Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
magento magento 2.3.5 vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2020-9690
Magento versions 2.3.5-p1 and previous versions, and 2.3.5-p1 and previous versions have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.
Magento Magento
Magento Magento 2.3.5
756
VMScore
CVE-2020-9692
Magento versions 2.3.5-p1 and previous versions, and 2.3.5-p1 and previous versions have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.
Magento Magento
Magento Magento 2.3.5
756
VMScore
CVE-2020-9689
Magento versions 2.3.5-p1 and previous versions, and 2.3.5-p1 and previous versions have a path traversal vulnerability. Successful exploitation could lead to arbitrary code execution.
Magento Magento
Magento Magento 2.3.5
828
VMScore
CVE-2020-9691
Magento versions 2.3.5-p1 and previous versions, and 2.3.5-p1 and previous versions have a dom-based cross-site scripting vulnerability. Successful exploitation could lead to arbitrary code execution.
Magento Magento
Magento Magento 2.3.5
490
VMScore
CVE-2020-24401
Magento versions 2.4.0 and 2.3.5p1 (and previous versions) are affected by an incorrect authorization vulnerability. A user can still access resources provisioned under their old role after an administrator removes the role or disables the user's account.
Magento Magento
Magento Magento 2.3.5
Magento Magento 2.4.0
356
VMScore
CVE-2020-24403
Magento version 2.4.0 and 2.3.5p1 (and previous versions) are affected by an incorrect user permissions vulnerability within the Inventory component. This vulnerability could be abused by authenticated users with Inventory and Source permissions to make unauthorized changes to in...
Magento Magento 2.3.5
Magento Magento
Magento Magento 2.4.0
490
VMScore
CVE-2020-24404
Magento version 2.4.0 and 2.3.5p1 (and previous versions) are affected by an incorrect permissions vulnerability within the Integrations component. This vulnerability could be abused by users with permissions to the Pages resource to delete cms pages via the REST API without auth...
Magento Magento 2.3.5
Magento Magento
Magento Magento 2.4.0
356
VMScore
CVE-2020-24405
Magento version 2.4.0 and 2.3.5p1 (and previous versions) are affected by an incorrect permissions issue vulnerability in the Inventory module. This vulnerability could be abused by authenticated users to modify inventory stock data without authorization.
Magento Magento 2.3.5
Magento Magento
Magento Magento 2.4.0
801
VMScore
CVE-2020-24407
Magento versions 2.4.0 and 2.3.5p1 (and previous versions) are affected by an unsafe file upload vulnerability that could result in arbitrary code execution. This vulnerability could be abused by authenticated users with administrative permissions to the System/Data and Transfer/...
Magento Magento
Magento Magento 2.3.5
Magento Magento 2.4.0
383
VMScore
CVE-2020-24408
Magento versions 2.4.0 and 2.3.5p1 (and previous versions) are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component. This vulnerability could be abused by an unauthenticated malicious user to execute XSS attacks...
Magento Magento
Magento Magento 2.3.5
Magento Magento 2.4.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »