Filtered by vendor Magento
Subscriptions
Total
227 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-7852 | 1 Magento | 1 Magento | 2024-11-21 | N/A |
| A path disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Requests for a specific file path could result in a redirect to the URL of the Magento admin panel, disclosing its location to potentially unauthorized parties. | ||||
| CVE-2019-7851 | 1 Magento | 1 Magento | 2024-11-21 | N/A |
| A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unintended data deletion from customer pages. | ||||
| CVE-2019-7849 | 1 Magento | 1 Magento | 2024-11-21 | N/A |
| A defense-in-depth check was added to mitigate inadequate session validation handling by 3rd party checkout modules. This impacts Magento 1.x prior to 1.9.4.2, Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2. | ||||
| CVE-2019-7139 | 1 Magento | 1 Magento | 2024-11-21 | N/A |
| An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | ||||
| CVE-2018-5301 | 1 Magento | 1 Magento | 2024-11-21 | N/A |
| Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have CSRF resulting in deletion of a customer address from an address book, aka APPSEC-1433. | ||||
| CVE-2015-6497 | 2 Magento, Php | 2 Magento, Php | 2024-11-21 | 8.8 High |
| The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2.php in Magento Community Edition (CE) before 1.9.2.1 and Enterprise Edition (EE) before 1.14.2.1, when used with PHP before 5.4.24 or 5.5.8, allows remote authenticated users to execute arbitrary PHP code via the productData parameter to index.php/api/v2_soap. | ||||
| CVE-2014-1634 | 1 Magento | 1 Advanced Newsletter | 2024-11-21 | 9.8 Critical |
| SQL Injection exists in Advanced Newsletter Magento extension before 2.3.5 via the /store/advancednewsletter/index/subscribeajax/an_category_id/ PATH_INFO. | ||||