Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
magento vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2020-24406
When in maintenance mode, Magento version 2.4.0 and 2.3.4 (and previous versions) are affected by an information disclosure vulnerability that could expose the installation path during build deployments. This information could be helpful to attackers if they are able to identify ...
Magento Magento 2.4.0
Magento Magento
3.5
CVSSv2
CVE-2020-9690
Magento versions 2.3.5-p1 and previous versions, and 2.3.5-p1 and previous versions have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.
Magento Magento 2.3.5
Magento Magento
4
CVSSv2
CVE-2019-8108
Insecure authentication and session management vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user can manipulate session validation setting for a storefront that leads to insecure authentication and session management.
Magento Magento
Magento Magento 2.3.2
6.5
CVSSv2
CVE-2019-8111
A remote code execution vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user can leverage plugin functionality related to email templates to manipulate the interceptor class in a way that allows an malicious user to execut...
Magento Magento
Magento Magento 2.3.2
5
CVSSv2
CVE-2019-8116
Insecure authentication and session management vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An unauthenticated user can leverage a guest session id value following a successful login to gain access to customer account index page.
Magento Magento
Magento Magento 2.3.2
4
CVSSv2
CVE-2019-8126
An XML entity injection vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated admin user can craft document type definition for an XML representing XML layout. The crafted document type definition and XML layout allow processing...
Magento Magento
Magento Magento 2.3.2
6.5
CVSSv2
CVE-2019-8127
A SQL injection vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user with privileges to an account with Newsletter Template editing permission could exfiltrate the Admin login data, and reset their password, effectively pe...
Magento Magento
Magento Magento 2.3.2
4
CVSSv2
CVE-2019-8133
A security bypass vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. A user with privileges to generate sitemaps can bypass configuration that restricts directory access. The bypass allows overwrite of a subset of configuration files which ca...
Magento Magento
Magento Magento 2.3.2
6.5
CVSSv2
CVE-2019-8137
A remote code execution vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user with privileges to manipulate CMS section of the website can trigger remote code execution via custom layout update.
Magento Magento
Magento Magento 2.3.2
7.5
CVSSv2
CVE-2019-8149
Insecure authentication and session management vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An unauthenticated user can append arbitrary session id that will not be invalidated by subsequent authentication.
Magento Magento
Magento Magento 2.3.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »