Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / magento

magento

380 tracked vulnerabilities.

CVE-2019-7865 HIGH

Magento 2.1-2.1.17 - Cross-Site Request Forgery in Checkout Cart Item

CVE-2019-7864 MEDIUM

Magento 2.1.0-2.1.17, 2.2.0-2.2.8, 2.3.0-2.3.1 - Insecure Direct Object Reference in RSS Feeds

CVE-2019-7863 MEDIUM

Magento 2.1-2.1.17, 2.2-2.2.8, 2.3-2.3.1 - Authenticated Stored Cross-Site Scripting in Admin Panel

CVE-2019-7862 MEDIUM

Magento 2.1.0-2.1.17 - Reflected Cross-Site Scripting in Product Widget Chooser

CVE-2019-7861 HIGH

Magento <2.1.18-2.3.2 - Auth Bypass

CVE-2019-7860 HIGH

Magento <2.1.18-2.3.2 - Info Disclosure

CVE-2019-7859 HIGH

Magento <2.1.18-2.3.2 - Path Traversal

CVE-2019-7858 HIGH

Magento <2.1.18-2.3.2 - Info Disclosure

CVE-2019-7857 MEDIUM

Magento 2.1.0-2.1.17, 2.2.0-2.2.8 - Cross-Site Request Forgery via Insufficient Anti-CSRF Token

CVE-2019-7855 MEDIUM

Magento <2.1.18-2.3.2 - Info Disclosure

CVE-2019-7854 HIGH

Magento <2.1.18-2.3.2 - Info Disclosure

CVE-2019-7853 MEDIUM

Magento 2.1.0-2.1.17 - Authenticated Stored Cross-Site Scripting in Tax Notifications Configuration

CVE-2019-7852 MEDIUM

Magento <2.1.18-2.3.2 - Info Disclosure

CVE-2019-7851 MEDIUM

Magento 2.1.0-2.1.17 - Cross-Site Request Forgery

CVE-2019-7849 HIGH

Magento <1.9.4.2, <1.14.4.2, <2.1.18, <2.2.9, <2.3.2 - Info Disclosure

CVE-2019-7139 CRITICAL NUCLEI

Magento <2.1.18-2.3.2 - SQL Injection

CVE-2018-5301 MEDIUM

Magento < 2.0.10 and 2.1.x < 2.1.2 - Cross-Site Request Forgery

CVE-2016-10704 MEDIUM

Magento < 2.0.10 and 2.1.x < 2.1.2 - Cross-Site Scripting via Email Template Preview

CVE-2016-6485 HIGH

Magento 2 - Use of a Broken or Risky Cryptographic Algorithm in Framework/Encryption/Crypt.php

CVE-2016-4010 CRITICAL

Magento < 2.0.6 - Unauthenticated PHP Object Injection via Serialized Shopping Cart Data

CVE-2016-2212 MEDIUM

Magento < 1.9.2.2 and < 1.14.2.2 - Exposure of Sensitive Order Information via RSS Feed Request

CVE-2015-6497 HIGH

Magento < 1.9.2.1 and < 1.14.2.1 - Authenticated Remote Code Execution via Product API

CVE-2015-8707 CRITICAL

Magento < 1.9.2.1 and < 1.14.2.1 - Exposure of Sensitive Information via Password Reset Token

Magento CE/EE <1.9.1.0-1.14.1.0 - Command Injection

Magento CE/EE <1.9.1.0-1.14.1.0 - Auth Bypass

Previous Page 15 of 16 Next

Products

community-edition 355 magento 221 project-community-edition 161 core 24 product-community-edition 4 advanced_newsletter 1 magento1ce 1 magento1ee 1 magento2 1 upward_connector 1 upward_php 1

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy