magento/project-community-edition Security Advisories for 0.74.0-beta8 (62)
-
[CRITICAL] Improper Authorization vulnerability in Magento and Adobe Commerce
PKSA-yyc4-y66r-jjjj CVE-2025-24434 GHSA-fppq-f2m6-xv5c
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento stored Cross-Site Scripting (XSS) vulnerability
PKSA-z2xt-wddc-4p24 CVE-2025-24438 GHSA-8884-7rm9-mrx4
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Business Logic Error vulnerability
PKSA-tvs5-ndw3-3gtb CVE-2025-24425 GHSA-6ff8-jrfg-43hh
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control vulnerability
PKSA-9ydt-2mcr-32qb CVE-2025-24427 GHSA-v3hq-g424-5mgg
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento stored Cross-Site Scripting (XSS) vulnerability
PKSA-tpt2-8yg8-qn5g CVE-2025-24428 GHSA-mm87-rrqx-94cr
Affected version: <=2.0.2
Reported by:
GitHub -
[LOW] Magento Improper Access Control vulnerability
PKSA-ypn7-w7vg-dsq3 CVE-2025-24429 GHSA-656q-fx2w-8ccv
Affected version: <=2.0.2
Reported by:
GitHub -
[LOW] Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
PKSA-8p2p-vnj4-yrk7 CVE-2025-24430 GHSA-6w27-c66f-gvhq
Affected version: <=2.0.2
Reported by:
GitHub -
[LOW] Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
PKSA-1bhd-hgqf-cyxr CVE-2025-24432 GHSA-7jmr-43qj-pw47
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control vulnerability
PKSA-y1b3-85dn-dn7m CVE-2025-24435 GHSA-82p4-55gj-956p
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control vulnerability
PKSA-y865-mwrz-phms CVE-2025-24436 GHSA-ghpr-6qhr-rpp8
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control vulnerability
PKSA-c2zm-21rv-25c6 CVE-2025-24437 GHSA-469f-wf4f-3jjv
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-hvsj-kptj-27zf CVE-2025-24416 GHSA-rjjw-g6hw-7pc9
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Adobe Commerce Path Traversal
PKSA-dh2d-5mwk-96tg CVE-2025-24406 GHSA-954p-ff72-327w
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Information Exposure vulnerability
PKSA-xr11-y3bp-dn74 CVE-2025-24408 GHSA-3cfg-w257-cgf8
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Adobe Commerce Improper Authorization vulnerability
PKSA-dc79-d7y1-hqyg CVE-2025-24409 GHSA-vw47-79jv-3598
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-45vf-bpkb-pjdf CVE-2025-24410 GHSA-gjxp-46rq-wg4q
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Improper Access Control vulnerability
PKSA-yzxf-m1fz-3vtv CVE-2025-24411 GHSA-36hw-x3cc-m258
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-gf1j-gp76-gfxd CVE-2025-24412 GHSA-m4rg-mpp2-97px
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-7y5d-fvj3-6td4 CVE-2025-24413 GHSA-xwgx-8v72-4j5j
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-9j9m-fy1m-zf94 CVE-2025-24414 GHSA-fhw6-3mj5-w9gv
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-5pvr-47mr-pm8m CVE-2025-24415 GHSA-gc27-rvvm-q77r
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-mp6w-9p7n-6ssm CVE-2025-24417 GHSA-g3j6-9753-8mp2
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Incorrect Authorization vulnerability
PKSA-s18y-x3y8-m1x1 CVE-2025-24421 GHSA-v6r2-425c-hfrr
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control vulnerability
PKSA-951b-x3mq-6x75 CVE-2025-24424 GHSA-539v-w87w-w62c
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Open Source has Improper Access Control vulnerability
PKSA-qzv8-1n8s-nwtw CVE-2022-35692 GHSA-gm4m-9rm8-7rxj
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Improper Authorization vulnerability in the customers module
PKSA-6s73-s4rz-4fyb CVE-2021-28567 GHSA-cc3w-r3w8-hfh7
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Violation of Secure Design Principles vulnerability in RMA PDF filename formats
PKSA-1s1d-4jtm-mgtx CVE-2021-28583 GHSA-7gh6-f4jh-3crq
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento DOM-based Cross-Site Scripting vulnerability on mage-messages cookies
PKSA-jcpc-gqzs-vckj CVE-2021-28556 GHSA-39ch-rg26-gmq5
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Improper input validation vulnerability
PKSA-kf59-4nmv-jgxn CVE-2021-28585 GHSA-c38m-9668-6j2w
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Path Traversal vulnerability
PKSA-wsvj-3mm9-cfsj CVE-2021-28584 GHSA-7gpv-xrjr-f5h4
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Insufficient Session Expiration
PKSA-zczy-vth9-dsr8 CVE-2021-21031 GHSA-4h3p-63x6-vwg2
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Insufficient Session Expiration
PKSA-srzx-p6c6-js6b CVE-2021-21032 GHSA-4jfq-f8hc-775q
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento stored cross-site scripting (XSS) in the customer address upload feature
PKSA-sv5d-15yf-jkvt CVE-2021-21030 GHSA-6988-g89m-27vf
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento cross-site request forgery (CSRF) vulnerability via the GraphQL API
PKSA-nr3b-gd6w-ssxv CVE-2021-21027 GHSA-h4xc-577p-hgj9
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento improper authorization vulnerability in the integrations module
PKSA-4v3y-vz4c-v2jc CVE-2021-21026 GHSA-crjc-2v9m-8w7r
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento stored cross-site scripting vulnerability in the admin console
PKSA-2j3k-3g44-cnjj CVE-2021-21023 GHSA-h5rm-m772-6qcx
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Insecure Direct Object Reference (IDOR) in the product module
PKSA-m69c-bhkr-wybc CVE-2021-21022 GHSA-8pfq-g48p-x7w8
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento vulnerable to a file upload restriction bypass
PKSA-9362-vs4v-j6vt CVE-2021-21014 GHSA-269w-pqc7-68q9
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control
PKSA-g3cj-592k-1jnk CVE-2021-21020 GHSA-2j6v-829g-885q
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento XPath Injection
PKSA-vf7x-93bd-9dxz CVE-2021-21025 GHSA-h437-qjj9-vmq4
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento OS command injection via the WebAPI
PKSA-3x4h-dj99-1bb6 CVE-2021-21016 GHSA-792f-c8mp-2cr5
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento 2 Community Edition RCE via Unsafe File Upload
PKSA-5gcm-4f3h-ccq3 CVE-2020-24407 GHSA-7pxg-6p87-8c9v
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento 2 Community Edition Incorrect Authorization
PKSA-897p-xmvy-tt74 CVE-2020-24401 GHSA-f2g3-3c6q-4478
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento incorrect permissions vulnerability in the Integrations component
PKSA-k3wv-nm33-qyds CVE-2020-24402 GHSA-hvf5-4jr9-fghh
Affected version: <=2.0.2
Reported by:
GitHub -
[LOW] Magento incorrect user permissions vulnerability within the Inventory component
PKSA-z7pr-jrtx-p1ns CVE-2020-24403 GHSA-39rw-4m66-82gf
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento DOM-based Cross-site scripting vulnerability
PKSA-hwcd-t2bm-dpxv CVE-2020-9691 GHSA-g7pc-799q-743f
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento path traversal vulnerability
PKSA-vn8z-wfpr-9z9r CVE-2020-9689 GHSA-fr6f-xmfx-rrpq
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento security mitigation bypass vulnerability
PKSA-rwgp-ksc5-wcwr CVE-2020-9632 GHSA-6w29-x5j4-qhrw
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento business logic error vulnerability
PKSA-mxvf-4dqk-jkm7 CVE-2020-9630 GHSA-5j4w-v87m-8r65
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento security mitigation bypass vulnerability
PKSA-kxq8-h6yb-km6x CVE-2020-9631 GHSA-gffx-9f36-r8wp
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento Signature verification bypass
PKSA-b4sj-b4fw-vq95 CVE-2020-9588 GHSA-j2r4-2cr6-h3r3
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento command injection vulnerability
PKSA-d3r6-279w-y1d1 CVE-2020-9582 GHSA-c3m4-hxv9-4mxj
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento command injection vulnerability
PKSA-z6wq-jnnt-bc5n CVE-2020-9583 GHSA-c55h-7q4j-g6rq
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento Stored cross-site scripting
PKSA-pn9b-bn7v-6qgq CVE-2020-9584 GHSA-45h4-6gcj-6hwv
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento Defense-in-depth security mitigation vulnerability
PKSA-7h8p-1s1w-tr6y CVE-2020-9585 GHSA-55gv-hfg3-hwjq
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento authorization bypass vulnerability
PKSA-xt9x-ch8p-mqqg CVE-2020-9587 GHSA-8wm7-h2qh-ff4c
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento stored cross-site scripting vulnerability
PKSA-85pv-nkv7-zjm3 CVE-2020-9581 GHSA-2w2x-7qgj-4x78
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento Security mitigation bypass vulnerability
PKSA-fbhc-z78m-yk4d CVE-2020-9580 GHSA-j2jp-58gv-g2pg
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento command injection vulnerability
PKSA-7t4x-z168-kw9z CVE-2020-9578 GHSA-724x-gqhv-9c5x
Affected version: <=2.0.2
Reported by:
GitHub -
[MEDIUM] Magento stored cross-site scripting vulnerability
PKSA-bk74-986b-ccds CVE-2020-9577 GHSA-689w-2f93-2x67
Affected version: <=2.0.2
Reported by:
GitHub -
[CRITICAL] Magento command injection vulnerability
PKSA-n1g6-9qfx-sxg9 CVE-2020-9576 GHSA-4f7x-gjqc-qqpg
Affected version: <=2.0.2
Reported by:
GitHub -
[HIGH] Magento 2 Community Edition RCE Vulnerability
PKSA-dj7f-ngy7-v828 CVE-2019-8114 GHSA-crv7-r357-gw3w
Affected version: <1.9.4.3
Reported by:
GitHub