CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Wednesday added a critical flaw impacting Mirasvit Cache Warmer, a popular Magento full-page cache extension, to its Known Exploited Vulnerabilities KEV catalog, following reports of active exploitation in the wild. The...

GHSA-595P-G7XC-C333 Algolia Search & Discovery for Magento 2 Has Untrusted Data Handling

Impact Versions of the Algolia Search & Discovery extension for Magento 2 prior to 3.17.2 and 3.16.2 contain a vulnerability where data read from the database was treated as a trusted source during job execution. If an attacker is able to modify records used by the extension’s indexing queue, thi...

Arbitrary Code Injection

Overview algolia/algoliasearch-magento-2 is an Algolia Search & Discovery extension for Magento 2 Affected versions of this package are vulnerable to Arbitrary Code Injection via the job execution process. An attacker can execute arbitrary PHP code by injecting malicious data into the database...

Algolia Search & Discovery for Magento 2 Has Untrusted Data Handling

Versions of the Algolia Search & Discovery extension for Magento 2 prior to 3.17.2 and 3.16.2 contain a vulnerability where data read from the database was treated as a trusted source during job execution. If an attacker is able to modify records used by the extension’s indexing queue, this could...

CVE-2021-33352

An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message field...

EUVD-2021-20059

Malware in sbrugna...

EUVD-2014-1708

Malware in sbrugna...

CVE-2014-1634

SQL Injection exists in Advanced Newsletter Magento extension before 2.3.5 via the /store/advancednewsletter/index/subscribeajax/ancategoryid/ PATHINFO...

CVE-2021-33352

An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message field...

Wyomind Magento 跨站脚本漏洞

Wyomind Magento is a ticketing system from Wyomind. A security vulnerability exists in Wyomind Help Desk Magento 2 extension version v.1.3.6 and prior versions. An attacker can exploit the vulnerability to elevate privileges via a specially crafted payload in the ticket message field...

CVE-2014-1634

SQL Injection exists in Advanced Newsletter Magento extension before 2.3.5 via the /store/advancednewsletter/index/subscribeajax/ancategoryid/ PATHINFO...

Sql injection

SQL Injection exists in Advanced Newsletter Magento extension before 2.3.5 via the /store/advancednewsletter/index/subscribeajax/ancategoryid/ PATHINFO...

CVE-2014-1634

The CVE-2014-1634 entry concerns the Magento extension Advanced Newsletter, vulnerable before version 2.3.5. The underlying issue is SQL Injection in the extension via the PATH_INFO endpoint /store/advancednewsletter/index/subscribeajax/an_category_id/. The CVSS 3.1 metrics show a CRITICAL base s...

SEC Consult SA-20121017-1 :: Unirgy uStoreLocator SQL Injection - Magento extension

SEC Consult Vulnerability Lab Security Advisory 20121017-1 ======================================================================= title: SQL Injection product: Unirgy uStoreLocator - Magento extension vulnerable version: =2.0.0 fixed version: =2.0.1 impact: High homepage: http://www.unirgy.com/...

Unirgy uStoreLocator Magento Extension SQL Injection

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: SQL Injection product: Unirgy uStoreLocator - Magento extension vulnerable version: =2.0.1 impact: High homepage: http://www.unirgy.com/ found: 2012-06-18 by: K...