Lucene search
K

18 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.9 views

CVE-2026-42458

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, there is a reflected XSS vulnerability under admin panel - System - Import/Export -...

5.3CVSS5.4AI score0.00258EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.9 views

CVE-2026-40098

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the shared wishlist add-to-cart endpoint authorizes access with a public...

5.4CVSS5.5AI score0.00176EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.16 views

CVE-2026-25524

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, PHP functions such as getimagesize, fileexists, and isreadable can trigger...

8.1CVSS6AI score0.00539EPSS
Exploits1References1
NVD
NVD
added 2026/05/15 5:16 p.m.13 views

CVE-2026-42207

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, MageProductAlertAddController::stockAction reads the uenc query parameter and passes...

6.1CVSS0.00149EPSS
Exploits0References1
NVD
NVD
added 2026/05/15 5:16 p.m.16 views

CVE-2026-42458

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, there is a reflected XSS vulnerability under admin panel - System - Import/Export -...

5.3CVSS0.00258EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/15 5:5 p.m.12 views

CVE-2026-42155 Magento LTS: Weak API Session ID — Predictable MD5 of Time-Derived Inputs

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, the XML-RPC / SOAP API session ID is generated using an outdated, time-based...

9.3CVSS5.9AI score0.00267EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.17 views

magento-lts 安全漏洞

Magento LTS is an open-source alternative to OpenMage, and it’s a reliable substitute for the official Magento CE version. Versions of Magento LTS prior to 20.18.0 had security vulnerabilities; these vulnerabilities stemmed from reflection-type cross-site scripting vulnerabilities in the data...

5.3CVSS5.7AI score0.00258EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.6 views

PT-2026-33796

Name of the Vulnerable Software and Affected Versions Magento Long Term Support LTS versions prior to 20.17.0 Description PHP functions such as getimagesize, file exists, and is readable can trigger deserialization when processing phar:// stream wrapper paths. The software uses these functions wi...

8.1CVSS6.1AI score0.00539EPSS
Exploits1References9
NVD
NVD
added 2026/02/04 10:15 p.m.33 views

CVE-2026-25523

Magento-lts is a long-term support alternative to Magento Community Edition CE. Prior to version 20.16.1, the admin url can be discovered without prior knowledge of it's location by exploiting the X-Original-Url header on some configurations. This issue has been patched in version 20.16.1...

5.3CVSS0.00289EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/04 9:21 p.m.7 views

EUVD-2026-5330

Magento-lts is a long-term support alternative to Magento Community Edition CE. Prior to version 20.16.1, the admin url can be discovered without prior knowledge of it's location by exploiting the X-Original-Url header on some configurations. This issue has been patched in version 20.16.1...

5.3CVSS5.4AI score0.00289EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.9 views

magento-lts 信息泄露漏洞

Magento-LTS is an open-source alternative to OpenMage, designed as a reliable substitute for the official Magento CE version. Versions of Magento-LTS prior to 20.16.1 contained an information leakage vulnerability. This vulnerability stemmed from the ability to exploit the X-Original-Url header...

5.3CVSS5.8AI score0.00289EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/06 12:0 a.m.4 views

magento-lts 安全漏洞

magento-lts is an OpenMage open source reliable replacement for the official version of Magento CE. A security vulnerability exists in magento-lts version 20.15.0 and earlier, which stems from unescaped translation strings and URLs being printed to a specific context, potentially leading to a...

4.8CVSS5.8AI score0.00216EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/11/03 12:0 a.m.7 views

PT-2025-44806

Name of the Vulnerable Software and Affected Versions Magento-lts versions 20.15.0 and below OpenMage versions 20.15.0 and earlier Description Magento-lts and OpenMage are affected by a stored Cross-Site Scripting XSS issue. An administrator with direct database access or access to the admin...

4.8CVSS5.7AI score0.00216EPSS
Exploits1References12
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-5563

Malicious code in bioql PyPI...

2.9CVSS6.3AI score0.00248EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/03/02 4:23 p.m.24 views

CVE-2025-27400

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Versions prior to 20.12.3 and 20.13.0 contain a vulnerability that allows script execution in the admi...

2.9CVSS3.5AI score0.00248EPSS
Exploits0References1
NVD
NVD
added 2025/02/28 4:15 p.m.14 views

CVE-2025-27400

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Versions prior to 20.12.3 and 20.13.0 contain a vulnerability that allows script execution in the admi...

2.9CVSS0.00248EPSS
Exploits0References4
CVE
CVE
added 2025/02/28 3:26 p.m.82 views

CVE-2025-27400

Summary: CVE-2025-27400 affects OpenMage/magento-lts (Magento LTS) with a stored XSS in the admin panel via the Design > Themes > Skin (Images / CSS) config field. Affected versions: prior to 20.12.3 and prior to 20.13.0 contain the vulnerability (one source notes 20.13.1 as patched in some...

2.9CVSS3.4AI score0.00248EPSS
Exploits0References4
OSV
OSV
added 2025/02/28 3:26 p.m.9 views

CVE-2025-27400 Magento vulnerable to stored XSS in theme config fields

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Versions prior to 20.12.3 and 20.13.0 contain a vulnerability that allows script execution in the admi...

2.9CVSS5.8AI score0.00248EPSS
Exploits0References6
Rows per page
Query Builder