Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
magento magento vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2021-28567
Magento versions 2.4.2 (and previous versions), 2.4.1-p1 (and previous versions) and 2.3.6-p1 (and previous versions) are vulnerable to an Improper Authorization vulnerability in the customers module. Successful exploitation could allow a low-privileged user to modify customer da...
Magento Magento
6.5
CVSSv3
CVE-2021-36012
Magento Commerce versions 2.4.2 (and previous versions), 2.4.2-p1 (and previous versions) and 2.3.7 (and previous versions) are affected by a business logic error in the placeOrder graphql mutation. An authenticated attacker can leverage this vulnerability to altar the price of a...
Adobe Magento Open Source
Adobe Adobe Commerce
Adobe Adobe Commerce 2.4.2
Adobe Magento Open Source 2.4.2
9.8
CVSSv3
CVE-2021-36020
Magento Commerce versions 2.4.2 (and previous versions), 2.4.2-p1 (and previous versions) and 2.3.7 (and previous versions) are affected by an XML Injection vulnerability in the 'City' field. An unauthenticated attacker can trigger a specially crafted script to achieve ...
Adobe Magento Open Source
Adobe Adobe Commerce
Adobe Adobe Commerce 2.4.2
Adobe Magento Open Source 2.4.2
7.2
CVSSv3
CVE-2021-36024
Magento Commerce versions 2.4.2 (and previous versions), 2.4.2-p1 (and previous versions) and 2.3.7 (and previous versions) are affected by an Improper Neutralization of Special Elements Used In A Command via the Data collection endpoint. An attacker with admin privileges can upl...
Adobe Magento Open Source
Adobe Adobe Commerce
Adobe Adobe Commerce 2.4.2
Adobe Magento Open Source 2.4.2
7.2
CVSSv3
CVE-2021-36025
Magento Commerce versions 2.4.2 (and previous versions), 2.4.2-p1 (and previous versions) and 2.3.7 (and previous versions) are affected by an improper input validation vulnerability while saving a customer's details with a specially crafted file. An authenticated attacker w...
Adobe Magento Open Source
Adobe Adobe Commerce
Adobe Adobe Commerce 2.4.2
Adobe Magento Open Source 2.4.2
7.2
CVSSv3
CVE-2021-36033
Magento Commerce versions 2.4.2 (and previous versions), 2.4.2-p1 (and previous versions) and 2.3.7 (and previous versions) are affected by an XML Injection vulnerability in the Widgets Module. An attacker with admin privileges can trigger a specially crafted script to achieve re...
Adobe Magento Open Source
Adobe Adobe Commerce
Adobe Adobe Commerce 2.4.2
Adobe Magento Open Source 2.4.2
7.2
CVSSv3
CVE-2021-36035
Magento Commerce versions 2.4.2 (and previous versions), 2.4.2-p1 (and previous versions) and 2.3.7 (and previous versions) are affected by an improper input validation vulnerability. An attacker with admin privileges could make a crafted request to the Adobe Stock API to achieve...
Adobe Magento Open Source
Adobe Adobe Commerce
Adobe Adobe Commerce 2.4.2
Adobe Magento Open Source 2.4.2
6.5
CVSSv3
CVE-2021-36037
Magento Commerce versions 2.4.2 (and previous versions), 2.4.2-p1 (and previous versions) and 2.3.7 (and previous versions) are affected by an improper improper authorization vulnerability. An authenticated attacker could leverage this vulnerability to achieve sensitive informati...
Adobe Magento Open Source
Adobe Adobe Commerce
Adobe Adobe Commerce 2.4.2
Adobe Magento Open Source 2.4.2
6.5
CVSSv3
CVE-2021-36039
Magento Commerce versions 2.4.2 (and previous versions), 2.4.2-p1 (and previous versions) and 2.3.7 (and previous versions) are affected by an improper input validation vulnerability via the `quoteId` parameter. An attacker can abuse this vulnerability to disclose sensitive infor...
Adobe Magento Open Source
Adobe Adobe Commerce
Adobe Adobe Commerce 2.4.2
Adobe Magento Open Source 2.4.2
7.2
CVSSv3
CVE-2021-36040
Magento Commerce versions 2.4.2 (and previous versions), 2.4.2-p1 (and previous versions) and 2.3.7 (and previous versions) are affected by an improper input validation vulnerability. An attacker with admin privileges can upload a specially crafted file to bypass file extension r...
Adobe Magento Open Source
Adobe Adobe Commerce
Adobe Adobe Commerce 2.4.2
Adobe Magento Open Source 2.4.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-6267
XML injection
CVE-2024-37673
CVE-2024-6266
CVE-2024-30078
arbitrary
CVE-2024-36886
CVE-2024-5346
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »