Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
magento magento vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-33352
An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows malicious user to execute arbitrary code via a phar file upload in the ticket message field.
Wyomind Help Desk
9.8
CVSSv3
CVE-2021-33353
Directory Traversal vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows malicious user to execute arbitrary code via the file attachment directory setting.
Wyomind Help Desk
9.8
CVSSv3
CVE-2022-34256
Adobe Commerce versions 2.4.3-p2 (and previous versions), 2.3.7-p3 (and previous versions) and 2.4.4 (and previous versions) are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to access ...
Adobe Commerce 2.3.7
Adobe Commerce 2.4.3
Magento Magento 2.4.3
Magento Magento 2.3.7
Magento Magento 2.4.4
Magento Magento
Adobe Commerce 2.4.4
Adobe Commerce
9.8
CVSSv3
CVE-2022-24086
Adobe Commerce versions 2.4.3-p1 (and previous versions) and 2.3.7-p2 (and previous versions) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code ex...
Adobe Commerce
Adobe Commerce 2.3.7
Adobe Commerce 2.4.3
Magento Magento
Magento Magento 2.3.7
Magento Magento 2.4.3
11 Github repositories
4 Articles
9.8
CVSSv3
CVE-2021-36020
Magento Commerce versions 2.4.2 (and previous versions), 2.4.2-p1 (and previous versions) and 2.3.7 (and previous versions) are affected by an XML Injection vulnerability in the 'City' field. An unauthenticated attacker can trigger a specially crafted script to achieve ...
Adobe Adobe Commerce
Adobe Adobe Commerce 2.4.2
Adobe Magento Open Source
Adobe Magento Open Source 2.4.2
9.8
CVSSv3
CVE-2021-21426
Magento-lts is a long-term support alternative to Magento Community Edition (CE). In magento-lts versions 19.4.12 and prior and 20.0.8 and prior, there is a vulnerability caused by the unsecured deserialization of an object. A patch in versions 19.4.13 and 20.0.9 was back ported ...
9.8
CVSSv3
CVE-2020-5777
MAGMI versions before 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure. A remote attacker can trigger this connection failure if the Mysql setting max_connections (default 151) is lower...
Magmi Project Magmi
9.8
CVSSv3
CVE-2020-9664
Magento versions 1.14.4.5 and previous versions, and 1.9.4.5 and previous versions have a php object injection vulnerability. Successful exploitation could lead to arbitrary code execution.
Magento Magento
9.8
CVSSv3
CVE-2020-9632
Magento versions 2.3.4 and previous versions, 2.2.11 and previous versions (see note), 1.14.4.4 and previous versions, and 1.9.4.4 and previous versions have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.
Magento Magento
9.8
CVSSv3
CVE-2020-9585
Magento versions 2.3.4 and previous versions, 2.2.11 and previous versions (see note), 1.14.4.4 and previous versions, and 1.9.4.4 and previous versions have a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to arbitrary code execution.
Magento Magento
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »