Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
magento vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2020-24406
When in maintenance mode, Magento version 2.4.0 and 2.3.4 (and previous versions) are affected by an information disclosure vulnerability that could expose the installation path during build deployments. This information could be helpful to attackers if they are able to identify ...
Magento Magento 2.4.0
Magento Magento
312
VMScore
CVE-2020-9690
Magento versions 2.3.5-p1 and previous versions, and 2.3.5-p1 and previous versions have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.
Magento Magento 2.3.5
Magento Magento
490
VMScore
CVE-2019-8090
An arbitrary file deletion vulnerability exists in Magento 2.1 before 2.1.19, Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3. An authenticated users can manipulate the design layout update feature.
Magento Magento
Magento Magento 2.3.2
445
VMScore
CVE-2019-8118
Magento 2.1 before 2.1.19, Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 uses weak cryptographic function to store the failed login attempts for customer accounts.
Magento Magento
Magento Magento 2.3.2
1 Github repository
356
VMScore
CVE-2019-8126
An XML entity injection vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated admin user can craft document type definition for an XML representing XML layout. The crafted document type definition and XML layout allow processing...
Magento Magento
Magento Magento 2.3.2
578
VMScore
CVE-2019-8127
A SQL injection vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user with privileges to an account with Newsletter Template editing permission could exfiltrate the Admin login data, and reset their password, effectively pe...
Magento Magento
Magento Magento 2.3.2
312
VMScore
CVE-2019-8129
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user can exploit it by injecting an embedded expression into a translation.
Magento Magento
Magento Magento 2.3.2
356
VMScore
CVE-2019-8133
A security bypass vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. A user with privileges to generate sitemaps can bypass configuration that restricts directory access. The bypass allows overwrite of a subset of configuration files which ca...
Magento Magento
Magento Magento 2.3.2
756
VMScore
CVE-2020-9689
Magento versions 2.3.5-p1 and previous versions, and 2.3.5-p1 and previous versions have a path traversal vulnerability. Successful exploitation could lead to arbitrary code execution.
Magento Magento 2.3.5
Magento Magento
578
VMScore
CVE-2019-8110
A remote code execution vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user can leverage email templates hierarchy to manipulate the interceptor class in a way that allows an malicious user to execute arbitrary code.
Magento Magento
Magento Magento 2.3.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5841
file upload
man-in-the-middle
arbitrary
CVE-2024-27801
CVE-2024-28020
CVE-2024-30080
CVE-2024-30069
CVE-2024-5843
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »