Lucene search
K

27 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.8 views

CVE-2026-42458

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, there is a reflected XSS vulnerability under admin panel - System - Import/Export -...

5.3CVSS5.4AI score0.00258EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.9 views

CVE-2026-40098

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the shared wishlist add-to-cart endpoint authorizes access with a public...

5.4CVSS5.5AI score0.00176EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.13 views

CVE-2026-25524

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, PHP functions such as getimagesize, fileexists, and isreadable can trigger...

8.1CVSS6AI score0.00539EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.10 views

CVE-2026-42155

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, the XML-RPC / SOAP API session ID is generated using an outdated, time-based...

9.3CVSS5.5AI score0.00267EPSS
Exploits0References1
NVD
NVD
added 2026/05/15 5:16 p.m.13 views

CVE-2026-42207

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, MageProductAlertAddController::stockAction reads the uenc query parameter and passes...

6.1CVSS0.00149EPSS
Exploits0References1
NVD
NVD
added 2026/05/15 5:16 p.m.16 views

CVE-2026-42458

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, there is a reflected XSS vulnerability under admin panel - System - Import/Export -...

5.3CVSS0.00258EPSS
Exploits0References1
CVE
CVE
added 2026/05/15 5:6 p.m.14 views

CVE-2026-42207

OpenMage/magento-lts before version 20.18.0 is affected by an open redirect in Mage_ProductAlert_AddController::stockAction(). If the product_id does not reference a catalog product, the handler redirects to the URL supplied in the uenc parameter without validating it via _isUrlInternal(), allowi...

6.1CVSS5.8AI score0.00149EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/15 5:6 p.m.37 views

CVE-2026-42207 Magento LTS: Open Redirect via Unvalidated `uenc` Parameter in `stockAction()` - magento-lts

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, MageProductAlertAddController::stockAction reads the uenc query parameter and passes...

6.1CVSS0.00149EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/15 5:5 p.m.12 views

CVE-2026-42155 Magento LTS: Weak API Session ID — Predictable MD5 of Time-Derived Inputs

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, the XML-RPC / SOAP API session ID is generated using an outdated, time-based...

9.3CVSS5.9AI score0.00267EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/15 5:2 p.m.9 views

EUVD-2026-30575

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, there is a reflected XSS vulnerability under admin panel - System - Import/Export -...

5.3CVSS5.8AI score0.00258EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.17 views

magento-lts 安全漏洞

Magento LTS is an open-source alternative to OpenMage, and it’s a reliable substitute for the official Magento CE version. Versions of Magento LTS prior to 20.18.0 had security vulnerabilities; these vulnerabilities stemmed from reflection-type cross-site scripting vulnerabilities in the data...

5.3CVSS5.7AI score0.00258EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/20 4:11 p.m.3 views

CVE-2026-25524

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, PHP functions such as getimagesize, fileexists, and isreadable can trigger...

8.1CVSS6.1AI score0.00539EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.6 views

PT-2026-33796

Name of the Vulnerable Software and Affected Versions Magento Long Term Support LTS versions prior to 20.17.0 Description PHP functions such as getimagesize, file exists, and is readable can trigger deserialization when processing phar:// stream wrapper paths. The software uses these functions wi...

8.1CVSS6.1AI score0.00539EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2026/02/06 1:25 a.m.8 views

CVE-2026-25523

Magento-lts is a long-term support alternative to Magento Community Edition CE. Prior to version 20.16.1, the admin url can be discovered without prior knowledge of it's location by exploiting the X-Original-Url header on some configurations. This issue has been patched in version 20.16.1...

5.3CVSS5.3AI score0.00289EPSS
Exploits0References1
NVD
NVD
added 2026/02/04 10:15 p.m.20 views

CVE-2026-25523

Magento-lts is a long-term support alternative to Magento Community Edition CE. Prior to version 20.16.1, the admin url can be discovered without prior knowledge of it's location by exploiting the X-Original-Url header on some configurations. This issue has been patched in version 20.16.1...

5.3CVSS0.00289EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/04 9:21 p.m.8 views

CVE-2026-25523

Magento-lts is a long-term support alternative to Magento Community Edition CE. Prior to version 20.16.1, the admin url can be discovered without prior knowledge of it's location by exploiting the X-Original-Url header on some configurations. This issue has been patched in version 20.16.1...

5.3CVSS5.4AI score0.00289EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/02/04 9:21 p.m.7 views

EUVD-2026-5330

Magento-lts is a long-term support alternative to Magento Community Edition CE. Prior to version 20.16.1, the admin url can be discovered without prior knowledge of it's location by exploiting the X-Original-Url header on some configurations. This issue has been patched in version 20.16.1...

5.3CVSS5.4AI score0.00289EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.9 views

magento-lts 信息泄露漏洞

Magento-LTS is an open-source alternative to OpenMage, designed as a reliable substitute for the official Magento CE version. Versions of Magento-LTS prior to 20.16.1 contained an information leakage vulnerability. This vulnerability stemmed from the ability to exploit the X-Original-Url header...

5.3CVSS5.8AI score0.00289EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.8 views

PT-2026-6312

Name of the Vulnerable Software and Affected Versions Magento-lts versions prior to 20.16.1 Description Magento-lts is a long-term support alternative to Magento Community Edition CE. Prior to version 20.16.1, the admin URL can be discovered without prior knowledge of its location by exploiting t...

5.3CVSS5.4AI score0.00289EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/11/06 12:0 a.m.3 views

magento-lts 安全漏洞

magento-lts is an OpenMage open source reliable replacement for the official version of Magento CE. A security vulnerability exists in magento-lts version 20.15.0 and earlier, which stems from unescaped translation strings and URLs being printed to a specific context, potentially leading to a...

4.8CVSS5.8AI score0.00192EPSS
Exploits1References2
Rows per page
Query Builder