dn28-4bf1
22
vulnerability VCID-e9zx-zy9y-2fcp
23
vulnerability VCID-hfbb-ax6r-tbaz
24
vulnerability VCID-kezx-5nw5-hfen
25
vulnerability VCID-kq4m-anrt-rugn
26
vulnerability VCID-kuzc-uv5b-v7an
27
vulnerability VCID-m5z8-hz81-j7b7
28
vulnerability VCID-qj4x-u7gx-9uf1
29
vulnerability VCID-qrwc-3gsb-zkfy
30
vulnerability VCID-shfz-pxan-v3ar
31
vulnerability VCID-th7y-aj51-mbaj
32
vulnerability VCID-y4u6-cy8y-hyae
33
vulnerability VCID-yyq6-dvyx-3bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p7
2
url pkg:composer/magento/community-edition@2.4.6-p5
purl pkg:composer/magento/community-edition@2.4.6-p5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2vsw-t8k2-4bfm
1
vulnerability VCID-3zcy-b3th-ukhd
2
vulnerability VCID-5gxr-xksz-5ydb
3
vulnerability VCID-6t9w-cnkz-s3c3
4
vulnerability VCID-6tx4-wexr-fkbb
5
vulnerability VCID-7hrm-jtbx-sqgm
6
vulnerability VCID-7pr7-uqp1-sugt
7
vulnerability VCID-7s3w-8dn6-jqh7
8
vulnerability VCID-7s74-rdkp-vyaf
9
vulnerability VCID-8hx4-r8bb-n7ge
10
vulnerability VCID-8ky6-w2nk-9bds
11
vulnerability VCID-8msu-s38a-p7e3
12
vulnerability VCID-9cc9-npdc-8bac
13
vulnerability VCID-9vrt-uccb-myev
14
vulnerability VCID-a8gs-ervm-e3hm
15
vulnerability VCID-a9b6-tenb-afdw
16
vulnerability VCID-agtm-nkhp-dkdn
17
vulnerability VCID-ayfe-5a7g-u7b7
18
vulnerability VCID-b3cn-pjp3-4yhm
19
vulnerability VCID-b9ry-u6qy-j7cc
20
vulnerability VCID-bch8-kq49-skhm
21
vulnerability VCID-bera-73sm-bbh7
22
vulnerability VCID-bkpz-ratd-e7ab
23
vulnerability VCID-bzyh-c5tm-j7dn
24
vulnerability VCID-cc8x-6es1-8kc5
25
vulnerability VCID-cqjn-3z6n-sff1
26
vulnerability VCID-d6mk-hg8h-7qbc
27
vulnerability VCID-dpgz-dacm-sqg6
28
vulnerability VCID-du16-f2wp-t3cw
29
vulnerability VCID-dur2-pfke-h7hf
30
vulnerability VCID-e7zd-dn28-4bf1
31
vulnerability VCID-e9zx-zy9y-2fcp
32
vulnerability VCID-eahe-s41f-ckc1
33
vulnerability VCID-evth-swm9-k3de
34
vulnerability VCID-fz5y-um7w-63f4
35
vulnerability VCID-gedj-39p5-ubd6
36
vulnerability VCID-gxj9-a1hc-47de
37
vulnerability VCID-hbau-7tvg-cygz
38
vulnerability VCID-hfbb-ax6r-tbaz
39
vulnerability VCID-jr49-4fs3-8qcp
40
vulnerability VCID-kezx-5nw5-hfen
41
vulnerability VCID-kje4-asu6-dfg2
42
vulnerability VCID-kq4m-anrt-rugn
43
vulnerability VCID-kuzc-uv5b-v7an
44
vulnerability VCID-m5z8-hz81-j7b7
45
vulnerability VCID-mhvf-2keh-2qar
46
vulnerability VCID-mjb6-7au8-5fdx
47
vulnerability VCID-ns8t-vtcn-aqh4
48
vulnerability VCID-qgpx-hgzu-5qgp
49
vulnerability VCID-qj4x-u7gx-9uf1
50
vulnerability VCID-qp7s-amch-v3cd
51
vulnerability VCID-qzqd-271b-ybfj
52
vulnerability VCID-r4bw-w4t9-23ek
53
vulnerability VCID-rduw-apr6-4fdu
54
vulnerability VCID-re84-qg3k-3ub3
55
vulnerability VCID-rxac-w9pd-aqe1
56
vulnerability VCID-s4bp-kzfu-8qfy
57
vulnerability VCID-scg7-ugdn-53b9
58
vulnerability VCID-shfz-pxan-v3ar
59
vulnerability VCID-te3b-exz5-zke1
60
vulnerability VCID-tvz9-8s4d-gbg6
61
vulnerability VCID-txb3-ez5r-r7ek
62
vulnerability VCID-ugyc-gehq-rudu
63
vulnerability VCID-vu36-a1g1-nugt
64
vulnerability VCID-vx13-4b1d-wbgp
65
vulnerability VCID-wvyx-2bbb-9yf7
66
vulnerability VCID-xk5y-7a1w-zba9
67
vulnerability VCID-xsq8-ztqh-ubb8
68
vulnerability VCID-y1v3-9tyq-uqhd
69
vulnerability VCID-y4u6-cy8y-hyae
70
vulnerability VCID-y7x4-664r-3fbk
71
vulnerability VCID-z2v2-n138-6ydv
72
vulnerability VCID-zdpz-8tc2-6kah
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p5
3
url pkg:composer/magento/community-edition@2.4.7
purl pkg:composer/magento/community-edition@2.4.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1jsp-392b-2fgb
1
vulnerability VCID-2vsw-t8k2-4bfm
2
vulnerability VCID-3g5s-hryc-5qa9
3
vulnerability VCID-3zcy-b3th-ukhd
4
vulnerability VCID-4dae-vty8-b7hk
5
vulnerability VCID-5gxr-xksz-5ydb
6
vulnerability VCID-6p6q-ctya-q3bv
7
vulnerability VCID-6t9w-cnkz-s3c3
8
vulnerability VCID-6tx4-wexr-fkbb
9
vulnerability VCID-7hrm-jtbx-sqgm
10
vulnerability VCID-7pr7-uqp1-sugt
11
vulnerability VCID-7s3w-8dn6-jqh7
12
vulnerability VCID-7s74-rdkp-vyaf
13
vulnerability VCID-8hx4-r8bb-n7ge
14
vulnerability VCID-8ky6-w2nk-9bds
15
vulnerability VCID-8msu-s38a-p7e3
16
vulnerability VCID-8shb-t5zp-rqbu
17
vulnerability VCID-9cc9-npdc-8bac
18
vulnerability VCID-9vrt-uccb-myev
19
vulnerability VCID-a8gs-ervm-e3hm
20
vulnerability VCID-a9b6-tenb-afdw
21
vulnerability VCID-agtm-nkhp-dkdn
22
vulnerability VCID-ayfe-5a7g-u7b7
23
vulnerability VCID-b3cn-pjp3-4yhm
24
vulnerability VCID-b9ry-u6qy-j7cc
25
vulnerability VCID-bch8-kq49-skhm
26
vulnerability VCID-bera-73sm-bbh7
27
vulnerability VCID-bkpz-ratd-e7ab
28
vulnerability VCID-bzyh-c5tm-j7dn
29
vulnerability VCID-cafy-5dd8-rudj
30
vulnerability VCID-cc8x-6es1-8kc5
31
vulnerability VCID-ccx1-qacj-2qev
32
vulnerability VCID-cm2a-1yc5-v3cy
33
vulnerability VCID-cqjn-3z6n-sff1
34
vulnerability VCID-d6mk-hg8h-7qbc
35
vulnerability VCID-dj5a-35gt-u7dn
36
vulnerability VCID-dpgz-dacm-sqg6
37
vulnerability VCID-du16-f2wp-t3cw
38
vulnerability VCID-dur2-pfke-h7hf
39
vulnerability VCID-e7zd-dn28-4bf1
40
vulnerability VCID-e9zx-zy9y-2fcp
41
vulnerability VCID-eahe-s41f-ckc1
42
vulnerability VCID-egy6-nku7-zyap
43
vulnerability VCID-evth-swm9-k3de
44
vulnerability VCID-eygc-ra9u-gyej
45
vulnerability VCID-fz5y-um7w-63f4
46
vulnerability VCID-gedj-39p5-ubd6
47
vulnerability VCID-gxj9-a1hc-47de
48
vulnerability VCID-hbau-7tvg-cygz
49
vulnerability VCID-hfbb-ax6r-tbaz
50
vulnerability VCID-j6ss-8f4e-e7g2
51
vulnerability VCID-kezx-5nw5-hfen
52
vulnerability VCID-kje4-asu6-dfg2
53
vulnerability VCID-kq4m-anrt-rugn
54
vulnerability VCID-kuzc-uv5b-v7an
55
vulnerability VCID-kxnm-y19k-mqg2
56
vulnerability VCID-m5z8-hz81-j7b7
57
vulnerability VCID-md7v-w5aq-t7h1
58
vulnerability VCID-mhvf-2keh-2qar
59
vulnerability VCID-mjb6-7au8-5fdx
60
vulnerability VCID-ns8t-vtcn-aqh4
61
vulnerability VCID-qfw5-3tdu-x7g4
62
vulnerability VCID-qgpx-hgzu-5qgp
63
vulnerability VCID-qj4x-u7gx-9uf1
64
vulnerability VCID-qp7s-amch-v3cd
65
vulnerability VCID-qrwc-3gsb-zkfy
66
vulnerability VCID-qzqd-271b-ybfj
67
vulnerability VCID-r4bw-w4t9-23ek
68
vulnerability VCID-r7nh-arcj-8fb3
69
vulnerability VCID-rduw-apr6-4fdu
70
vulnerability VCID-re84-qg3k-3ub3
71
vulnerability VCID-rf6p-ct86-5bgz
72
vulnerability VCID-rxac-w9pd-aqe1
73
vulnerability VCID-s4bp-kzfu-8qfy
74
vulnerability VCID-scg7-ugdn-53b9
75
vulnerability VCID-shfz-pxan-v3ar
76
vulnerability VCID-tc3m-4bkg-qkcf
77
vulnerability VCID-te3b-exz5-zke1
78
vulnerability VCID-th7y-aj51-mbaj
79
vulnerability VCID-tvz9-8s4d-gbg6
80
vulnerability VCID-txb3-ez5r-r7ek
81
vulnerability VCID-tzug-ckkn-dyft
82
vulnerability VCID-ugyc-gehq-rudu
83
vulnerability VCID-vu36-a1g1-nugt
84
vulnerability VCID-vx13-4b1d-wbgp
85
vulnerability VCID-wvyx-2bbb-9yf7
86
vulnerability VCID-wzu6-rbsv-mkde
87
vulnerability VCID-xfvu-2zg4-ruf6
88
vulnerability VCID-xk5y-7a1w-zba9
89
vulnerability VCID-xsq8-ztqh-ubb8
90
vulnerability VCID-y1v3-9tyq-uqhd
91
vulnerability VCID-y4r1-yr69-uuf6
92
vulnerability VCID-y4u6-cy8y-hyae
93
vulnerability VCID-y7x4-664r-3fbk
94
vulnerability VCID-yyq6-dvyx-3bb9
95
vulnerability VCID-z2v2-n138-6ydv
96
vulnerability VCID-zdpz-8tc2-6kah
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7
aliases CVE-2024-20758, GHSA-wh4m-6rh3-p4rq
risk_score 4.0
exploitability 0.5
weighted_severity 8.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ruru-fwmn-5kes
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p8