Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
magento magento vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2021-21426
Magento-lts is a long-term support alternative to Magento Community Edition (CE). In magento-lts versions 19.4.12 and prior and 20.0.8 and prior, there is a vulnerability caused by the unsecured deserialization of an object. A patch in versions 19.4.13 and 20.0.9 was back ported ...
7.5
CVSSv2
CVE-2021-21031
Magento versions 2.4.1 (and previous versions), 2.4.0-p1 (and previous versions) and 2.3.6 (and previous versions) do not adequately invalidate user sessions. Successful exploitation could lead to unauthorized access to restricted resources. Access to the admin console is not req...
Magento Magento
Magento Magento 2.4.1
Magento Magento 2.4.0
Magento Magento 2.3.6
7.5
CVSSv2
CVE-2021-21032
Magento versions 2.4.1 (and previous versions), 2.4.0-p1 (and previous versions) and 2.3.6 (and previous versions) do not adequately invalidate user sessions. Successful exploitation of this issue could lead to unauthorized access to restricted resources. Access to the admin cons...
Magento Magento
Magento Magento 2.4.1
Magento Magento 2.4.0
Magento Magento 2.3.6
7.5
CVSSv2
CVE-2020-5777
MAGMI versions before 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure. A remote attacker can trigger this connection failure if the Mysql setting max_connections (default 151) is lower...
Magmi Project Magmi
7.5
CVSSv2
CVE-2020-9664
Magento versions 1.14.4.5 and previous versions, and 1.9.4.5 and previous versions have a php object injection vulnerability. Successful exploitation could lead to arbitrary code execution.
Magento Magento
7.5
CVSSv2
CVE-2020-9585
Magento versions 2.3.4 and previous versions, 2.2.11 and previous versions (see note), 1.14.4.4 and previous versions, and 1.9.4.4 and previous versions have a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to arbitrary code execution.
Magento Magento
7.5
CVSSv2
CVE-2020-9576
Magento versions 2.3.4 and previous versions, 2.2.11 and previous versions (see note), 1.14.4.4 and previous versions, and 1.9.4.4 and previous versions have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
Magento Magento
7.5
CVSSv2
CVE-2020-9578
Magento versions 2.3.4 and previous versions, 2.2.11 and previous versions (see note), 1.14.4.4 and previous versions, and 1.9.4.4 and previous versions have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
Magento Magento
7.5
CVSSv2
CVE-2020-9579
Magento versions 2.3.4 and previous versions, 2.2.11 and previous versions (see note), 1.14.4.4 and previous versions, and 1.9.4.4 and previous versions have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.
Magento Magento
7.5
CVSSv2
CVE-2020-9580
Magento versions 2.3.4 and previous versions, 2.2.11 and previous versions (see note), 1.14.4.4 and previous versions, and 1.9.4.4 and previous versions have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.
Magento Magento
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »