Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
magento magento 2.4.0 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2021-21020
Magento versions 2.4.1 (and previous versions), 2.4.0-p1 (and previous versions) and 2.3.6 (and previous versions) are vulnerable to an access control bypass vulnerability in the Login as Customer module. Successful exploitation could lead to unauthorized access to restricted res...
Magento Magento
Magento Magento 2.4.1
Magento Magento 2.4.0
Magento Magento 2.3.6
3.5
CVSSv2
CVE-2021-21023
Magento versions 2.4.1 (and previous versions), 2.4.0-p1 (and previous versions) and 2.3.6 (and previous versions) are vulnerable to a stored cross-site scripting vulnerability in the admin console. Successful exploitation could lead to arbitrary JavaScript execution in the victi...
Magento Magento
Magento Magento 2.4.1
Magento Magento 2.4.0
Magento Magento 2.3.6
4.3
CVSSv2
CVE-2021-21027
Magento versions 2.4.1 (and previous versions), 2.4.0-p1 (and previous versions) and 2.3.6 (and previous versions) are affected by a cross-site request forgery (CSRF) vulnerability via the GraphQL API. Successful exploitation could lead to unauthorized modification of customer me...
Magento Magento
Magento Magento 2.4.1
Magento Magento 2.4.0
Magento Magento 2.3.6
3.5
CVSSv2
CVE-2021-21029
Magento versions 2.4.1 (and previous versions), 2.4.0-p1 (and previous versions) and 2.3.6 (and previous versions) are affected by a Reflected Cross-site Scripting vulnerability via 'file' parameter. Successful exploitation could lead to arbitrary JavaScript execution i...
Magento Magento
Magento Magento 2.3.6
Magento Magento 2.4.0
Magento Magento 2.4.1
6.5
CVSSv2
CVE-2021-21025
Magento versions 2.4.1 (and previous versions), 2.4.0-p1 (and previous versions) and 2.3.6 (and previous versions) are vulnerable to XML injection in the product layout updates. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to...
Magento Magento
Magento Magento 2.4.1
Magento Magento 2.4.0
Magento Magento 2.3.6
4.3
CVSSv2
CVE-2021-21012
Magento versions 2.4.1 (and previous versions), 2.4.0-p1 (and previous versions) and 2.3.6 (and previous versions) are vulnerable to an insecure direct object vulnerability (IDOR) in the checkout module. Successful exploitation could lead to sensitive information disclosure.
Adobe Magento Open Source 2.4.1
Adobe Magento Open Source 2.4.0
Adobe Magento Commerce 2.4.1
Adobe Magento Commerce 2.4.0
Adobe Magento Commerce
Adobe Magento Open Source
NA
CVE-2023-38221
Adobe Commerce versions 2.4.7-beta1 (and previous versions), 2.4.6-p2 (and previous versions), 2.4.5-p4 (and previous versions) and 2.4.4-p5 (and previous versions) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') v...
Adobe Commerce 2.3.7
Adobe Commerce 2.4.3
Adobe Commerce 2.4.4
Adobe Commerce 2.4.5
Adobe Commerce 2.4.6
Adobe Magento 2.4.4
Adobe Magento 2.4.5
Adobe Magento 2.4.6
Adobe Commerce 2.4.0
Adobe Commerce 2.4.1
Adobe Commerce 2.4.2
Adobe Magento 2.4.7
Adobe Commerce 2.4.7
NA
CVE-2023-26366
Adobe Commerce versions 2.4.7-beta1 (and previous versions), 2.4.6-p2 (and previous versions), 2.4.5-p4 (and previous versions) and 2.4.4-p5 (and previous versions) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A...
Adobe Commerce 2.3.7
Adobe Commerce 2.4.3
Adobe Commerce 2.4.4
Adobe Commerce 2.4.5
Adobe Commerce 2.4.6
Adobe Magento 2.4.4
Adobe Magento 2.4.5
Adobe Magento 2.4.6
Adobe Commerce 2.4.0
Adobe Commerce 2.4.1
Adobe Commerce 2.4.2
Adobe Magento 2.4.7
Adobe Commerce 2.4.7
NA
CVE-2023-38218
Adobe Commerce versions 2.4.7-beta1 (and previous versions), 2.4.6-p2 (and previous versions), 2.4.5-p4 (and previous versions) and 2.4.4-p5 (and previous versions) are affected by an Incorrect Authorization . An authenticated attacker can exploit this to achieve information expo...
Adobe Commerce 2.3.7
Adobe Commerce 2.4.3
Adobe Commerce 2.4.4
Adobe Commerce 2.4.5
Adobe Commerce 2.4.6
Adobe Magento 2.4.4
Adobe Magento 2.4.5
Adobe Magento 2.4.6
Adobe Commerce 2.4.0
Adobe Commerce 2.4.1
Adobe Commerce 2.4.2
Adobe Magento 2.4.7
Adobe Commerce 2.4.7
NA
CVE-2023-38219
Adobe Commerce versions 2.4.7-beta1 (and previous versions), 2.4.6-p2 (and previous versions), 2.4.5-p4 (and previous versions) and 2.4.4-p5 (and previous versions) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged maliciou...
Adobe Commerce 2.3.7
Adobe Commerce 2.4.3
Adobe Commerce 2.4.4
Adobe Commerce 2.4.5
Adobe Commerce 2.4.6
Adobe Magento 2.4.4
Adobe Magento 2.4.5
Adobe Magento 2.4.6
Adobe Commerce 2.4.0
Adobe Commerce 2.4.1
Adobe Commerce 2.4.2
Adobe Magento 2.4.7
Adobe Commerce 2.4.7
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
firmware
CVE-2006-4304
CVE-2024-32878
CVE-2024-31502
XSS
CVE-2024-3059
CVE-2024-33692
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »