In Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, and 2.4.4-p9 a medium severity vulnerability CVE-2024-39410 was detected. This vulnerability allows attackers to perform unauthorized actions on behalf of a user by tricking them into interacting with a malicious request. To fix this problem, users should upgrade Magento to versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, and 2.4.4-p10. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-39410.
Read more E-commerceIn Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, and 2.4.4-p9 a high severity vulnerability CVE-2024-39401 was detected. This vulnerability lets an admin attacker accidentally run harmful commands on the system due to how special input elements are handled, needing user interaction to trigger the problem. To fix this issue, users should upgrade Magento to versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-39401.
Read more E-commerceIn Magento Open Source versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9, and earlier a medium severity vulnerability CVE-2024-39419 was detected. This problem allows someone with limited access to bypass security protections and make small changes without permission. It can be exploited without any user action. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-39419.
Read more E-commerceIn Magento Open Source 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, and 2.4.4-p9 a medium severity vulnerability CVE-2024-39418 was detected. This vulnerability allows attackers to bypass security measures and gain unauthorized access to view and edit low-sensitivity information without needing any user interaction. To fix this problem, users should upgrade Magento Open Source to versions 2.4.7-p2 for 2.4.7-p1 and earlier, 2.4.6-p7 for 2.4.6-p6 and earlier, 2.4.5-p9 for 2.4.5-p8 and earlier, and 2.4.4-p10 for 2.4.4-p9 and earlier. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-39418.
Read more E-commerceIn Magento Open Source versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9, and earlier a medium severity vulnerability CVE-2024-39417 was detected. This vulnerability allows low-privileged attackers to bypass security features and access minor information without user interaction. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-39417.
Read more E-commerceIn Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9, and earlier a medium severity vulnerability CVE-2024-39416 was detected. This vulnerability allows low-privileged attackers to bypass security features and disclose minor information without requiring user interaction. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-39416.
Read more E-commerceIn WooCommerce versions before 3.5.1 a medium severity vulnerability CVE-2024-43128 was detected. This vulnerability allows an attacker to inject malicious code due to insufficient input validation. To fix this issue, users must upgrade to a version later than 3.5.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43128.
Read more E-commerceIn Prestashop v.8.1.7 and earlier a critical severity vulnerability CVE-2024-41651 was detected. It allows a remote attacker to run arbitrary code through the module upgrade feature. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-41651.
Read more E-commerceIn Magento Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier a high severity Server-Side Request Forgery (SSRF) vulnerability CVE-2024-34111 was detected. This vulnerability allows attackers to force the application to make arbitrary requests, potentially leading to arbitrary file system reads. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-34111.
Read more E-commerce