Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
magento magento vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2019-8153
A mitigation bypass to prevent cross-site scripting (XSS) exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. Successful exploitation of this vulnerability would result in an attacker being able to bypass the `escapeURL()` function and execute a malicious X...
Magento Magento
Magento Magento 2.3.2
6.5
CVSSv3
CVE-2020-9689
Magento versions 2.3.5-p1 and previous versions, and 2.3.5-p1 and previous versions have a path traversal vulnerability. Successful exploitation could lead to arbitrary code execution.
Magento Magento
Magento Magento 2.3.5
9.6
CVSSv3
CVE-2020-9691
Magento versions 2.3.5-p1 and previous versions, and 2.3.5-p1 and previous versions have a dom-based cross-site scripting vulnerability. Successful exploitation could lead to arbitrary code execution.
Magento Magento
Magento Magento 2.3.5
6.5
CVSSv3
CVE-2020-9692
Magento versions 2.3.5-p1 and previous versions, and 2.3.5-p1 and previous versions have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.
Magento Magento
Magento Magento 2.3.5
NA
CVE-2015-1398
Multiple directory traversal vulnerabilities in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allow remote authenticated users to include and execute certain PHP files via (1) .. (dot dot) sequences in the PATH_INFO to index.php or (2) vectors involv...
Magento Magento 1.9.1.0
Magento Magento 1.14.1.0
NA
CVE-2015-1399
PHP remote file inclusion vulnerability in the fetchView function in the Mage_Core_Block_Template_Zend class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allows remote administrators to execute arbitrary PHP code via a URL in unspecified vectors ...
Magento Magento 1.9.1.0
Magento Magento 1.14.1.0
NA
CVE-2015-3458
The fetchView function in the Mage_Core_Block_Template_Zend class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 does not restrict the stream wrapper used in a template path, which allows remote administrators to include and execute arbitrary PHP f...
Magento Magento 1.14.1.0
Magento Magento 1.9.1.0
NA
CVE-2015-3457
Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allow remote malicious users to bypass authentication via the forwarded parameter.
Magento Magento 1.14.1.0
Magento Magento 1.9.1.0
NA
CVE-2015-1397
SQL injection vulnerability in the getCsvFile function in the Mage_Adminhtml_Block_Widget_Grid class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allows remote administrators to execute arbitrary SQL commands via the popularity[field_expr] parame...
Magento Magento 1.9.1.0
Magento Magento 1.14.1.0
1 EDB exploit
2 Github repositories
6.1
CVSSv3
CVE-2022-34257
Adobe Commerce versions 2.4.3-p2 (and previous versions), 2.3.7-p3 (and previous versions) and 2.4.4 (and previous versions) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an malicious user to inject malicious scripts into vulnerable for...
Adobe Commerce 2.3.7
Adobe Commerce 2.4.3
Magento Magento 2.4.3
Magento Magento 2.3.7
Magento Magento 2.4.4
Adobe Commerce
Adobe Commerce 2.4.4
Magento Magento
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »