Filter
Software
BleepingComputerMagnet Goblin hackers use 1-day flaws to drop custom Linux malware
First published (updated )
News
BleepingComputerMagento MagentoMagento Commerce Media Gallery Upload Improper Access Control Could Lead To Remote Code Execution
7.2
First published (updated )
Magento MagentoMagento Commerce CMS Page Improper Input Validation Could Lead To Remote Code Execution
7.2
First published (updated )
Magento MagentoMagento Commerce Widgets Update Layout XML Injection Vulnerability Could Lead To Remote Code Execution
9.1
First published (updated )
Adobe Commerce[CVE-2021-36032] Magento IDOR Leads to Account Takeover
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Adobe CommerceAdobe Commerce Improper Access Control Security feature bypass
5.3
First published (updated )
Adobe CommerceAdobe Commerce Stored XSS Arbitrary code execution
6.1
First published (updated )
Adobe CommerceAdobe Commerce XML Injection Arbitrary code execution
9.1
First published (updated )
Adobe CommerceAdobe Commerce Improper Access Control Privilege escalation
8.8
First published (updated )
Adobe CommerceAdobe Commerce Improper Limitation of a Pathname to a Restricted Directory Arbitrary code execution
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Adobe CommerceAdobe Commerce Improper Authorization Privilege escalation
9.8
First published (updated )
Adobe CommerceAdobe Commerce Stored XSS Arbitrary code execution
5.5
First published (updated )
Adobe CommerceAdobe Commerce and Magento Open Source Improper Input Validation Vulnerability
First published (updated )
composer/magento/community-editionMagento Commerce improper authorization allows an authenticated user to perform certain functions without permission
6.5
First published (updated )
composer/magento/community-editionMagento Commerce information disclosure during upload action leveraging a specially crafted file
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Magento MagentoMagento Commerce improper input validation in customer customer webapi
5.3
First published (updated )
Magento MagentoMagento Commerce insecure storage of sensitive documentation
7.5
First published (updated )
Magento MagentoMagento Commerce improper Authorization via the 'Create Customer' endpoint
6.5
First published (updated )
Magento MagentoMagento Commerce DOM-based cross-site scripting (XSS) could lead to arbitrary javascript execution
6.9
First published (updated )
Magento MagentoMagento Commerce path traversal vulnerability in child theme store creation
7.2
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Magento UPWARD ConnectorMagento UPWARD-php Path traversal vulnerability via UPWARD Connector
4.9
First published (updated )
Magento MagentoMagento Commerce Arbitrary Folder Empty Could Lead To Arbitrary Code Execution
9.1
First published (updated )
Magento MagentoMagento Commerce Unauthorized Data Modification Could Lead to Arbitrary Code Execution
9.1
First published (updated )
Magento MagentoMagnto Commerce Unauthorized Data Modification Could Lead To Arbitrary Code Execution
9.1
First published (updated )
Magento MagentoMagento Commerce Failure To Invalidate User Session Could Lead To Unauthorized Access
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Magento MagentoMagento Commerce XML Injection Could Lead To Arbitrary Code Execution
9.1
First published (updated )
Magento MagentoMagento Commerce Reflected Cross-site Scripting Vulnerability Could Lead To Arbitrary JavaScript Execution
4.8
First published (updated )
Magento MagentoMagento Commerce Cross-Site Request Forgery (CSRF) Could Lead To Unauthorized Data Modification
4.3
First published (updated )
Magento MagentoMagento Commerce Stored Cross-site Scripting Could Lead To Arbitrary Javascript Execution
8.1
First published (updated )
Magento MagentoMagento Commerce XML Injection Could Lead To Remote Code Execution
9.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Magento MagentoMagento Commerce Improper Access Control Vulnerability
5.3
First published (updated )
Magento MagentoMagento Commerce Blind SQL Injection Could Lead To Unauthorized Access
9.1
First published (updated )
Magento MagentoMagento Commerce Incorrect permissions Could Lead To Unauthorized Access
5.3
First published (updated )
Magento MagentoMagento Commerce Failure To Invalidate User Session Could Lead To Unauthorized Access
7.5
First published (updated )
Magento MagentoMagento Commerce Stored Cross Site Scripting Vulnerability Could Lead To Arbitrary Code Execution
4.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Magento MagentoMagento Commerce Unauthorized Data Modification Could Lead to Arbitrary Code Execution
8.5
First published (updated )
Magento MagentoMagento Commerce Incorrect permissions Could Lead To Unauthorized Access
5.3
First published (updated )
Magento MagentoIncorrect permissions in Inventory module could lead to unauthorized modification of inventory stock data
4.3
First published (updated )
Magento MagentoIncorrect permissions in the Integrations component could lead to unauthorized deletion of customer details via REST API
5.5
First published (updated )
Magento MagentoStored XSS in customer address upload feature
6.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Magento MagentoSQL injection allows arbitrary read from database
7.1
First published (updated )
Magento MagentoDocument root path disclosure on Maintenance page
4.3
First published (updated )
Magento MagentoArbitrary code execution via file import functionality
9.1
First published (updated )
Magento MagentoIncorrect permissions could lead to unauthorized modification of inventory source data via REST API
First published (updated )
Magento MagentoIncorrect permissions following the deletion of a user role or deactivation of a user
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Openmage Openmage Long Term SupportObservable Timing Discrepancy in OpenMage LTS
8
First published (updated )
Magento MagentoMagento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a security mitigation bypass vu…
8.5
First published (updated )
Magento MagentoMagento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepanc…
4.2
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.