Magento commerce
This hub aggregates every CVE we track for Magento commerce, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
104
CVEs tracked
31
Critical
22
High
1
In CISA KEV
Severity distribution
MEDIUM47CRITICAL31HIGH22LOW4
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Magento commerce.
- CVE-2021-36036Magento Commerce Media Gallery Upload Improper Access Control Could Lead To Remote Code Execution7.2
- CVE-2021-36021Magento Commerce CMS Page Improper Input Validation Could Lead To Remote Code Execution7.2
- CVE-2021-36023Magento Commerce Widgets Update Layout XML Injection Vulnerability Could Lead To Remote Code Execution9.1
- CVE-2023-38208Validate Your Inputs | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)9.1
- CVE-2023-38209Adobe Commerce Incorrect Authorization Security feature bypass6.5
- CVE-2023-29287Adobe Commerce Information Exposure Security feature bypass5.3
- CVE-2023-29296[Cloud] Customer suspects IDOR vulnerability4.3
- CVE-2023-29291Server Side Request Forgery (SSRF) in USPS carrier integration configuration4.9
- CVE-2023-29289Adobe Commerce XML Injection Security feature bypass6.5
- CVE-2023-29297Admin-to-admin stored XSS via cache poisoning9.1
- CVE-2023-29295Insecure Direct Object Reference (IDOR) in Create Quote Function4.3
- CVE-2023-29292Server Side Request Forgery (SSRF) in FedEx carrier integration configuration4.9
- CVE-2023-29294Bypass Purchase Order Approval using Company User in Adobe Commerce B2B4.3
- CVE-2023-29290Adobe Commerce Guest Cart Shipping Address Overwrite IDOR 5.3
- CVE-2023-22248Adobe Commerce Incorrect Authorization Security feature bypass7.5
Product normalization is registry-driven with AI assist and human review. How it works