Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
magento vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2020-24406
When in maintenance mode, Magento version 2.4.0 and 2.3.4 (and previous versions) are affected by an information disclosure vulnerability that could expose the installation path during build deployments. This information could be helpful to attackers if they are able to identify ...
Magento Magento
Magento Magento 2.4.0
5.5
CVSSv2
CVE-2019-8090
An arbitrary file deletion vulnerability exists in Magento 2.1 before 2.1.19, Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3. An authenticated users can manipulate the design layout update feature.
Magento Magento
Magento Magento 2.3.2
6.5
CVSSv2
CVE-2019-8093
An arbitrary file access vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user can leverage file upload controller for downloadable products to read/delete an arbitary files.
Magento Magento
Magento Magento 2.3.2
6.5
CVSSv2
CVE-2019-8114
A remote code execution vulnerability exists in Magento 1 before 1.9.4.3 and 1.14.4.3, Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to import features can execute arbitrary code via crafted configuration archive file...
Magento Magento 2.3.2
Magento Magento
5.5
CVSSv2
CVE-2019-8107
An arbitrary file deletion vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user with export data transfer privileges can craft a request to perform arbitrary file deletion.
Magento Magento 2.3.2
Magento Magento
6
CVSSv2
CVE-2019-8109
A remote code execution vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user can craft a malicious CSRF payload that can result in arbitrary command execution.
Magento Magento
Magento Magento 2.3.2
5
CVSSv2
CVE-2019-8113
Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1 uses cryptographically weak random number generator to brute-force the confirmation code for customer registration.
Magento Magento
Magento Magento 2.3.2
4
CVSSv2
CVE-2019-8124
An insufficient logging and monitoring vulnerability exists in Magento 2.1 before 2.1.19, Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3. Failure to track admin actions related to design configuration could lead to repudiation attacks.
Magento Magento
Magento Magento 2.3.2
3.5
CVSSv2
CVE-2019-8128
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user can exploit it by injecting malicious Javascript into the name of main website.
Magento Magento 2.3.2
Magento Magento
3.5
CVSSv2
CVE-2019-8129
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user can exploit it by injecting an embedded expression into a translation.
Magento Magento
Magento Magento 2.3.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »