Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
magento magento 2.4.0 vulnerabilities and exploits
(subscribe to this query)
2.7
CVSSv3
CVE-2020-24404
Magento version 2.4.0 and 2.3.5p1 (and previous versions) are affected by an incorrect permissions vulnerability within the Integrations component. This vulnerability could be abused by users with permissions to the Pages resource to delete cms pages via the REST API without auth...
Magento Magento 2.3.5
Magento Magento
Magento Magento 2.4.0
2.7
CVSSv3
CVE-2020-24403
Magento version 2.4.0 and 2.3.5p1 (and previous versions) are affected by an incorrect user permissions vulnerability within the Inventory component. This vulnerability could be abused by authenticated users with Inventory and Source permissions to make unauthorized changes to in...
Magento Magento 2.3.5
Magento Magento
Magento Magento 2.4.0
7.1
CVSSv3
CVE-2020-24400
Magento versions 2.4.0 and 2.3.5 (and previous versions) are affected by an SQL Injection vulnerability that could lead to sensitive information disclosure. This vulnerability could be exploited by an authenticated user with permissions to the product listing page to read data fr...
Magento Magento
Magento Magento 2.3.5
Magento Magento 2.4.0
6.5
CVSSv3
CVE-2020-24401
Magento versions 2.4.0 and 2.3.5p1 (and previous versions) are affected by an incorrect authorization vulnerability. A user can still access resources provisioned under their old role after an administrator removes the role or disables the user's account.
Magento Magento
Magento Magento 2.3.5
Magento Magento 2.4.0
4.9
CVSSv3
CVE-2020-24402
Magento version 2.4.0 and 2.3.5p1 (and previous versions) are affected by an incorrect permissions vulnerability in the Integrations component. This vulnerability could be abused by authenticated users with permissions to the Resource Access API to delete customer details via the...
Magento Magento 2.3.5
Magento Magento
Magento Magento 2.4.0
4.3
CVSSv3
CVE-2020-24405
Magento version 2.4.0 and 2.3.5p1 (and previous versions) are affected by an incorrect permissions issue vulnerability in the Inventory module. This vulnerability could be abused by authenticated users to modify inventory stock data without authorization.
Magento Magento 2.3.5
Magento Magento
Magento Magento 2.4.0
9.1
CVSSv3
CVE-2020-24407
Magento versions 2.4.0 and 2.3.5p1 (and previous versions) are affected by an unsafe file upload vulnerability that could result in arbitrary code execution. This vulnerability could be abused by authenticated users with administrative permissions to the System/Data and Transfer/...
Magento Magento
Magento Magento 2.3.5
Magento Magento 2.4.0
6.1
CVSSv3
CVE-2020-24408
Magento versions 2.4.0 and 2.3.5p1 (and previous versions) are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component. This vulnerability could be abused by an unauthenticated malicious user to execute XSS attacks...
Magento Magento
Magento Magento 2.3.5
Magento Magento 2.4.0
3.7
CVSSv3
CVE-2020-24406
When in maintenance mode, Magento version 2.4.0 and 2.3.4 (and previous versions) are affected by an information disclosure vulnerability that could expose the installation path during build deployments. This information could be helpful to attackers if they are able to identify ...
Magento Magento
Magento Magento 2.4.0
NA
CVE-2021-21015
Magento versions 2.4.1 (and previous versions), 2.4.0-p1 (and previous versions) and 2.3.6 (and previous versions) are vulnerable to an OS command injection via the customer attribute save controller. Successful exploitation could lead to arbitrary code execution by an authentica...
Magento Magento
Magento Magento 2.4.1
Magento Magento 2.4.0
Magento Magento 2.3.6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »