| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-39399 | [Paris] Path Traversal lead to local file read | Adobe | Adobe Commerce | High | 7.7 | 2024-08-14 11:57:19 | Deep Dive |
| CVE-2024-39408 | Adobe Commerce | Cross-Site Request Forgery (CSRF) (CWE-352) | Adobe | Adobe Commerce | Medium | 4.3 | 2024-08-14 11:57:19 | Deep Dive |
| CVE-2024-39417 | An unauthorized user can export the Shipping Report | Adobe | Adobe Commerce | Medium | 4.3 | 2024-08-14 11:57:18 | Deep Dive |
| CVE-2024-39410 | Adobe Commerce | Cross-Site Request Forgery (CSRF) (CWE-352) | Adobe | Adobe Commerce | Medium | 4.3 | 2024-08-14 11:57:17 | Deep Dive |
| CVE-2024-39407 | Adobe Commerce | Improper Authorization (CWE-285) | Adobe | Adobe Commerce | Medium | 4.3 | 2024-08-14 11:57:16 | Deep Dive |
| CVE-2024-39398 | OTP 2FA can be bruteforced | Adobe | Adobe Commerce | High | 7.4 | 2024-08-14 11:57:16 | Deep Dive |
| CVE-2024-39401 | Adobe Commerce | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78) | Adobe | Adobe Commerce | High | 8.4 | 2024-08-14 11:57:15 | Deep Dive |
| CVE-2024-39397 | Adobe Commerce | Unrestricted Upload of File with Dangerous Type (CWE-434) | Adobe | Adobe Commerce | Critical | 9.0 | 2024-08-14 11:57:14 | Deep Dive |
| CVE-2024-39411 | Adobe Commerce | Improper Authorization (CWE-285) | Adobe | Adobe Commerce | Medium | 4.3 | 2024-08-14 11:57:13 | Deep Dive |
| CVE-2024-39409 | Adobe Commerce | Cross-Site Request Forgery (CSRF) (CWE-352) | Adobe | Adobe Commerce | Medium | 4.3 | 2024-08-14 11:57:13 | Deep Dive |
| CVE-2024-39416 | Unauthorized user can export Orders Sale Report | Adobe | Adobe Commerce | Medium | 4.3 | 2024-08-14 11:57:12 | Deep Dive |
| CVE-2024-39414 | Being able to import/export tax rates without proper privileges | Adobe | Adobe Commerce | Medium | 4.3 | 2024-08-14 11:57:11 | Deep Dive |
| CVE-2024-39412 | Adobe Commerce | Improper Authorization (CWE-285) | Adobe | Adobe Commerce | Medium | 4.3 | 2024-08-14 11:57:10 | Deep Dive |
| CVE-2024-39402 | Adobe Commerce | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78) | Adobe | Adobe Commerce | High | 8.4 | 2024-08-14 11:57:09 | Deep Dive |
| CVE-2024-39406 | Adobe Commerce | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22) | Adobe | Adobe Commerce | Medium | 6.8 | 2024-08-14 11:57:09 | Deep Dive |
| CVE-2024-39400 | DOM XSS through integrations can impact other admins | Adobe | Adobe Commerce | High | 8.1 | 2024-08-14 11:57:08 | Deep Dive |
| CVE-2024-39404 | A user without Shop Policy Parameters section privilege can alter the shop policy parameters section | Adobe | Adobe Commerce | Medium | 4.3 | 2024-08-14 11:57:07 | Deep Dive |
| CVE-2024-39405 | Adobe Commerce | Improper Authorization (CWE-285) | Adobe | Adobe Commerce | Medium | 4.3 | 2024-08-14 11:57:06 | Deep Dive |
| CVE-2024-39415 | An unauthorized user can export the Tax Sales Report | Adobe | Adobe Commerce | Medium | 4.3 | 2024-08-14 11:57:06 | Deep Dive |
| CVE-2024-41733 | Information Disclosure Vulnerability in SAP Commerce | SAP_SE | SAP Commerce | Medium | 5.3 | 2024-08-13 03:52:26 | Deep Dive |