| CVE-2024-20720 |
unknown |
— |
— |
|
|
|
2y ago |
Magento Open Source allows OS Command Injection |
| CVE-2024-20716 |
unknown |
— |
— |
|
|
|
2y ago |
Magento Open Source allows Uncontrolled Resource Consumption |
| CVE-2023-38251 |
unknown |
— |
— |
|
|
|
3y ago |
Magento Open Source allows Uncontrolled Resource Consumption |
| CVE-2023-38250 |
unknown |
— |
— |
|
|
|
3y ago |
Magento Open Source allows SQL Injection |
| CVE-2023-38249 |
unknown |
— |
— |
|
|
|
3y ago |
Magento Open Source allows SQL Injection |
| CVE-2023-38218 |
unknown |
— |
— |
|
|
|
3y ago |
Magento Open Source allows Incorrect Authorization |
| CVE-2023-38221 |
unknown |
— |
— |
|
|
|
3y ago |
Magento Open Source allows SQL Injection |
| CVE-2023-38219 |
unknown |
— |
— |
|
|
|
3y ago |
Magento Open Source allows Cross-Site Scripting (XSS) |
| CVE-2023-38220 |
unknown |
— |
— |
|
|
|
3y ago |
Magento Open Source allows Improper Authorization |
| CVE-2023-26367 |
unknown |
— |
— |
|
|
|
3y ago |
Magento Open Source has Improper Input Validation Vulnerability |
| CVE-2023-26366 |
unknown |
— |
— |
|
|
|
3y ago |
Magento Open Source allows Server-Side Request Forgery (SSRF) |
| CVE-2022-24093 |
unknown |
— |
— |
|
|
|
3y ago |
Magento Open Source affected by Improper Input Validation |
| CVE-2021-36023 |
unknown |
— |
— |
|
|
|
3y ago |
Magento XML Injection vulnerability in the Widgets Update Layout |
| CVE-2021-36021 |
unknown |
— |
— |
|
|
|
3y ago |
Magento affected by remote code execution vulnerability in the CMS page scheduled update feature |
| CVE-2021-36036 |
unknown |
— |
— |
|
|
|
3y ago |
Magento improper access control vulnerability within Magento's Media Gallery Upload workflow |
| CVE-2023-38208 |
unknown |
— |
— |
|
|
|
3y ago |
Magento Open Source allows Improper Neutralization of Special Elements Used |
| CVE-2023-38209 |
unknown |
— |
— |
|
|
|
3y ago |
Magento Open Source allows Incorrect Authorization |
| CVE-2023-38207 |
unknown |
— |
— |
|
|
|
3y ago |
Magento Open Source allows XML Injection |
| CVE-2023-22249 |
unknown |
— |
— |
|
|
|
3y ago |
Magento Open Source allows Cross-Site Scripting (XSS) |
| CVE-2023-29297 |
unknown |
— |
— |
|
|
|
3y ago |
Magento Open Source allows Improper Neutralization of Special Elements Used |
| CVE-2023-29293 |
unknown |
— |
— |
|
|
|
3y ago |
Magento Open Source affected by Improper Input Validation |
| CVE-2023-22248 |
unknown |
— |
— |
|
|
|
3y ago |
Magento Open Source affected by Improper Input Validation |
| CVE-2023-29291 |
unknown |
— |
— |
|
|
|
3y ago |
Magento Open Source allows Server-Side Request Forgery (SSRF) |
| CVE-2023-29288 |
unknown |
— |
— |
|
|
|
3y ago |
Magento Open Source allows Incorrect Authorization |
| CVE-2023-29294 |
unknown |
— |
— |
|
|
|
3y ago |
Magento Open Source has Business Logic Errors Vulnerability |
| CVE-2023-29292 |
unknown |
— |
— |
|
|
|
3y ago |
Magento Open Source allows Server-Side Request Forgery (SSRF) |
| CVE-2023-29289 |
unknown |
— |
— |
|
|
|
3y ago |
Magento Open Source allows XML Injection |
| CVE-2023-29287 |
unknown |
— |
— |
|
|
|
3y ago |
Magento Open Source allows Information Exposure |
| CVE-2023-29290 |
unknown |
— |
— |
|
|
|
3y ago |
Magento Open Source allows Incorrect Authorization |
| CVE-2023-29295 |
unknown |
— |
— |
|
|
|
3y ago |
Magento Open Source allows Incorrect Authorization |
| CVE-2023-29296 |
unknown |
— |
— |
|
|
|
3y ago |
Magento Open Source allows Incorrect Authorization |
| CVE-2023-22251 |
unknown |
— |
— |
|
|
|
3y ago |
Magento Open Source allows Incorrect Authorization |
| CVE-2023-22247 |
unknown |
— |
— |
|
|
|
3y ago |
Magento Open Source allows XML Injection |
| CVE-2023-22250 |
unknown |
— |
— |
|
|
|
3y ago |
Magento Open Source allows Improper Access Control |
| CVE-2022-42344 |
unknown |
— |
— |
|
|
|
4y ago |
Magento Improper input validation vulnerability |
| CVE-2022-35689 |
unknown |
— |
— |
|
|
|
4y ago |
Magento Open Source allows Improper Access Control |
| CVE-2022-35698 |
unknown |
— |
— |
|
|
|
4y ago |
Magento Open Source allows Stored Cross-Site Scripting (Stored XSS) |
| CVE-2022-35692 |
unknown |
— |
— |
|
|
|
4y ago |
Magento Open Source has Improper Access Control vulnerability |
| CVE-2022-34256 |
unknown |
— |
— |
|
|
|
4y ago |
Magento Improper Authorization vulnerability |
| CVE-2022-34259 |
unknown |
— |
— |
|
|
|
4y ago |
Magento Improper Access Control vulnerability |
| CVE-2022-34258 |
unknown |
— |
— |
|
|
|
4y ago |
Magento stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-34255 |
unknown |
— |
— |
|
|
|
4y ago |
Magento Improper Access Control vulnerability |
| CVE-2022-34257 |
unknown |
— |
— |
|
|
|
4y ago |
Magento stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-34254 |
unknown |
— |
— |
|
|
|
4y ago |
Magento Path Traversal vulnerability |
| CVE-2022-34253 |
unknown |
— |
— |
|
|
|
4y ago |
Magento XML Injection vulnerability in the Widgets Module |
| CVE-2021-36027 |
unknown |
— |
— |
|
|
|
4y ago |
Magento stored cross-site scripting vulnerability |
| CVE-2021-36026 |
unknown |
— |
— |
|
|
|
4y ago |
Magento stored cross-site scripting vulnerability in the customer address upload feature |
| CVE-2019-8154 |
unknown |
— |
— |
|
|
|
4y ago |
Magento remote code execution vulnerability |
| CVE-2019-8149 |
unknown |
— |
— |
|
|
|
4y ago |
Magento Broken authentication and session managememt |
| CVE-2019-7139 |
unknown |
— |
— |
|
|
|
4y ago |
Magento 2 Community Edition SQLi Vulnerability |
| CVE-2021-39864 |
unknown |
— |
— |
|
|
|
4y ago |
Magento Open Source allows Cross-Site Request Forgery (CSRF) |
| CVE-2021-28566 |
unknown |
— |
— |
|
|
|
4y ago |
Magento Information Disclosure vulnerability |
| CVE-2021-28567 |
unknown |
— |
— |
|
|
|
4y ago |
Magento Improper Authorization vulnerability in the customers module |
| CVE-2021-36020 |
unknown |
— |
— |
|
|
|
4y ago |
Magento XML Injection vulnerability in the 'City' field |
| CVE-2021-36012 |
unknown |
— |
— |
|
|
|
4y ago |
Magento affected by a business logic error in the placeOrder graphql mutation |
| CVE-2021-36022 |
unknown |
— |
— |
|
|
|
4y ago |
Magento XML Injection vulnerability in the Widgets Update Layout |
| CVE-2021-36030 |
unknown |
— |
— |
|
|
|
4y ago |
Magento allows attackers to alter the price of items |
| CVE-2021-36024 |
unknown |
— |
— |
|
|
|
4y ago |
Magento is affected by an os command injection via the Data collection endpoint |
| CVE-2021-36031 |
unknown |
— |
— |
|
|
|
4y ago |
Magento Path Traversal vulnerability via the `theme[preview_image]` parameter |
| CVE-2021-36025 |
unknown |
— |
— |
|
|
|
4y ago |
Magento is affected by an improper input validation vulnerability while saving a customer's details |
| CVE-2021-36033 |
unknown |
— |
— |
|
|
|
4y ago |
Magento XML Injection vulnerability in the Widgets Module |
| CVE-2021-36028 |
unknown |
— |
— |
|
|
|
4y ago |
Magento has an XML Injection vulnerability |
| CVE-2021-36032 |
unknown |
— |
— |
|
|
|
4y ago |
Magento is affected by an improper input validation vulnerability |
| CVE-2021-36029 |
unknown |
— |
— |
|
|
|
4y ago |
Magento improper authorization vulnerability |
| CVE-2021-36037 |
unknown |
— |
— |
|
|
|
4y ago |
Magento is affected by an improper authorization vulnerability |
| CVE-2021-36034 |
unknown |
— |
— |
|
|
|
4y ago |
Magento affected by remote code execution via a file upload |
| CVE-2021-36043 |
unknown |
— |
— |
|
|
|
4y ago |
Magento affected by a blind SSRF vulnerability in the bundled dotmailer extension |
| CVE-2021-36039 |
unknown |
— |
— |
|
|
|
4y ago |
Magento discloses sensitive information |
| CVE-2021-36041 |
unknown |
— |
— |
|
|
|
4y ago |
Magento vulnerable to file upload attack |
| CVE-2021-36042 |
unknown |
— |
— |
|
|
|
4y ago |
Magento executes code via the API File Option Upload Extension |
| CVE-2021-36038 |
unknown |
— |
— |
|
|
|
4y ago |
Magento discloses sensitive information via the Multishipping Module |
| CVE-2021-36040 |
unknown |
— |
— |
|
|
|
4y ago |
Magento has a file extension restrictions bypass |
| CVE-2021-36044 |
unknown |
— |
— |
|
|
|
4y ago |
Magento affected by a server-side denial-of-service using a GraphQL field |
| CVE-2021-28583 |
unknown |
— |
— |
|
|
|
4y ago |
Magento Violation of Secure Design Principles vulnerability in RMA PDF filename formats |
| CVE-2021-28556 |
unknown |
— |
— |
|
|
|
4y ago |
Magento DOM-based Cross-Site Scripting vulnerability on mage-messages cookies |
| CVE-2021-28563 |
unknown |
— |
— |
|
|
|
4y ago |
Magento Unauthorized access to restricted resources |
| CVE-2021-28584 |
unknown |
— |
— |
|
|
|
4y ago |
Magento Path Traversal vulnerability |
| CVE-2021-28585 |
unknown |
— |
— |
|
|
|
4y ago |
Magento Improper input validation vulnerability |
| CVE-2021-21031 |
unknown |
— |
— |
|
|
|
4y ago |
Magento Insufficient Session Expiration |
| CVE-2021-21026 |
unknown |
— |
— |
|
|
|
4y ago |
Magento improper authorization vulnerability in the integrations module |
| CVE-2021-21019 |
unknown |
— |
— |
|
|
|
4y ago |
Magento XML injection in the Widgets module |
| CVE-2021-21030 |
unknown |
— |
— |
|
|
|
4y ago |
Magento stored cross-site scripting (XSS) in the customer address upload feature |
| CVE-2021-21022 |
unknown |
— |
— |
|
|
|
4y ago |
Magento Insecure Direct Object Reference (IDOR) in the product module |
| CVE-2021-21023 |
unknown |
— |
— |
|
|
|
4y ago |
Magento stored cross-site scripting vulnerability in the admin console |
| CVE-2021-21032 |
unknown |
— |
— |
|
|
|
4y ago |
Magento Insufficient Session Expiration |
| CVE-2021-21027 |
unknown |
— |
— |
|
|
|
4y ago |
Magento cross-site request forgery (CSRF) vulnerability via the GraphQL API |
| CVE-2021-21024 |
unknown |
— |
— |
|
|
|
4y ago |
Magento Blind SQL Injection in the Search module |
| CVE-2021-21029 |
unknown |
— |
— |
|
|
|
4y ago |
Magento Reflected Cross-site Scripting vulnerability via 'file' parameter |
| CVE-2021-21018 |
unknown |
— |
— |
|
|
|
4y ago |
Magento OS Command Injection |
| CVE-2021-21014 |
unknown |
— |
— |
|
|
|
4y ago |
Magento vulnerable to a file upload restriction bypass |
| CVE-2021-21020 |
unknown |
— |
— |
|
|
|
4y ago |
Magento Improper Access Control |
| CVE-2021-21025 |
unknown |
— |
— |
|
|
|
4y ago |
Magento XPath Injection |
| CVE-2021-21016 |
unknown |
— |
— |
|
|
|
4y ago |
Magento OS command injection via the WebAPI |
| CVE-2021-21015 |
unknown |
— |
— |
|
|
|
4y ago |
Magento OS command injection via the customer attribute save controller |
| CVE-2020-24407 |
unknown |
— |
— |
|
|
|
4y ago |
Magento 2 Community Edition RCE via Unsafe File Upload |
| CVE-2020-24405 |
unknown |
— |
— |
|
|
|
4y ago |
Magento incorrect permissions vulnerability in the Inventory module |
| CVE-2020-24406 |
unknown |
— |
— |
|
|
|
4y ago |
Magento information disclosure vulnerability |
| CVE-2020-24400 |
unknown |
— |
— |
|
|
|
4y ago |
Magento SQL Injection vulnerability |
| CVE-2020-24401 |
unknown |
— |
— |
|
|
|
4y ago |
Magento 2 Community Edition Incorrect Authorization |
| CVE-2020-24402 |
unknown |
— |
— |
|
|
|
4y ago |
Magento incorrect permissions vulnerability in the Integrations component |
