Versions
Adobe CommerceAdobe Commerce Improper Access Control Security feature bypass
Adobe CommerceAdobe Commerce Stored XSS Arbitrary code execution
Adobe CommerceAdobe Commerce Stored XSS Arbitrary code execution
composer/magento/community-editionMagento Commerce improper authorization allows an authenticated user to perform certain functions without permission
composer/magento/community-editionMagento Commerce information disclosure during upload action leveraging a specially crafted file
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Magento MagentoMagento Commerce improper input validation in customer customer webapi
Magento MagentoMagento Commerce improper Authorization via the 'Create Customer' endpoint
Magento MagentoMagento Commerce DOM-based cross-site scripting (XSS) could lead to arbitrary javascript execution
Magento MagentoMagento Commerce Reflected Cross-site Scripting Vulnerability Could Lead To Arbitrary JavaScript Execution
Magento MagentoMagento Commerce Cross-Site Request Forgery (CSRF) Could Lead To Unauthorized Data Modification
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Magento MagentoMagento Commerce Improper Access Control Vulnerability
Magento MagentoMagento Commerce Incorrect permissions Could Lead To Unauthorized Access
Magento MagentoMagento Commerce Stored Cross Site Scripting Vulnerability Could Lead To Arbitrary Code Execution
Magento MagentoMagento Commerce Incorrect permissions Could Lead To Unauthorized Access
Magento MagentoIncorrect permissions in Inventory module could lead to unauthorized modification of inventory stock data
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Magento MagentoIncorrect permissions in the Integrations component could lead to unauthorized deletion of customer details via REST API
Magento MagentoStored XSS in customer address upload feature
Magento MagentoDocument root path disclosure on Maintenance page
Magento MagentoIncorrect permissions could lead to unauthorized modification of inventory source data via REST API
Magento MagentoIncorrect permissions following the deletion of a user role or deactivation of a user
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Magento MagentoMagento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepanc…
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Magento MagentoAn insecure direct object reference (IDOR) vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 p…
Magento MagentoPRODSECBUG-2445: Insufficient logging and monitoring of configuration changes
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Magento MagentoPRODSECBUG-2419: Bypass of sitemp access restrictions
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.