magento · threatengine.sh

CVE-2026-34686

all versions

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cros

8.7HIGH

CVE-2026-40488

< 20.17.0

Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Editio

8.8HIGH

CVE-2026-40098

< 20.17.0

Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Editio

5.4MEDIUM

CVE-2026-25525

< 20.17.0

Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Editio

4.9MEDIUM

CVE-2026-25524

< 20.17.0

Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Editio

8.1HIGH

CVE-2026-21361

< 2.4.5

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cro

8.1HIGH

CVE-2026-21360

< 2.4.5

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper

6.8MEDIUM

CVE-2026-21359

< 2.4.5

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect

4.7MEDIUM

CVE-2026-21311

< 2.4.5

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cro

8.0HIGH

CVE-2026-21310

< 2.4.5

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper

5.3MEDIUM

CVE-2026-21309

< 2.4.5

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect

7.5HIGH

CVE-2026-21297

< 2.4.5

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect

4.3MEDIUM

CVE-2026-21296

< 2.4.5

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect

4.3MEDIUM

CVE-2026-21295

< 2.4.5

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a URL Redire

3.1LOW

CVE-2026-21294

< 2.4.5

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a Server-Sid

5.5MEDIUM

CVE-2026-21293

< 2.4.5

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a Server-Sid

5.5MEDIUM

CVE-2026-21292

< 2.4.5

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cro

5.4MEDIUM

CVE-2026-21291

< 2.4.5

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cro

4.8MEDIUM

CVE-2026-21290

< 2.4.5

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cro

8.7HIGH

CVE-2026-21289

< 2.4.5

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect

7.5HIGH

CVE-2026-21286

< 2.4.5

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect

5.3MEDIUM

CVE-2026-21285

< 2.4.5

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect

4.3MEDIUM

CVE-2026-21284

< 2.4.5

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cro

8.1HIGH

CVE-2026-21282

< 2.4.5

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper

5.3MEDIUM

CVE-2026-25523

<= 20.16.0

Magento-lts is a long-term support alternative to Magento Community Edition (CE). Prior to version 20.16.1, the admin url can be d

5.3MEDIUM

CVE-2025-64174

< 20.16.0

Magento-lts is a long-term support alternative to Magento Community Edition (CE). Versions 20.15.0 and below are affected by a sto

4.8MEDIUM

CVE-2025-54267

all versions

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect

6.5MEDIUM

CVE-2025-54266

all versions

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cro

4.8MEDIUM

CVE-2025-54265

all versions

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect

5.9MEDIUM

CVE-2025-54264

all versions

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cro

8.1HIGH

CVE-2025-54263

all versions

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect

8.1HIGH

CVE-2025-54236

all versions

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper

9.1CRITICAL

CVE-2025-49559

< 2.4.5

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper

5.3MEDIUM

CVE-2025-49558

< 2.4.5

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Time-of-ch

5.9MEDIUM

CVE-2025-49557

< 2.4.5

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cro

8.7HIGH

CVE-2025-49556

< 2.4.5

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Incorrect

7.5HIGH

CVE-2025-49555

< 2.4.5

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Cross-Site

8.1HIGH

CVE-2025-49554

< 2.4.5

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper

7.5HIGH

CVE-2025-49550

< 2.4.5

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vu

4.3MEDIUM

CVE-2025-49549

< 2.4.5

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vu

2.7LOW

CVE-2025-47110

all versions

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by a stored Cross-Site Scripting

8.4HIGH

CVE-2025-43586

all versions

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vu

8.1HIGH

CVE-2025-43585

all versions

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Authorization vul

8.2HIGH

CVE-2025-27206

all versions

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vu

5.3MEDIUM

CVE-2025-27192

< 2.4.4

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protec

2.7LOW

CVE-2025-27191

< 2.4.4

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Contr

5.3MEDIUM

CVE-2025-27190

all versions

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Contr

5.3MEDIUM

CVE-2025-27188

< 2.4.4

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Authorizatio

4.3MEDIUM

CVE-2025-24438

all versions

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scri

8.7HIGH

CVE-2025-24437

all versions

Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier are affected by an Incorrect Authorizati

5.4MEDIUM

CVE-2025-24436

all versions

Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier are affected by an Incorrect Authorizati

4.3MEDIUM

CVE-2025-24435

all versions

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Contr

4.3MEDIUM

CVE-2025-24434

all versions

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorizati

9.1CRITICAL

CVE-2025-24432

< 2.4.4

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-

3.7LOW

CVE-2025-24430

< 2.4.4

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-

3.7LOW

CVE-2025-24429

< 2.4.4

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Contr

3.5LOW

CVE-2025-24428

< 2.4.4

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scri

5.4MEDIUM

CVE-2025-24427

< 2.4.4

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Contr

6.5MEDIUM

CVE-2025-24425

< 2.4.4

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Business Logic Error v

5.3MEDIUM

CVE-2025-24421

< 2.4.4

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorizati

4.3MEDIUM

CVE-2025-24417

< 2.4.4

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scri

8.7HIGH

CVE-2025-24416

< 2.4.4

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scri

8.7HIGH

CVE-2025-24415

< 2.4.4

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scri

8.7HIGH

CVE-2025-24414

< 2.4.4

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scri

8.7HIGH

CVE-2025-24413

< 2.4.4

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scri

8.7HIGH

CVE-2025-24412

< 2.4.4

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scri

8.7HIGH

CVE-2025-24411

< 2.4.4

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Contr

8.1HIGH

CVE-2025-24410

< 2.4.4

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scri

8.7HIGH

CVE-2025-24409

< 2.4.4

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorizat

8.2HIGH

CVE-2025-24408

< 2.4.4

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Information Exposure

6.5MEDIUM

CVE-2025-24406

< 2.4.4

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Limitation o

7.5HIGH

CVE-2024-49521

< 3.2.6

Adobe Commerce versions 3.2.5 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to a

7.7HIGH

CVE-2024-45149

all versions

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerabili

2.7LOW

CVE-2024-45148

all versions

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerabili

8.8HIGH

CVE-2024-45135

all versions

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerabili

2.7LOW

CVE-2024-45134

all versions

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability

2.7LOW

CVE-2024-45133

all versions

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability

2.7LOW

CVE-2024-45132

all versions

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerabilit

6.5MEDIUM

CVE-2024-45131

all versions

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerabilit

5.4MEDIUM

CVE-2024-45130

all versions

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerabili

4.3MEDIUM

CVE-2024-45129

all versions

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerabili

4.3MEDIUM

CVE-2024-45128

all versions

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerabilit

5.4MEDIUM

CVE-2024-45127

all versions

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting (XSS) vu

4.8MEDIUM

CVE-2024-45125

all versions

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Incorrect Authorization vulnerabili

4.3MEDIUM

CVE-2024-45124

all versions

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerabili

5.3MEDIUM

CVE-2024-45123

all versions

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a reflected Cross-Site Scripting (XSS)

6.1MEDIUM

CVE-2024-45122

all versions

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerabili

4.3MEDIUM

CVE-2024-45121

all versions

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerabili

4.3MEDIUM

CVE-2024-45120

all versions

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) R

3.1LOW

CVE-2024-45119

all versions

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 (and earlier) are affected by a Server-Side Request Forgery (SSRF)

4.9MEDIUM

CVE-2024-45118

all versions

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerabili

6.5MEDIUM

CVE-2024-45117

all versions

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerabi

7.6HIGH

CVE-2024-45116

all versions

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerabi

8.1HIGH

CVE-2024-45115

all versions

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerabili

9.8CRITICAL

CVE-2024-39419

<= 2.4.3

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability

4.3MEDIUM

CVE-2024-39418

<= 2.4.3

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability

5.4MEDIUM

CVE-2024-39417

<= 2.4.3

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability

4.3MEDIUM

CVE-2024-39416

<= 2.4.3

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability

4.3MEDIUM

CVE-2024-39415

<= 2.4.3

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability

4.3MEDIUM

CVE-2024-39414

<= 2.4.3

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability

4.3MEDIUM

CVE-2024-39413

<= 2.4.3

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability

4.3MEDIUM

CVE-2024-39412

<= 2.4.3

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability

4.3MEDIUM

CVE-2024-39411

<= 2.4.3

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability

4.3MEDIUM

CVE-2024-39410

<= 2.4.3

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vul

4.3MEDIUM

CVE-2024-39409

<= 2.4.3

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vul

4.3MEDIUM

CVE-2024-39408

<= 2.4.3

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vul

4.3MEDIUM

CVE-2024-39407

<= 2.4.3

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability

4.3MEDIUM

CVE-2024-39406

<= 2.4.3

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to

6.8MEDIUM

CVE-2024-39405

<= 2.4.3

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability

4.3MEDIUM

CVE-2024-39404

<= 2.4.3

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability

4.3MEDIUM

CVE-2024-39403

<= 2.4.3

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a stored Cross-Site Scripting (XSS) vul

7.6HIGH

CVE-2024-39402

<= 2.4.3

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special E

8.4HIGH

CVE-2024-39401

<= 2.4.3

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special E

8.4HIGH

CVE-2024-39400

<= 2.4.3

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS)

8.1HIGH

CVE-2024-39399

<= 2.4.3

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to

7.7HIGH

CVE-2024-39398

<= 2.4.3

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Restriction of Excessive Au

7.4HIGH

CVE-2024-39397

<= 2.4.3

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Unrestricted Upload of File with Dan

9.0CRITICAL

CVE-2024-41676

< 20.10.1

Magento-lts is a long-term support alternative to Magento Community Edition (CE). This XSS vulnerability affects the design/header

4.1MEDIUM

CVE-2024-34111

all versions

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulne

6.5MEDIUM

CVE-2024-34110

all versions

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Unrestricted Upload of File with Danger

7.2HIGH

CVE-2024-34109

all versions

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability

7.2HIGH

CVE-2024-34108

all versions

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability

9.1CRITICAL

CVE-2024-34107

all versions

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Access Control vulnerability t

5.3MEDIUM

CVE-2024-34106

all versions

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Incorrect Authorization vulnerability t

5.3MEDIUM

CVE-2024-34105

all versions

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulner

4.8MEDIUM

CVE-2024-34104

all versions

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authorization vulnerability th

8.2HIGH

CVE-2024-34103

all versions

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authentication vulnerability t

8.1HIGH

CVE-2024-34102

all versions

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External En

9.8CRITICAL

CVE-2024-20759

all versions

Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by a stored Cross-Site Scripting (XSS)

8.1HIGH

CVE-2024-20758

all versions

Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnera

9.0CRITICAL

CVE-2023-38251

all versions

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are a

5.3MEDIUM

CVE-2023-38250

all versions

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are a

8.0HIGH

CVE-2023-38249

all versions

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are a

8.0HIGH

CVE-2023-38221

all versions

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are a

8.0HIGH

CVE-2023-38220

all versions

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are a

7.5HIGH

CVE-2023-38219

all versions

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are a

8.7HIGH

CVE-2023-38218

all versions

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are a

8.8HIGH

CVE-2023-26367

all versions

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are a

4.9MEDIUM

CVE-2023-26366

all versions

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are a

6.8MEDIUM

CVE-2023-41879

< 19.5.1

Magento LTS is the official OpenMage LTS codebase. Guest orders may be viewed without authentication using a "guest-view" cookie w

7.5HIGH

CVE-2021-36036

< 2.3.7

Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper access control vu

7.2HIGH

CVE-2021-36023

< 2.3.7

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vul

9.1CRITICAL

CVE-2021-36021

< 2.3.7

Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an Improper input validation

7.2HIGH

CVE-2023-29297

all versions

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutrali

9.1CRITICAL

CVE-2023-29296

all versions

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Author

4.3MEDIUM

CVE-2023-29295

all versions

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Author

4.3MEDIUM

CVE-2023-29294

all versions

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Business Logic Er

4.3MEDIUM

CVE-2023-29293

all versions

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Improper Input V

2.7LOW

CVE-2023-29292

all versions

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Reque

4.9MEDIUM

CVE-2023-29291

all versions

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Reque

4.9MEDIUM

CVE-2023-29290

all versions

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Author

5.3MEDIUM

CVE-2023-29289

all versions

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an XML Injection vu

6.5MEDIUM

CVE-2023-29288

all versions

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Author

4.3MEDIUM

CVE-2023-29287

all versions

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Information Expo

5.3MEDIUM

CVE-2023-22248

all versions

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Author

7.5HIGH

CVE-2023-23617

< 19.4.22

OpenMage LTS is an e-commerce platform. Versions prior to 19.4.22 and 20.0.19 contain an infinite loop in malicious code filter in

4.9MEDIUM

CVE-2021-41231

< 19.4.22

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, an administrator with the permissions to upload fil

7.2HIGH

CVE-2021-41144

< 19.4.22

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block blackli

8.8HIGH

CVE-2021-41143

< 19.4.22

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Magento admin users with access to the customer med

7.2HIGH

CVE-2021-39217

< 19.4.22

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Custom Layout enabled admin users to execute arbitr

7.2HIGH

CVE-2021-21395

< 19.4.22

Magneto LTS (Long Term Support) is a community developed alternative to the Magento CE official releases. Versions prior to 19.4.2

4.2MEDIUM

CVE-2022-42344

< 2.3.7

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Incorrect Author

8.8HIGH

CVE-2022-34259

>= 2.3.0 and < 2.3.7

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access

5.3MEDIUM

CVE-2022-34258

>= 2.3.0 and < 2.3.7

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by a stored Cross-Site

4.8MEDIUM

CVE-2022-34257

>= 2.3.0 and < 2.3.7

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by a stored Cross-Site

6.1MEDIUM

CVE-2022-34256

>= 2.3.0 and < 2.3.7

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Authori

7.5HIGH

CVE-2022-34255

>= 2.3.0 and < 2.3.7

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access

8.8HIGH

CVE-2022-34254

>= 2.3.0 and < 2.3.7

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Limitat

8.8HIGH

CVE-2022-34253

>= 2.3.0 and < 2.3.7

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an XML Injection vu

7.2HIGH

CVE-2022-24086

< 2.3.0

Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerabili

9.8CRITICAL

CVE-2021-28567

<= 2.4.2

Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are vulnerable to an Improper Authorizatio

6.5MEDIUM

CVE-2021-28566

<= 2.4.2

Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are vulnerable to an Information Disclosur

3.7LOW

CVE-2021-32759

< 19.4.13

OpenMage magento-lts is an alternative to the Magento CE official releases. Due to missing sanitation in data flow in versions pri

7.2HIGH

CVE-2021-28585

< 2.3.6

Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by an Improper input validati

5.3MEDIUM

CVE-2021-28584

< 2.3.6

Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a Path Traversal vulnerabi

5.4MEDIUM

CVE-2021-28583

< 2.3.6

Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a Violation of Secure Desi

7.5HIGH

CVE-2021-28563

< 2.3.7

Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by an Improper Authorization

6.5MEDIUM

CVE-2021-28556

< 2.3.7

Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a DOM-based Cross-Site Scr

6.9MEDIUM

CVE-2021-21427

< 19.4.13

Magento-lts is a long-term support alternative to Magento Community Edition (CE). A vulnerability in magento-lts versions before 1

9.1CRITICAL

CVE-2021-21426

< 19.4.13

Magento-lts is a long-term support alternative to Magento Community Edition (CE). In magento-lts versions 19.4.12 and prior and 20

9.8CRITICAL

CVE-2021-21064

<= 1.1.2

Magento UPWARD-php version 1.1.4 (and earlier) is affected by a Path traversal vulnerability in Magento UPWARD Connector version 1

4.9MEDIUM

CVE-2021-21014

< 2.3.6

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a file upload restriction b

9.1CRITICAL

CVE-2021-21032

< 2.3.6

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) do not adequately invalidate user sessions. S

5.6MEDIUM

CVE-2021-21031

< 2.3.6

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) do not adequately invalidate user sessions. S

5.6MEDIUM

CVE-2021-21030

< 2.3.6

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a stored cross-site scripti

8.1HIGH

CVE-2021-21029

< 2.3.6

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a Reflected Cross-site Script

4.8MEDIUM

CVE-2021-21027

< 2.3.6

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a cross-site request forgery

4.3MEDIUM

CVE-2021-21026

< 2.3.6

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by an improper authorization vul

5.3MEDIUM

CVE-2021-21025

< 2.3.6

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to XML injection in the produc

9.1CRITICAL

CVE-2021-21024

< 2.3.6

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a blind SQL injection vulnera

9.1CRITICAL

CVE-2021-21023

< 2.3.6

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a stored cross-site scripti

4.8MEDIUM

CVE-2021-21022

< 2.3.6

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object r

5.3MEDIUM

CVE-2021-21020

< 2.3.6

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an access control bypass vu

5.3MEDIUM

CVE-2021-21019

< 2.3.6

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to XML injection in the Widget

9.1CRITICAL

CVE-2021-21018

< 2.3.6

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to OS command injection via th

9.1CRITICAL

CVE-2021-21016

< 2.3.6

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to OS command injection via th

9.1CRITICAL

CVE-2021-21015

< 2.3.6

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an OS command injection via

8.0HIGH

CVE-2021-21013

<= 2.4.1

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object v

8.1HIGH

CVE-2020-24407

< 2.3.5

Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an unsafe file upload vulnerability that could result in arbitrar

9.1CRITICAL

CVE-2020-24406

<= 2.3.4

When in maintenance mode, Magento version 2.4.0 and 2.3.4 (and earlier) are affected by an information disclosure vulnerability th

3.7LOW

CVE-2020-24405

< 2.3.5

Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions issue vulnerability in the Inventory modu

4.3MEDIUM

CVE-2020-24404

< 2.3.5

Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability within the Integrations com

2.7LOW

CVE-2020-24403

< 2.3.5

Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect user permissions vulnerability within the Inventory c

2.7LOW

CVE-2020-24402

< 2.3.5

Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability in the Integrations compone

4.9MEDIUM

CVE-2020-24401

< 2.3.5

Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect authorization vulnerability. A user can still access

6.5MEDIUM

CVE-2020-24400

< 2.3.5

Magento versions 2.4.0 and 2.3.5 (and earlier) are affected by an SQL Injection vulnerability that could lead to sensitive informa

7.1HIGH

CVE-2020-15244

<= 19.4.8

In Magento (rubygems openmage/magento-lts package) before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials

8.0HIGH

CVE-2020-24408

<= 2.3.4

Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a persistent XSS vulnerability that allows users to upload malici

6.1MEDIUM

CVE-2020-15151

<= 2.3.5

OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the fromkey protection in the Admin Interface and

8.0HIGH

CVE-2020-9692

< 2.3.5

Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a security mitigation bypass vulnerability. Successful exploi

6.5MEDIUM

CVE-2020-9691

< 2.3.5

Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a dom-based cross-site scripting vulnerability. Successful ex

9.6CRITICAL

CVE-2020-9690

< 2.3.5

Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful ex

4.2MEDIUM

CVE-2020-9689

< 2.3.5

Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a path traversal vulnerability. Successful exploitation could

6.5MEDIUM

CVE-2020-9665

<= 1.14.4.5

Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a stored cross-site scripting vulnerability. Successful exploi

6.1MEDIUM

CVE-2020-9664

<= 1.14.4.5

Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a php object injection vulnerability. Successful exploitation

9.8CRITICAL

CVE-2020-9632

>= 2.2.0 and <= 2.2.11

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security m

9.8CRITICAL

CVE-2020-9631

>= 2.2.0 and <= 2.2.11

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security m

9.8CRITICAL

CVE-2020-9630

>= 2.2.0 and <= 2.2.11

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a business l

9.8CRITICAL

CVE-2020-9591

>= 2.2.0 and <= 2.2.11

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in

7.5HIGH

CVE-2020-9588

>= 2.2.0 and <= 2.2.11

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an observabl

7.2HIGH

CVE-2020-9587

>= 2.2.0 and <= 2.2.11

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authoriza

7.5HIGH

CVE-2020-9585

>= 2.2.0 and <= 2.2.11

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in

9.8CRITICAL

CVE-2020-9584

>= 2.2.0 and <= 2.2.11

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cro

5.4MEDIUM

CVE-2020-9583

>= 2.2.0 and <= 2.2.11

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command in

9.8CRITICAL

CVE-2020-9582

>= 2.2.0 and <= 2.2.11

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command in

9.8CRITICAL

CVE-2020-9581

>= 2.2.0 and <= 2.2.11

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cro

6.1MEDIUM

CVE-2020-9580

>= 2.2.0 and <= 2.2.11

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security m

9.8CRITICAL

CVE-2020-9579

>= 2.2.0 and <= 2.2.11

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security m

9.8CRITICAL

CVE-2020-9578

>= 2.2.0 and <= 2.2.11

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command in

9.8CRITICAL

CVE-2020-9577

>= 2.2.0 and <= 2.2.11

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cro

6.1MEDIUM

CVE-2020-9576

>= 2.2.0 and <= 2.2.11

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command in

9.8CRITICAL

CVE-2014-1634

< 2.3.5

SQL Injection exists in Advanced Newsletter Magento extension before 2.3.5 via the /store/advancednewsletter/index/subscribeajax/a

9.8CRITICAL

CVE-2020-8818

all versions

An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN cal

8.1HIGH

CVE-2012-6091

< 1.7.0.2

Zend_XmlRpc Class in Magento before 1.7.0.2 contains an information disclosure vulnerability.

7.5HIGH

CVE-2020-3758

>= 2.2.0 and <= 2.2.10

Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a stored cross-site scr

6.1MEDIUM

CVE-2020-3719

>= 2.2.0 and <= 2.2.10

Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have an sql injection vulner

7.5HIGH

CVE-2020-3718

>= 2.2.0 and <= 2.2.10

Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a security bypass vulne

9.8CRITICAL

CVE-2020-3717

>= 2.2.0 and <= 2.2.10

Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a path traversal vulner

5.3MEDIUM

CVE-2020-3716

>= 2.2.0 and <= 2.2.10

Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a deserialization of un

9.8CRITICAL

CVE-2020-3715

>= 2.2.0 and <= 2.2.10

Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a stored cross-site scr

6.1MEDIUM

CVE-2015-6497

< 1.9.2.1

The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2.php in Magento Community Edition (CE) before 1.9.2.1 and En

8.8HIGH

CVE-2019-8158

>= 2.2.0 and < 2.2.10

An XPath entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An attacker

9.8CRITICAL

CVE-2019-8157

>= 2.2.0 and < 2.2.10

A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A

5.4MEDIUM

CVE-2019-8156

>= 2.2.0 and < 2.2.10

A server-side request forgery (SSRF) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.

7.2HIGH

CVE-2019-8145

>= 2.2.0 and < 2.2.10

A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A

5.4MEDIUM

CVE-2019-8132

>= 2.2.0 and < 2.2.10

A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A

5.4MEDIUM

CVE-2019-8233

>= 2.2.0 and < 2.2.10

In Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an unauthenticated user can inject arbitrary JavaScript co

6.1MEDIUM

CVE-2019-8232

>= 1.9.0.0 and < 1.14.4.3

In Magento prior to 1.9.4.3, Magento prior to 1.14.4.3, Magento 2.2 prior to 2.2.10, and Magento 2.3 prior to 2.3.3 or 2.3.2-p1, a

6.6MEDIUM

CVE-2019-8231

>= 1.9.0.0 and < 1.14.4.3

In Magento to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with administrative privileges for editing attribute se

7.2HIGH

CVE-2019-8230

>= 1.9.0.0 and < 1.14.4.3

In Magentoprior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit configurat

7.2HIGH

CVE-2019-8229

>= 1.9.0.0 and < 1.14.4.3

In Magento prior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit product a

7.2HIGH

CVE-2019-8228

>= 1.9.0.0 and < 1.14.4.3

in Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject

4.8MEDIUM

CVE-2019-8227

>= 1.9.0.0 and < 1.14.4.3

In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject

4.8MEDIUM

CVE-2019-8159

>= 2.2.0 and < 2.2.10

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authentica

8.8HIGH

CVE-2019-8155

>= 1.9.0.0 and < 1.14.4.3

Magento prior to 1.9.4.3 and prior to 1.14.4.3 included a user's CSRF token in the URL of a GET request. This could be exploited b

7.5HIGH

CVE-2019-8154

>= 2.2.0 and < 2.2.10

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authentica

8.8HIGH

CVE-2019-8153

>= 2.2.0 and < 2.2.10

A mitigation bypass to prevent cross-site scripting (XSS) exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3

6.1MEDIUM

CVE-2019-8152

>= 1.9.0.0 and < 1.14.4.3

A stored cross-site scripting (XSS) vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.1

5.4MEDIUM

CVE-2019-8151

>= 2.2.0 and < 2.2.10

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authentica

7.2HIGH

CVE-2019-8150

>= 2.2.0 and < 2.2.10

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authentica

8.8HIGH

CVE-2019-8149

>= 2.2.0 and < 2.2.10

Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or

9.8CRITICAL

CVE-2019-8148

>= 2.3.0 and < 2.3.2

A stored cross-site scripting (XSS) vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user ca

4.8MEDIUM

CVE-2019-8147

>= 2.2.0 and < 2.2.10

A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A

5.4MEDIUM

CVE-2019-8146

>= 2.2.0 and < 2.2.10

A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A

5.4MEDIUM

CVE-2019-8144

>= 2.3.0 and < 2.3.2

A remote code execution vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can insert a malic

9.8CRITICAL

CVE-2019-8143

>= 2.2.0 and < 2.2.10

A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user

6.5MEDIUM

CVE-2019-8142

>= 2.2.0 and < 2.2.10

A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A

5.4MEDIUM

CVE-2019-8141

>= 2.1.0 and < 2.1.19

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3

7.2HIGH

CVE-2019-8140

>= 2.2.0 and < 2.2.10

An unrestricted file upload vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authen

4.9MEDIUM

CVE-2019-8139

>= 2.3.0 and < 2.3.2

A stored cross-site scripting (XSS) vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inje

5.4MEDIUM

CVE-2019-8138

>= 2.2.0 and < 2.2.10

A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A

5.4MEDIUM

CVE-2019-8137

>= 2.2.0 and < 2.2.10

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authentica

8.8HIGH

CVE-2019-8136

>= 2.2.0 and < 2.2.10

An insecure component vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Magento 2 codeb

9.8CRITICAL

CVE-2019-8135

>= 2.2.0 and < 2.2.10

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Dependency in

9.8CRITICAL

CVE-2019-8134

>= 2.2.0 and < 2.2.10

A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with marketing

8.8HIGH

CVE-2019-8133

>= 2.2.0 and < 2.2.10

A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with privile

6.5MEDIUM

CVE-2019-8131

>= 2.2.0 and < 2.2.10

A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A

5.4MEDIUM

CVE-2019-8130

>= 2.2.0 and < 2.2.10

A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with store man

8.8HIGH

CVE-2019-8129

>= 2.2.0 and < 2.2.10

A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A

5.4MEDIUM

CVE-2019-8128

>= 2.2.0 and < 2.2.10

A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A

5.4MEDIUM

CVE-2019-8127

>= 2.2.0 and < 2.2.10

A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user

8.8HIGH

CVE-2019-8126

>= 2.2.0 and < 2.2.10

An XML entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authentica

4.9MEDIUM

CVE-2019-8125

>= 1.9.0.0 and < 1.14.4.3

A remote code execution vulnerability exists in Magento 1 prior to 1.9.x and 1.14.x. An authenticated admin user can modify config

7.2HIGH

CVE-2019-8124

>= 2.1.0 and < 2.1.19

An insufficient logging and monitoring vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2

4.9MEDIUM

CVE-2019-8123

< 1.14.4.3

An insufficient logging and monitoring vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.1 prior to 2.1.1

5.3MEDIUM

CVE-2019-8122

>= 2.1.0 and < 2.1.19

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3

8.8HIGH

CVE-2019-8121

>= 2.1.0 and < 2.1.19

An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3

9.8CRITICAL

CVE-2019-8120

>= 2.1.0 and < 2.1.19

A stored cross-site scripting (XSS) vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3

5.4MEDIUM

CVE-2019-8119

>= 2.1.0 and < 2.1.19

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3

7.2HIGH

CVE-2019-8118

>= 2.1.0 and < 2.1.19

Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 uses weak cryptographic function to store the

5.3MEDIUM

CVE-2019-8117

>= 2.2.0 and < 2.2.10

A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A

5.4MEDIUM

CVE-2019-8116

>= 2.2.0 and < 2.2.10

Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or

7.5HIGH

CVE-2019-8115

>= 2.2.0 and < 2.2.10

A reflected cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1

4.8MEDIUM

CVE-2019-8114

< 1.14.4.3

A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3

7.2HIGH

CVE-2019-8113

>= 2.2.0 and < 2.2.10

Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 uses cryptographically weak random number generator to brute-f

5.3MEDIUM

CVE-2019-8112

>= 2.2.0 and < 2.2.10

A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated

7.5HIGH

CVE-2019-8111

>= 2.2.0 and < 2.2.10

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authentica

8.8HIGH

CVE-2019-8110

>= 2.2.0 and < 2.2.10

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authentica

8.8HIGH

CVE-2019-8109

>= 2.2.0 and < 2.2.10

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authentica

8.0HIGH

CVE-2019-8108

>= 2.2.0 and < 2.2.10

Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or

6.5MEDIUM

CVE-2019-8107

>= 2.2.0 and < 2.2.10

An arbitrary file deletion vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authent

6.5MEDIUM

CVE-2019-8093

>= 2.2.0 and < 2.2.10

An arbitrary file access vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authentic

8.8HIGH

CVE-2019-8092

>= 2.2.0 and < 2.2.10

A reflected cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1

5.4MEDIUM

CVE-2019-8091

>= 1.9.0.0 and < 1.14.4.3

A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3. An authenticated admin user with privileg

7.2HIGH

CVE-2019-8090

>= 2.1.0 and < 2.1.19

An arbitrary file deletion vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to

6.5MEDIUM

CVE-2019-8235

>= 2.1.0 and < 2.1.17

An insecure direct object reference (IDOR) vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8, and 2.1 prior t

6.5MEDIUM

CVE-2019-7951

>= 2.1.0 and < 2.1.18

An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2

7.5HIGH

CVE-2019-7950

>= 2.1.0 and < 2.1.18

An access control bypass vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3

7.5HIGH

CVE-2019-7947

< 1.14.4.2

A cross-site request forgery vulnerability exists in the GiftCardAccount removal feature for Magento Open Source prior to 1.9.4.2,

6.5MEDIUM

CVE-2019-7945

< 1.14.4.2

A stored cross-cite scripting vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2

5.4MEDIUM

CVE-2019-7944

< 1.14.4.2

A stored cross-site scripting vulnerability exists in the product comments field of Magento Open Source prior to 1.9.4.2, and Mage

5.4MEDIUM

CVE-2019-7942

>= 2.1.0 and < 2.1.18

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.

7.2HIGH

CVE-2019-7940

< 1.14.4.2

A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerc

4.8MEDIUM

CVE-2019-7939

>= 2.1.0 and < 2.1.18

A reflected cross-site scripting vulnerability exists on the customer cart checkout page of Magento 2.1 prior to 2.1.18, Magento 2

6.1MEDIUM

CVE-2019-7938

< 1.14.4.2

A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerc

4.8MEDIUM

CVE-2019-7937

>= 2.1.0 and < 2.1.18

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9,

4.8MEDIUM

CVE-2019-7936

>= 2.1.0 and < 2.1.18

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9,

4.8MEDIUM

CVE-2019-7935

< 1.14.4.2

A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerc

4.8MEDIUM

CVE-2019-7934

< 1.14.4.2

A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerc

4.8MEDIUM

CVE-2019-7932

< 1.14.4.2

A remote code execution vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Mage

7.2HIGH

CVE-2019-7930

>= 2.1.0 and < 2.1.18

A file upload restriction bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An

7.2HIGH

CVE-2019-7929

>= 2.1.0 and < 2.1.18

An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2

4.9MEDIUM

CVE-2019-7928

>= 2.1.0 and < 2.1.18

A denial-of-service (DoS) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.

7.5HIGH

CVE-2019-7927

>= 2.1.0 and < 2.1.18

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9,

4.8MEDIUM

CVE-2019-7926

>= 2.1.0 and < 2.1.18

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9,

4.8MEDIUM

CVE-2019-7925

>= 2.1.0 and < 2.1.18

An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magent

4.9MEDIUM

CVE-2019-7923

>= 2.1.0 and < 2.1.18

A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3

7.2HIGH

CVE-2019-7921

>= 2.1.0 and < 2.1.18

A stored cross-site scripting vulnerability exists in the product catalog form of Magento 2.1 prior to 2.1.18, Magento 2.2 prior t

5.4MEDIUM

CVE-2019-7915

>= 2.1.0 and < 2.1.18

A denial-of-service vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. U

7.5HIGH

CVE-2019-7913

>= 2.1.0 and < 2.1.18

A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3

7.2HIGH

CVE-2019-7912

>= 2.1.0 and < 2.1.18

A file upload filter bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This ca

7.2HIGH

CVE-2019-7911

>= 2.1.0 and < 2.1.18

A server-side request forgery (SSRF) vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1

7.2HIGH

CVE-2019-7909

< 1.14.4.2

A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerc

4.8MEDIUM

CVE-2019-7908

>= 2.1.0 and < 2.1.18

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9,

4.8MEDIUM

CVE-2019-7904

>= 2.1.0 and < 2.1.18

Insufficient enforcement of user access controls in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to

6.5MEDIUM

CVE-2019-7903

>= 2.1.0 and < 2.1.18

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.

7.2HIGH

CVE-2019-7899

< 1.14.4.2

Names of disabled downloadable products could be disclosed due to inadequate validation of user input in Magento Open Source prior

5.3MEDIUM

CVE-2019-7898

< 1.14.4.2

Samples of disabled downloadable products are accessible in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.

5.3MEDIUM

CVE-2019-7897

< 1.14.4.2

A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerc

4.8MEDIUM

CVE-2019-7896

>= 2.1.0 and < 2.1.18

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.

7.2HIGH

CVE-2019-7895

>= 2.1.0 and < 2.1.18

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.

7.2HIGH

CVE-2019-7892

>= 2.1.0 and < 2.1.18

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.

7.2HIGH

CVE-2019-7890

>= 2.1.0 and < 2.1.18

An Insecure Direct Object Reference (IDOR) vulnerability exists in the order processing workflow of Magento 2.1 prior to 2.1.18, M

7.3HIGH

CVE-2019-7889

< 1.14.4.2

An injection vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 pri

6.5MEDIUM

CVE-2019-7888

>= 2.1.0 and < 2.1.18

An information disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.

6.5MEDIUM

CVE-2019-7887

< 1.14.4.2

A reflected cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Comm

4.8MEDIUM

CVE-2019-7886

>= 2.1.0 and < 2.1.18

A cryptograhic flaw exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A weak cryptogr

7.5HIGH

CVE-2019-7885

>= 2.1.0 and < 2.1.18

Insufficient input validation in the config builder of the Elastic search module could lead to remote code execution in Magento 2.

8.8HIGH

CVE-2019-7882

< 1.14.4.2

A stored cross-site scripting vulnerability exists in the WYSIWYG editor of Magento Open Source prior to 1.9.4.2, and Magento Comm

5.4MEDIUM

CVE-2019-7881

>= 2.1.0 and < 2.1.18

A cross-site scripting mitigation bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2

5.4MEDIUM

CVE-2019-7880

>= 2.1.0 and < 2.1.18

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9,

4.8MEDIUM

CVE-2019-7877

>= 2.1.0 and < 2.1.18

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9,

6.1MEDIUM

CVE-2019-7876

>= 2.1.0 and < 2.1.18

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.

