Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
magento vulnerabilities and exploits
(subscribe to this query)
3.7
CVSSv3
CVE-2020-24406
When in maintenance mode, Magento version 2.4.0 and 2.3.4 (and previous versions) are affected by an information disclosure vulnerability that could expose the installation path during build deployments. This information could be helpful to attackers if they are able to identify ...
Magento Magento
Magento Magento 2.4.0
6.5
CVSSv3
CVE-2019-8090
An arbitrary file deletion vulnerability exists in Magento 2.1 before 2.1.19, Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3. An authenticated users can manipulate the design layout update feature.
Magento Magento
Magento Magento 2.3.2
8.8
CVSSv3
CVE-2019-8093
An arbitrary file access vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user can leverage file upload controller for downloadable products to read/delete an arbitary files.
Magento Magento
Magento Magento 2.3.2
7.2
CVSSv3
CVE-2019-8114
A remote code execution vulnerability exists in Magento 1 before 1.9.4.3 and 1.14.4.3, Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to import features can execute arbitrary code via crafted configuration archive file...
Magento Magento 2.3.2
Magento Magento
6.5
CVSSv3
CVE-2019-8107
An arbitrary file deletion vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user with export data transfer privileges can craft a request to perform arbitrary file deletion.
Magento Magento 2.3.2
Magento Magento
8
CVSSv3
CVE-2019-8109
A remote code execution vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user can craft a malicious CSRF payload that can result in arbitrary command execution.
Magento Magento
Magento Magento 2.3.2
5.3
CVSSv3
CVE-2019-8113
Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1 uses cryptographically weak random number generator to brute-force the confirmation code for customer registration.
Magento Magento
Magento Magento 2.3.2
4.9
CVSSv3
CVE-2019-8124
An insufficient logging and monitoring vulnerability exists in Magento 2.1 before 2.1.19, Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3. Failure to track admin actions related to design configuration could lead to repudiation attacks.
Magento Magento
Magento Magento 2.3.2
5.4
CVSSv3
CVE-2019-8128
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user can exploit it by injecting malicious Javascript into the name of main website.
Magento Magento 2.3.2
Magento Magento
5.4
CVSSv3
CVE-2019-8129
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user can exploit it by injecting an embedded expression into a translation.
Magento Magento
Magento Magento 2.3.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040
privilege escalation
CVE-2024-4112
CVE-2024-32872
man-in-the-middle
CVE-2024-32788
bypass
CVE-2024-3400
CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »