Adobe Adobe Commerce
169 CVEs affecting Adobe Adobe Commerce. Latest disclosed: 2026-05-12. Critical: 11, High: 63.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-45115 | Critical | 9.8 | 2024-10-10 | Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privi… |
CVE-2024-34102 | Critical | 9.8 | 2024-06-13 | Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulner… |
CVE-2025-54236 | Critical | 9.1 | 2025-09-09 | Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerabilit… |
CVE-2025-24434 | Critical | 9.1 | 2025-02-11 | Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could r… |
CVE-2024-34108 | Critical | 9.1 | 2024-06-13 | Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitra… |
CVE-2024-20719 | Critical | 9.1 | 2024-02-15 | Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an a… |
CVE-2024-20720 | Critical | 9.1 | 2024-02-15 | Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Comm… |
CVE-2022-24093 | Critical | 9.1 | 2023-09-12 | Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability. Exploitation of this issu… |
CVE-2021-36023 | Critical | 9.1 | 2023-09-06 | Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Upd… |
CVE-2024-39397 | Critical | 9.0 | 2024-08-14 | Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability tha… |
CVE-2024-20758 | Critical | 9.0 | 2024-04-10 | Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in a… |
CVE-2024-45148 | High | 8.8 | 2024-10-10 | Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in a sec… |
CVE-2023-38218 | High | 8.8 | 2023-10-13 | Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Incorrect Autho… |
CVE-2022-42344 | High | 8.8 | 2022-10-20 | Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Incorrect Authorization vulnerability. An aut… |
CVE-2026-34686 | High | 8.7 | 2026-05-12 | Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting (XSS) vulner… |
CVE-2026-34653 | High | 8.7 | 2026-05-12 | Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Limitation of a Pathname to a… |
CVE-2026-21290 | High | 8.7 | 2026-03-11 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulne… |
CVE-2025-49557 | High | 8.7 | 2025-08-12 | Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting (XSS) vulne… |
CVE-2025-24414 | High | 8.7 | 2025-02-11 | Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability tha… |
CVE-2025-24415 | High | 8.7 | 2025-02-11 | Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability tha… |