8.8HIGH

CVE-2019-7875

< 1.14.4.2

A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerc

4.8MEDIUM

CVE-2019-7874

>= 2.1.0 and < 2.1.18

A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to

6.5MEDIUM

CVE-2019-7873

>= 2.1.0 and < 2.1.18

A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to

4.3MEDIUM

CVE-2019-7872

>= 2.1.0 and < 2.1.18

An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magent

6.5MEDIUM

CVE-2019-7871

>= 2.1.0 and < 2.1.18

A security bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 that could be abus

8.8HIGH

CVE-2019-7869

>= 2.1.0 and < 2.1.18

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9,

4.8MEDIUM

CVE-2019-7868

>= 2.1.0 and < 2.1.18

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9,

4.8MEDIUM

CVE-2019-7867

>= 2.1.0 and < 2.1.18

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9,

4.8MEDIUM

CVE-2019-7866

>= 2.1.0 and < 2.1.18

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9,

4.8MEDIUM

CVE-2019-7865

>= 2.1.0 and < 2.1.18

A cross-site request forgery (CSRF) vulnerability exists in the checkout cart item of Magento 2.1 prior to 2.1.18, Magento 2.2 pri

8.8HIGH

CVE-2019-7864

>= 2.1.0 and < 2.1.18

An insecure direct object reference (IDOR) vulnerability exists in the RSS feeds of Magento 2.1 prior to 2.1.18, Magento 2.2 prior

5.3MEDIUM

CVE-2019-7863

>= 2.1.0 and < 2.1.18

A stored cross-site scripting vulnerability exists in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9,

4.8MEDIUM

CVE-2019-7862

>= 2.1.0 and < 2.1.18

A reflected cross-site scripting vulnerability exists in the Product widget chooser functionality in the admin panel for Magento 2

4.8MEDIUM

CVE-2019-7861

>= 2.1.0 and < 2.1.18

Insufficient server-side validation of user input could allow an attacker to bypass file upload restrictions in Magento 2.1 prior

7.5HIGH

CVE-2019-7860

>= 2.1.0 and < 2.1.18

A cryptographically weak pseudo-rando number generator is used in multiple security relevant contexts in Magento 2.1 prior to 2.1.

7.5HIGH

CVE-2019-7859

>= 2.1.0 and < 2.1.18

A path traversal vulnerability in the WYSIWYG editor for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prio

7.5HIGH

CVE-2019-7858

>= 2.1.0 and < 2.1.18

A cryptographic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2 resulted in storage

7.5HIGH

CVE-2019-7857

>= 2.1.0 and < 2.1.18

A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2

4.3MEDIUM

CVE-2019-7855

>= 2.1.0 and < 2.1.18

A cryptograhic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could be abused by an u

5.3MEDIUM

CVE-2019-7854

>= 2.1.0 and < 2.1.18

An insecure direct object reference (IDOR) vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 p

7.5HIGH

CVE-2019-7853

>= 2.1.0 and < 2.1.18

A stored cross-site scripting vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior t

4.8MEDIUM

CVE-2019-7852

>= 2.1.0 and < 2.1.18

A path disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Req

5.3MEDIUM

CVE-2019-7851

>= 2.1.0 and < 2.1.18

A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2

6.5MEDIUM

CVE-2019-7849

< 1.14.4.2

A defense-in-depth check was added to mitigate inadequate session validation handling by 3rd party checkout modules. This impacts

7.5HIGH

CVE-2019-7139

>= 1.14.0.0 and < 1.14.4.1

An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensi

9.8CRITICAL

CVE-2018-5301

< 2.0.10

Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have CSRF resulting in deletion of a custome

6.5MEDIUM

CVE-2016-10704

< 2.0.10

Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that are misha

6.1MEDIUM

CVE-2015-8707

<= 1.9.2.1

Password reset tokens in Magento CE before 1.9.2.2, and Magento EE before 1.14.2.2 are passed via a GET request and not canceled a

9.8CRITICAL

CVE-2014-9758

all versions

Cross-site scripting (XSS) vulnerability in Magento E-Commerce Platform 1.9.0.1.

6.1MEDIUM

CVE-2016-6485

all versions

The __construct function in Framework/Encryption/Crypt.php in Magento 2 uses the PHP rand function to generate a random number for

7.5HIGH

CVE-2016-4010

<= 2.0.5

Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code v

9.8CRITICAL

CVE-2016-2212

<= 1.9.2.2

The getOrderByStatusUrlKey function in the Mage_Rss_Helper_Order class in app/code/core/Mage/Rss/Helper/Order.php in Magento Enter

5.3MEDIUM

CVE-2015-3458

all versions

The fetchView function in the Mage_Core_Block_Template_Zend class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition

CVE-2015-3457

all versions

Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allow remote attackers to bypass authentication via th

CVE-2015-1399

all versions

PHP remote file inclusion vulnerability in the fetchView function in the Mage_Core_Block_Template_Zend class in Magento Community

CVE-2015-1398

all versions

Multiple directory traversal vulnerabilities in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allow

CVE-2015-1397

all versions

SQL injection vulnerability in the getCsvFile function in the Mage_Adminhtml_Block_Widget_Grid class in Magento Community Edition

CVE-2011-5240

all versions

Magento 1.5 and 1.6.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectA