CVE-2026-45247

Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted...

CVE-2026-45247

Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted...

Mirasvit Full Page Cache Warmer for Magento 2 代码问题漏洞

Mirasvit Full Page Cache Warmer for Magento 2 is a caching preheating extension developed by the American company Mirasvit for Magento 2. Versions prior to 1.11.12 of Mirasvit Full Page Cache Warmer for Magento 2 contained a code vulnerability. This vulnerability stemmed from the lack of...

PT-2026-43258

Name of the Vulnerable Software and Affected Versions Mirasvit Full Page Cache Warmer for Magento 2 versions prior to 1.11.12 Description An issue exists where unauthenticated attackers can achieve remote code execution by providing a crafted serialized PHP object within the CacheWarmer cookie...

PT-2026-30513

Name of the Vulnerable Software and Affected Versions elgentos magento2-dev-mcp versions up to 1.0.2 Description A flaw exists in elgentos magento2-dev-mcp up to version 1.0.2 due to a command injection issue within the executeMagerun2Command function located in the src/index.ts file. This...

Magento 2 Development MCP Server 操作系统命令注入漏洞

Magento 2 Development MCP Server is an open-source AI assistant integrated tool developed by elgentos commerce & configurators for Magento 2. Versions of Magento 2 Development MCP Server prior to 1.0.2 contained a vulnerability related to operating system command injection. This vulnerability...

Algolia Search & Discovery for Magento 2 Has Untrusted Data Handling

Impact Versions of the Algolia Search & Discovery extension for Magento 2 prior to 3.17.2 and 3.16.2 contain a vulnerability where data read from the database was treated as a trusted source during job execution. If an attacker is able to modify records used by the extension’s indexing queue, thi...

EUVD-2026-2423

Algolia Search & Discovery for Magento 2 Has Untrusted Data Handling...

CVE-2021-33353

Directory Traversal vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via the file attachment directory setting...

CVE-2022-35501

Stored Cross-site Scripting XSS exists in the Amasty Blog Pro 2.10.3 and 2.10.4 plugin for Magento 2 because of the duplicate post function...

CVE-2020-12635

XSS exists in the WebForms Pro M2 extension before 2.9.17 for Magento 2 via the textarea field...

CVE-2019-7936

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify content block titles to inject malicious javascript...

EUVD-2021-20058

Malware in sbrugna...

EUVD-2019-0736

Malware in sbrugna...

EUVD-2020-4936

Malware in sbrugna...

EUVD-2021-20060

Malware in sbrugna...

EUVD-2022-3044

Malicious code in bioql PyPI...

EUVD-2022-3629

Malicious code in bioql PyPI...

EUVD-2022-3669

Malicious code in bioql PyPI...

EUVD-2022-39145

Malicious code in bioql PyPI...