CVE-2019-7887

A reflected cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 when the feature that adds a secret key to the Admin URL is...

EUVD-2009-0545

Malware in sbrugna...

EUVD-2022-4309

Malicious code in bioql PyPI...

EUVD-2022-2593

Malicious code in bioql PyPI...

CVE-2019-8124

An insufficient logging and monitoring vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Failure to track admin actions related to design configuration could lead to repudiation attacks...

CVE-2019-8113

Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 uses cryptographically weak random number generator to brute-force the confirmation code for customer registration...

Vulnerabilities fixed in Adobe Commerce and Magento

Adobe has fixed vulnerabilities in Commerce and Magento. The vulnerabilities allow a malicious person to launch attacks that result in the following categories of damage: Circumvention of security measure Accessing sensitive data Access to system data Increased user privileges Remote code executi...

CVE-2019-7860

Magento 2.x releases before 2.1.18, 2.2 before 2.2.9, and 2.3 before 2.3.2 are affected by a cryptographically weak PRNG used in security-relevant contexts. The root cause is insufficient randomness in generation routines across multiple components, which can undermine cryptographic operations an...

Magento 2.x Multiple Vulnerabilities (Mar 2019)

Magento 2.x is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:magentocommerce:magento"; if...