CVE-2025-54236 critical 9.1
10.0
9mo ago
Adobe Commerce and Magento Open Source contain an improper input validation vulnerability that could allow an attacker to take over customer accounts through the Commerce REST API.
php
CVE-2016-6485 high 7.5
7.5
9y ago
Unauthenticated crypto and weak IV in Magento\Framework\Encryption
php
CVE-2025-54265 medium 5.9
5.9
8mo ago
Magento allows incorrect authorization
php
CVE-2024-34102 unknown —
1.5
2y ago
Adobe Commerce and Magento Open Source contain an improper restriction of XML external entity reference (XXE) vulnerability that allows for remote code execution.
php
CVE-2022-24086 unknown —
1.5
4y ago
Adobe Commerce and Magento Open Source contain an improper input validation vulnerability which can allow for arbitrary code execution.
php
CVE-2025-54264 unknown —
—
8mo ago
Magento vulnerable to stored Cross-Site Scripting (XSS)
php
CVE-2025-54266 unknown —
—
8mo ago
Magento vulnerable to stored Cross-Site Scripting (XSS)
php
CVE-2025-54267 unknown —
—
8mo ago
Magento vulnerable to privilege escalation due to incorrect authorization
php
CVE-2025-54263 unknown —
—
8mo ago
Magento provides incorrect authorization through a security feature bypass
php
CVE-2025-49556 unknown —
—
10mo ago
Magento has incorrect authorization issue that leads to arbitrary file system read
php
CVE-2025-49558 unknown —
—
10mo ago
Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
php
CVE-2025-49557 unknown —
—
10mo ago
Magento Cross-site Scripting vulnerability
php
CVE-2025-49559 unknown —
—
10mo ago
Magento vulnerable to path traversal
php
CVE-2025-49555 unknown —
—
10mo ago
Magento Cross-Site Request Forgery (CSRF) vulnerability
php
CVE-2025-49554 unknown —
—
10mo ago
Magento vulnerable to denial of service
php
CVE-2025-49549 unknown —
—
11mo ago
Magento Authenticated Security feature bypass
php
CVE-2025-49550 unknown —
—
11mo ago
Magento Security feature bypass
php
CVE-2025-47110 unknown —
—
1y ago
Magneto contains stored XSS vulnerability
php
CVE-2025-43585 unknown —
—
1y ago
Magento Improper Authorization leading to security feature bypass
php
CVE-2025-27206 unknown —
—
1y ago
Magento Improper Access Control leads to security feature bypass
php
CVE-2025-27191 unknown —
—
1y ago
Magento Improper Access Control leads to Security feature bypass
php
CVE-2025-27188 unknown —
—
1y ago
Magento Improper Authorization vulnerability
php
CVE-2025-27192 unknown —
—
1y ago
Magento does not properly protect credentials
php
CVE-2025-27190 unknown —
—
1y ago
Magento Improper Access Control leads to Security feature bypass
php
CVE-2025-24434 unknown —
—
1y ago
Improper Authorization vulnerability in Magento and Adobe Commerce
php
CVE-2025-24430 unknown —
—
1y ago
Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
php
CVE-2025-24425 unknown —
—
1y ago
Magento Business Logic Error vulnerability
php
CVE-2025-24437 unknown —
—
1y ago
Magento Improper Access Control vulnerability
php
CVE-2025-24432 unknown —
—
1y ago
Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
php
CVE-2025-24427 unknown —
—
1y ago
Magento Improper Access Control vulnerability
php
CVE-2025-24436 unknown —
—
1y ago
Magento Improper Access Control vulnerability
php
CVE-2025-24438 unknown —
—
1y ago
Magento stored Cross-Site Scripting (XSS) vulnerability
php
CVE-2025-24435 unknown —
—
1y ago
Magento Improper Access Control vulnerability
php
CVE-2025-24428 unknown —
—
1y ago
Magento stored Cross-Site Scripting (XSS) vulnerability
php
CVE-2025-24429 unknown —
—
1y ago
Magento Improper Access Control vulnerability
php
CVE-2025-24408 unknown —
—
1y ago
Magento Information Exposure vulnerability
php
CVE-2025-24406 unknown —
—
1y ago
Adobe Commerce Path Traversal
php
CVE-2025-24416 unknown —
—
1y ago
Magento Stored Cross-Site Scripting (XSS) Vulnerability
php
CVE-2025-24424 unknown —
—
1y ago
Magento Improper Access Control vulnerability
php
CVE-2025-24412 unknown —
—
1y ago
Magento Stored Cross-Site Scripting (XSS) Vulnerability
php
CVE-2025-24421 unknown —
—
1y ago
Magento Incorrect Authorization vulnerability
php
CVE-2025-24417 unknown —
—
1y ago
Magento Stored Cross-Site Scripting (XSS) Vulnerability
php
CVE-2025-24415 unknown —
—
1y ago
Magento Stored Cross-Site Scripting (XSS) Vulnerability
php
CVE-2025-24411 unknown —
—
1y ago
Magento Improper Access Control vulnerability
php
CVE-2025-24410 unknown —
—
1y ago
Magento Stored Cross-Site Scripting (XSS) Vulnerability
php
CVE-2025-24413 unknown —
—
1y ago
Magento Stored Cross-Site Scripting (XSS) Vulnerability
php
CVE-2025-24409 unknown —
—
1y ago
Adobe Commerce Improper Authorization vulnerability
php
CVE-2025-24414 unknown —
—
1y ago
Magento Stored Cross-Site Scripting (XSS) Vulnerability
php
CVE-2024-45133 unknown —
—
2y ago
Magento Open Source Information Exposure vulnerability
php
CVE-2024-45149 unknown —
—
2y ago
Magento Open Source Improper Access Control vulnerability
php
CVE-2024-45134 unknown —
—
2y ago
Magento Open Source Information Exposure vulnerability
php
CVE-2024-45132 unknown —
—
2y ago
Magento Open Source Improper Authorization vulnerability
php
CVE-2024-45131 unknown —
—
2y ago
Magento Open Source Improper Authorization vulnerability
php
CVE-2024-45135 unknown —
—
2y ago
Magento Open Source Improper Access Control vulnerability
php
CVE-2024-45117 unknown —
—
2y ago
Magento Open Source Improper Input Validation vulnerability
php
CVE-2024-45121 unknown —
—
2y ago
Magento Open Source Improper Access Control vulnerability
php
CVE-2024-45125 unknown —
—
2y ago
Magento Open Source Incorrect Authorization vulnerability
php
CVE-2024-45127 unknown —
—
2y ago
Magento Open Source stored Cross-Site Scripting (XSS) vulnerability
php
CVE-2024-45128 unknown —
—
2y ago
Magento Open Source Improper Authorization vulnerability
php
CVE-2024-45120 unknown —
—
2y ago
Magento Open Source Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
php
CVE-2024-45122 unknown —
—
2y ago
Magento Open Source Improper Access Control vulnerability
php
CVE-2024-45119 unknown —
—
2y ago
Magento Open Source Server-Side Request Forgery (SSRF) vulnerability
php
CVE-2024-45129 unknown —
—
2y ago
Magento Open Source Improper Access Control vulnerability
php
CVE-2024-45130 unknown —
—
2y ago
Magento Open Source Improper Access Control vulnerability
php
CVE-2024-45116 unknown —
—
2y ago
Magento Open Source Cross-Site Scripting (XSS) vulnerability
php
CVE-2024-45118 unknown —
—
2y ago
Magento Open Source Improper Access Control vulnerability
php
CVE-2024-45124 unknown —
—
2y ago
Magento Open Source Improper Access Control vulnerability
php
CVE-2024-45123 unknown —
—
2y ago
Magento Open Source reflected Cross-Site Scripting (XSS) vulnerability
php
CVE-2024-39415 unknown —
—
2y ago
Magento Improper Authorization Leading to Security feature bypass
php
CVE-2024-39414 unknown —
—
2y ago
Magento Improper Access Control Leads to Privilege escalation
php
CVE-2024-39406 unknown —
—
2y ago
Magento Open Source Path Traversal vulnerability
php
CVE-2024-39419 unknown —
—
2y ago
Magento Improper Access Control Leads to Privilege escalation
php
CVE-2024-39417 unknown —
—
2y ago
Magento Improper Authorization leads to Security feature bypass
php
CVE-2024-39411 unknown —
—
2y ago
Magento Improper Authorization leads to security feature bypass
php
CVE-2024-39418 unknown —
—
2y ago
Magento Improper Authorization vulnerability
php
CVE-2024-39410 unknown —
—
2y ago
Magento Open Source Cross-Site Request Forgery (CSRF) vulnerability
php
CVE-2024-39409 unknown —
—
2y ago
Magento Open Source Cross-Site Request Forgery (CSRF) vulnerability
php
CVE-2024-39413 unknown —
—
2y ago
Magento Improper Authorization vulnerability
php
CVE-2024-39408 unknown —
—
2y ago
Magento Open Source Cross-Site Request Forgery vulnerability
php
CVE-2024-39407 unknown —
—
2y ago
Magento Improper Authorization vulnerability
php
CVE-2024-39416 unknown —
—
2y ago
Magento Improper Authorization leads to Security feature bypass
php
CVE-2024-39412 unknown —
—
2y ago
Magento Open Source Improper Authorization vulnerability
php
CVE-2024-39401 unknown —
—
2y ago
Magento OS Command ('OS Command Injection') vulnerability
php
CVE-2024-39404 unknown —
—
2y ago
Magento Improper Authorization vulnerability
php
CVE-2024-39403 unknown —
—
2y ago
Magento Stored Cross-Site Scripting (XSS) vulnerability
php
CVE-2024-39405 unknown —
—
2y ago
Magento Improper Authorization vulnerability
php
CVE-2024-39402 unknown —
—
2y ago
Magento OS Command ('OS Command Injection') vulnerability
php
CVE-2024-39398 unknown —
—
2y ago
Magento does not properly restrict excessive authentication attempts
php
CVE-2024-39399 unknown —
—
2y ago
Magento Path Traversal vulnerability
php
CVE-2024-39400 unknown —
—
2y ago
Magento DOM-based Cross-Site Scripting (XSS) vulnerability
php
CVE-2024-34111 unknown —
—
2y ago
Magento Open Source Server-Side Request Forgery (SSRF) vulnerability
php
CVE-2024-34106 unknown —
—
2y ago
Magento Open Source Incorrect Authorization vulnerability
php
CVE-2024-34105 unknown —
—
2y ago
Magento Open Source Cross-Site Scripting (XSS) vulnerability
php
CVE-2024-34104 unknown —
—
2y ago
Magento Open Source Improper Authorization vulnerability
php
CVE-2024-34107 unknown —
—
2y ago
Magento Open Source Improper Access Control vulnerability
php
CVE-2024-34103 unknown —
—
2y ago
Magento Open Source Improper Authentication vulnerability
php
CVE-2024-20758 unknown —
—
2y ago
Magento Open Source allows Improper Input Validation
php
CVE-2024-20759 unknown —
—
2y ago
Magento Open Source allows Cross-Site Scripting (XSS)
php
CVE-2024-20719 unknown —
—
2y ago
Magento Open Source allows Cross-Site Scripting (XSS)
php
CVE-2024-20716 unknown —
—
2y ago
Magento Open Source allows Uncontrolled Resource Consumption
php