Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
magento magento vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2022-24086
Adobe Commerce versions 2.4.3-p1 (and previous versions) and 2.3.7-p2 (and previous versions) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code ex...
Adobe Commerce
Adobe Commerce 2.3.7
Adobe Commerce 2.4.3
Magento Magento
Magento Magento 2.3.7
Magento Magento 2.4.3
11 Github repositories
4 Articles
10
CVSSv2
CVE-2020-9631
Magento versions 2.3.4 and previous versions, 2.2.11 and previous versions (see note), 1.14.4.4 and previous versions, and 1.9.4.4 and previous versions have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.
Magento Magento
10
CVSSv2
CVE-2020-9632
Magento versions 2.3.4 and previous versions, 2.2.11 and previous versions (see note), 1.14.4.4 and previous versions, and 1.9.4.4 and previous versions have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.
Magento Magento
10
CVSSv2
CVE-2014-1634
SQL Injection exists in Advanced Newsletter Magento extension prior to 2.3.5 via the /store/advancednewsletter/index/subscribeajax/an_category_id/ PATH_INFO.
Magento Advanced Newsletter
10
CVSSv2
CVE-2020-3718
Magento versions 2.3.3 and previous versions, 2.2.10 and previous versions, 1.14.4.3 and previous versions, and 1.9.4.3 and previous versions have a security bypass vulnerability. Successful exploitation could lead to arbitrary code execution.
Magento Magento
10
CVSSv2
CVE-2020-3716
Magento versions 2.3.3 and previous versions, 2.2.10 and previous versions, 1.14.4.3 and previous versions, and 1.9.4.3 and previous versions have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.
Magento Magento
9.3
CVSSv2
CVE-2020-9691
Magento versions 2.3.5-p1 and previous versions, and 2.3.5-p1 and previous versions have a dom-based cross-site scripting vulnerability. Successful exploitation could lead to arbitrary code execution.
Magento Magento
Magento Magento 2.3.5
9
CVSSv2
CVE-2021-32758
OpenMage Magento LTS is an alternative to the Magento CE official releases. Prior to versions 19.4.15 and 20.0.11, layout XML enabled admin users to execute arbitrary commands via block methods. The latest OpenMage Versions up from v19.4.15 and v20.0.11 have this Issue patched.
Openmage Openmage
9
CVSSv2
CVE-2021-21016
Magento versions 2.4.1 (and previous versions), 2.4.0-p1 (and previous versions) and 2.3.6 (and previous versions) are vulnerable to OS command injection via the WebAPI. Successful exploitation could lead to remote code execution by an authenticated attacker. Access to the admin ...
Magento Magento
Magento Magento 2.4.1
Magento Magento 2.4.0
Magento Magento 2.3.6
9
CVSSv2
CVE-2021-21018
Magento versions 2.4.1 (and previous versions), 2.4.0-p1 (and previous versions) and 2.3.6 (and previous versions) are vulnerable to OS command injection via the scheduled operation module. Successful exploitation could lead to arbitrary code execution by an authenticated attacke...
Magento Magento
Magento Magento 2.4.1
Magento Magento 2.4.0
Magento Magento 2.3.6
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »