magento
380 tracked vulnerabilities.
CVE-2021-21014
CRITICAL
Magento <2.4.1-2.3.6 - Authenticated RCE
Feb 11, 2021
CVSS 9.1
EPSS 0.00
CVE-2021-21032
MEDIUM
Magento <2.4.1, <2.4.0-p1, <2.3.6 - Info Disclosure
Feb 11, 2021
CVSS 5.6
EPSS 0.00
CVE-2021-21031
MEDIUM
Magento <2.4.1-2.3.6 - Info Disclosure
Feb 11, 2021
CVSS 5.6
EPSS 0.00
CVE-2021-21030
HIGH
Magento < 2.3.6 - Stored Cross-Site Scripting in Customer Address Upload Feature
Feb 11, 2021
CVSS 8.1
EPSS 0.06
CVE-2021-21029
MEDIUM
Magento < 2.3.6-p1 - Authenticated Reflected Cross-Site Scripting via File Parameter
Feb 11, 2021
CVSS 4.8
EPSS 0.44
CVE-2021-21027
MEDIUM
Magento < 2.3.6 - Unauthenticated Cross-Site Request Forgery via GraphQL API
Feb 11, 2021
CVSS 4.3
EPSS 0.00
CVE-2021-21026
MEDIUM
Magento <2.4.1, 2.4.0-p1, 2.3.6 - Auth Bypass
Feb 11, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-21025
CRITICAL
Magento <2.4.1-2.3.6 - Code Injection
Feb 11, 2021
CVSS 9.1
EPSS 0.05
CVE-2021-21024
CRITICAL
Magento <2.4.1, 2.4.0-p1, 2.3.6 - SQL Injection
Feb 11, 2021
CVSS 9.1
EPSS 0.02
CVE-2021-21023
MEDIUM
Magento < 2.3.6 - Authenticated Stored Cross-Site Scripting in Admin Console
Feb 11, 2021
CVSS 4.8
EPSS 0.04
CVE-2021-21022
MEDIUM
Magento < 2.3.6 - Insecure Direct Object Reference in Product Module
Feb 11, 2021
CVSS 5.3
EPSS 0.00
CVE-2021-21020
MEDIUM
Magento <2.4.1, <2.4.0-p1, <2.3.6 - Auth Bypass
Feb 11, 2021
CVSS 5.3
EPSS 0.00
CVE-2021-21019
CRITICAL
Magento <2.4.1-2.3.6 - Code Injection
Feb 11, 2021
CVSS 9.1
EPSS 0.04
CVE-2021-21018
CRITICAL
Magento <2.4.1-2.3.6 - Command Injection
Feb 11, 2021
CVSS 9.1
EPSS 0.07
CVE-2021-21016
CRITICAL
Magento <2.4.1-2.3.6 - Command Injection
Feb 11, 2021
CVSS 9.1
EPSS 0.04
CVE-2021-21015
HIGH
Magento <2.4.1-2.3.6 - Command Injection
Feb 11, 2021
CVSS 8.0
EPSS 0.05
CVE-2020-24407
CRITICAL
Magento < 2.3.5 and 2.4.0 - Authenticated Arbitrary File Upload via Import Component
Nov 09, 2020
CVSS 9.1
EPSS 0.03
CVE-2020-24406
LOW
Magento <2.4.0, 2.3.4 - Info Disclosure
Nov 09, 2020
CVSS 3.7
EPSS 0.00
CVE-2020-24405
MEDIUM
Magento <2.4.0, 2.3.5p1 - Privilege Escalation
Nov 09, 2020
CVSS 4.3
EPSS 0.00
CVE-2020-24404
LOW
Magento <2.4.0, 2.3.5p1 - Privilege Escalation
Nov 09, 2020
CVSS 2.7
EPSS 0.00
CVE-2020-24403
LOW
Magento <2.4.0, 2.3.5p1 - Privilege Escalation
Nov 09, 2020
CVSS 2.7
EPSS 0.00
CVE-2020-24402
MEDIUM
Magento <2.4.0, 2.3.5p1 - Privilege Escalation
Nov 09, 2020
CVSS 4.9
EPSS 0.00
CVE-2020-24401
MEDIUM
Magento <2.4.0-2.3.5p1 - Auth Bypass
Nov 09, 2020
CVSS 6.5
EPSS 0.00
CVE-2020-24400
HIGH
Magento <2.4.0-2.3.5 - SQL Injection
Nov 09, 2020
CVSS 7.1
EPSS 0.00
CVE-2020-24408
MEDIUM
Magento < 2.3.4 and 2.4.0 - Unauthenticated Stored Cross-Site Scripting via File Upload
Oct 16, 2020
CVSS 6.1
EPSS 0.01