magento

380 tracked vulnerabilities.

CVE-2020-15151 HIGH
OpenMage LTS <19.4.6, 20.0.2 - CSRF
Aug 20, 2020
CVSS 8.0
EPSS 0.00
CVE-2020-9692 MEDIUM
Magento < 2.3.5-p2 - Security Mitigation Bypass leading to Arbitrary Code Execution
Jul 29, 2020
CVSS 6.5
EPSS 0.02
CVE-2020-9691 CRITICAL
Magento < 2.3.5-p2 - DOM-Based Cross-Site Scripting
Jul 29, 2020
CVSS 9.6
EPSS 0.03
CVE-2020-9690 MEDIUM
Magento < 2.3.5-p2 - Observable Timing Discrepancy
Jul 29, 2020
CVSS 4.2
EPSS 0.00
CVE-2020-9689 MEDIUM
Magento < 2.3.5-p2 - Path Traversal and Arbitrary Code Execution
Jul 29, 2020
CVSS 6.5
EPSS 0.01
CVE-2020-9665 MEDIUM
Magento < 1.9.4.5 and < 1.14.4.5 - Stored Cross-Site Scripting
Jul 22, 2020
CVSS 6.1
EPSS 0.01
CVE-2020-9664 CRITICAL
Magento < 1.9.4.5 and < 1.14.4.5 - Remote Code Execution via PHP Object Injection
Jul 22, 2020
CVSS 9.8
EPSS 0.16
CVE-2020-9632 CRITICAL
Magento <2.3.4, <2.2.11, <1.14.4.4, <1.9.4.4 - RCE
Jun 26, 2020
CVSS 9.8
EPSS 0.08
CVE-2020-9631 CRITICAL
Magento <2.3.4, <2.2.11, <1.14.4.4, <1.9.4.4 - RCE
Jun 26, 2020
CVSS 9.8
EPSS 0.08
CVE-2020-9630 CRITICAL
Magento < 1.9.4.5, < 1.14.4.5, < 2.2.11, <= 2.3.4 - Privilege Escalation
Jun 26, 2020
CVSS 9.8
EPSS 0.01
CVE-2020-9591 HIGH
Magento <2.3.4-1.9.4.4 - Privilege Escalation
Jun 26, 2020
CVSS 7.5
EPSS 0.01
CVE-2020-9588 HIGH
Magento < 1.9.4.5, < 1.14.4.4, 2.2.0-2.2.11, < 2.3.4-p2 - Observable Timing Discrepancy
Jun 26, 2020
CVSS 7.2
EPSS 0.01
CVE-2020-9587 HIGH
Magento <2.3.4, <2.2.11, <1.14.4.4, <1.9.4.4 - Auth Bypass
Jun 26, 2020
CVSS 7.5
EPSS 0.01
CVE-2020-9585 CRITICAL
Magento <2.3.4, <2.2.11, <1.14.4.4, <1.9.4.4 - RCE
Jun 26, 2020
CVSS 9.8
EPSS 0.06
CVE-2020-9584 MEDIUM
Magento < 1.9.4.5, 1.14.4.4, 2.2.11, 2.3.4-p2 - Stored Cross-Site Scripting
Jun 26, 2020
CVSS 5.4
EPSS 0.00
CVE-2020-9583 CRITICAL
Magento < 1.9.4.5, 1.14.4.4, 2.2.11, 2.3.4 - Remote Code Execution
Jun 26, 2020
CVSS 9.8
EPSS 0.03
CVE-2020-9582 CRITICAL
Magento < 1.9.4.5, 1.14.4.4, 2.2.11, 2.3.4-p2 - Remote Code Execution
Jun 26, 2020
CVSS 9.8
EPSS 0.03
CVE-2020-9581 MEDIUM
Magento < 1.9.4.5, < 1.14.4.4, < 2.2.11, <= 2.3.4 - Stored Cross-Site Scripting
Jun 26, 2020
CVSS 6.1
EPSS 0.00
CVE-2020-9580 CRITICAL
Magento < 1.9.4.5, < 1.14.4.5, < 2.2.11, <= 2.3.4 - Security Mitigation Bypass leading to Arbitrary Code Execution
Jun 26, 2020
CVSS 9.8
EPSS 0.06
CVE-2020-9579 CRITICAL
Magento <2.3.4, <2.2.11, <1.14.4.4, <1.9.4.4 - RCE
Jun 26, 2020
CVSS 9.8
EPSS 0.06
CVE-2020-9578 CRITICAL
Magento < 1.9.4.5, < 1.14.4.4, < 2.2.11, <= 2.3.4 - Remote Code Execution
Jun 26, 2020
CVSS 9.8
EPSS 0.03
CVE-2020-9577 MEDIUM
Magento < 1.9.4.5, 1.14.4.4, 2.2.11, 2.3.4-p2 - Stored Cross-Site Scripting
Jun 26, 2020
CVSS 6.1
EPSS 0.00
CVE-2020-9576 CRITICAL
Magento < 1.9.4.5, 1.14.4.4, 2.2.11, 2.3.4-p2 - Remote Code Execution
Jun 26, 2020
CVSS 9.8
EPSS 0.03
CVE-2020-3758 MEDIUM
Magento <2.3.3, <2.2.10, <1.14.4.3, <1.9.4.3 - XSS
Jan 29, 2020
CVSS 6.1
EPSS 0.00
CVE-2020-3719 HIGH
Magento <2.3.3, <2.2.10, <1.14.4.3, <1.9.4.3 - SQL Injection
Jan 29, 2020
CVSS 7.5
EPSS 0.01
Products
community-edition 355 magento 221 project-community-edition 161 core 24 product-community-edition 4 advanced_newsletter 1 magento1ce 1 magento1ee 1 magento2 1 upward_connector 1 upward_php 1
Quick Filters
Critical CVEs With Exploits In CISA KEV