Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
commerce server vulnerabilities and exploits
(subscribe to this query)
4.9
CVSSv3
CVE-2023-29292
Adobe Commerce versions 2.4.6 (and previous versions), 2.4.5-p2 (and previous versions) and 2.4.4-p3 (and previous versions) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker...
Adobe Commerce 2.3.7
Adobe Commerce 2.4.3
Adobe Commerce 2.4.4
Adobe Commerce 2.4.5
Adobe Commerce 2.4.6
Adobe Magento 2.4.4
Adobe Magento 2.4.5
Adobe Magento 2.4.6
Adobe Commerce 2.4.0
Adobe Commerce 2.4.1
Adobe Commerce 2.4.2
NA
CVE-2002-2073
Cross-site scripting (XSS) vulnerability in the default ASP pages on Microsoft Site Server 3.0 on Windows NT 4.0 allows remote malicious users to inject arbitrary web script or HTML via the (1) ctr parameter in Default.asp and (2) the query string to formslogin.asp.
Microsoft Site Server Commerce 3.0
Microsoft Site Server 3.0
Microsoft Windows Nt 4.0
1 EDB exploit
6.8
CVSSv3
CVE-2023-26366
Adobe Commerce versions 2.4.7-beta1 (and previous versions), 2.4.6-p2 (and previous versions), 2.4.5-p4 (and previous versions) and 2.4.4-p5 (and previous versions) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A...
Adobe Commerce 2.3.7
Adobe Commerce 2.4.3
Adobe Commerce 2.4.4
Adobe Commerce 2.4.5
Adobe Commerce 2.4.6
Adobe Magento 2.4.4
Adobe Magento 2.4.5
Adobe Magento 2.4.6
Adobe Commerce 2.4.0
Adobe Commerce 2.4.1
Adobe Commerce 2.4.2
Adobe Magento 2.4.7
Adobe Commerce 2.4.7
NA
CVE-1999-0910
Microsoft Site Server and Commercial Internet System (MCIS) do not set an expiration for a cookie, which could then be cached by a proxy and inadvertently used by a different user.
Microsoft Site Server Commerce 3.0
Microsoft Commercial Internet System 2.5
Microsoft Site Server 3.0
Microsoft Commercial Internet System 2.0
5.3
CVSSv3
CVE-2020-26811
SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated malicious user to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request l...
Sap Commerce Cloud \\(accelerator Payment Mock\\) 1808
Sap Commerce Cloud \\(accelerator Payment Mock\\) 1811
Sap Commerce Cloud \\(accelerator Payment Mock\\) 1905
Sap Commerce Cloud \\(accelerator Payment Mock\\) 2005
NA
CVE-1999-0861
Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext.
Microsoft Site Server 3.0
Microsoft Commercial Internet System 2.0
Microsoft Internet Information Server 4.0
Microsoft Commercial Internet System 2.5
Microsoft Site Server Commerce 3.0
4.3
CVSSv3
CVE-2023-37532
HCL Commerce Remote Store server could allow a remote attacker, using a specially-crafted URL, to read arbitrary files on the system.
Hcltech Commerce
8.8
CVSSv3
CVE-2018-1808
IBM WebSphere Commerce 9.0.0.0 up to and including 9.0.0.6 could allow some server-side code injection due to inadequate input control. IBM X-Force ID: 149828.
Ibm Websphere Commerce
5
CVSSv3
CVE-2021-27785
HCL Commerce's Remote Store server could allow a local malicious user to obtain sensitive personal information. The vulnerability requires the victim to first perform a particular operation on the website.
Hcltechsw Hcl Commerce
7.5
CVSSv3
CVE-2021-36044
Magento Commerce versions 2.4.2 (and previous versions), 2.4.2-p1 (and previous versions) and 2.3.7 (and previous versions) are affected by an improper input validation vulnerability. An unauthenticated attacker could abuse this vulnerability to cause a server-side denial-of-serv...
Adobe Adobe Commerce
Adobe Adobe Commerce 2.4.2
Adobe Magento Open Source
Adobe Magento Open Source 2.4.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »