Lucene search
K

4287 matches found

Snyk
Snyk
added 2026/05/12 9:20 p.m.14 views

Improper Authorization

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Improper Authorization via improper authorization checks in the access control process. An attacker can gain unauthorized write access by tricking a user into visiting a...

5.3CVSS5.8AI score0.00393EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/12 9:20 p.m.15 views

Cross-site Scripting (XSS)

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the form fields. An attacker can execute arbitrary JavaScript in the context of a victim's browser by injecting malicious scripts, potentially...

8.7CVSS5.8AI score0.00402EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/12 9:20 p.m.12 views

Cross-site Scripting (XSS)

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the form fields process. An attacker can execute arbitrary JavaScript in the context of another user's browser session by injecting malicious...

4.8CVSS5.8AI score0.00274EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/12 9:20 p.m.15 views

Dependency on Vulnerable Third-Party Component

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Dependency on Vulnerable Third-Party Component through the use of a vulnerable third-party component. An attacker can cause the application to crash by sending specially...

8.7CVSS5.8AI score0.00508EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/12 9:20 p.m.13 views

Out-of-bounds Read

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Out-of-bounds Read in the input validation process. An attacker can gain unauthorized write access by tricking a user with high privileges into visiting a maliciously craft...

5.1CVSS5.8AI score0.00373EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/12 9:19 p.m.7 views

Dependency on Vulnerable Third-Party Component

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Dependency on Vulnerable Third-Party Component due to the use of a vulnerable third-party component. An attacker can cause the application to crash by sending specially...

6.9CVSS5.8AI score0.0062EPSS
Exploits0References2
Adobe
Adobe
added 2026/05/12 12:0 a.m.149 views

APSB26-49 : Security update available for Adobe Commerce

Adobe has released a security update for Adobe Commerce and Magento Open Source. This update resolves critical, important and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution, arbitrary file system write, application denial-of-service, and security feature...

6AI score
Exploits0Affected Software3
Github Security Blog
Github Security Blog
added 2026/05/06 8:57 p.m.11 views

Magento LTS: Reflected XSS - Import -> Data Flow (profiles)

A reflected XSS vulnerability was found under admin panel - System - Import/Export - Dataflow - Profiles. Steps to produce + Login to the admin panel + Go to the path System - Import/Export - Dataflow - Profiles + Select profile direction as Import. + Click on Import Customers + Upload the file...

5.3CVSS5.8AI score0.00258EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/06 8:57 p.m.4 views

GHSA-X8JV-Q8J2-487C Magento LTS: Reflected XSS - Import -> Data Flow (profiles)

A reflected XSS vulnerability was found under admin panel - System - Import/Export - Dataflow - Profiles. Steps to produce + Login to the admin panel + Go to the path System - Import/Export - Dataflow - Profiles + Select profile direction as Import. + Click on Import Customers + Upload the file...

5.3CVSS5.8AI score0.00258EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/06 8:57 p.m.7 views

Cross-site Scripting (XSS)

Overview openmage/magento-lts is a This repository is the home of an unofficial community-driven project. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the run process in the admin panel's import/export data flow profiles. An attacker can execute arbitrary scrip...

6.1CVSS5.8AI score0.00258EPSS
Exploits0References2
OSV
OSV
added 2026/05/05 8:11 p.m.6 views

GHSA-QPGQ-5G92-J5Q8 Magento LTS Vulnerable to Open Redirect via Unvalidated `uenc` Parameter in `stockAction()`

Summary MageProductAlertAddController::stockAction reads the uenc query parameter and passes it directly to $this-redirectUrl$backUrl without calling $this-isUrlInternal When the supplied productid does not match any catalog product, the server issues an unvalidated HTTP 302 redirect to whatever...

6.1CVSS6AI score0.00149EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/05 8:11 p.m.9 views

Magento LTS Vulnerable to Open Redirect via Unvalidated `uenc` Parameter in `stockAction()`

Summary MageProductAlertAddController::stockAction reads the uenc query parameter and passes it directly to $this-redirectUrl$backUrl without calling $this-isUrlInternal When the supplied productid does not match any catalog product, the server issues an unvalidated HTTP 302 redirect to whatever...

6.1CVSS6AI score0.00149EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/05/05 8:11 p.m.6 views

Open Redirect

Overview openmage/magento-lts is a This repository is the home of an unofficial community-driven project. Affected versions of this package are vulnerable to Open Redirect via the stockAction process. An attacker can redirect authenticated users to arbitrary external websites by supplying a craft...

6.1CVSS5.9AI score0.00149EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/05 7:35 p.m.10 views

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview openmage/magento-lts is a This repository is the home of an unofficial community-driven project. Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG in the start function. An attacker can gain unauthorized access to active...

9.4CVSS5.8AI score0.00267EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/26 12:0 a.m.6 views

PT-2026-35236

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Adobe Commerce/Magento affected versions not specified Description An inappropriate implementation in FoldableAPIs allows a remote attacker who has compromised the renderer process to bypass site...

9.6CVSS6.3AI score0.00985EPSS
Exploits0References435
EUVD
EUVD
added 2026/04/21 3:20 p.m.9 views

EUVD-2026-23903

OpenMage LTS: Cross-user wishlist import leads to private option & file disclosure...

5.3CVSS5.7AI score0.00176EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/21 2:35 p.m.11 views

OpenMage LTS has a Path Traversal Filter Bypass in Dataflow Module

The Dataflow module in OpenMage LTS uses a weak blacklist filter strreplace'../', '', $input to prevent path traversal attacks. This filter can be bypassed using patterns like ..././ or ....//, which after the replacement still result in ../. An authenticated administrator can exploit this to rea...

4.9CVSS5.9AI score0.00502EPSS
Exploits1References6Affected Software1
Snyk
Snyk
added 2026/04/20 7:31 p.m.5 views

Directory Traversal

Overview openmage/magento-lts is a This repository is the home of an unofficial community-driven project. Affected versions of this package are vulnerable to Directory Traversal through the files request parameter in the dataflow import parsers. An attacker with administrative privileges can read...

8.5CVSS6.6AI score0.00502EPSS
Exploits1References3
Snyk
Snyk
added 2026/04/20 7:31 p.m.3 views

Missing Authorization

Overview openmage/magento-lts is a This repository is the home of an unofficial community-driven project. Affected versions of this package are vulnerable to Missing Authorization through the MageWishlistSharedController shared wishlist item flow. An attacker can access or manipulate wishlist ite...

5.4CVSS5.5AI score0.00176EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/20 7:31 p.m.6 views

Arbitrary File Upload

Overview openmage/magento-lts is a This repository is the home of an unofficial community-driven project. Affected versions of this package are vulnerable to Arbitrary File Upload due to an incomplete blocklist in the file upload process. An attacker can execute arbitrary code on the server by...

8.8CVSS6.1AI score0.00691EPSS
Exploits1References2
Rows per page
Query Builder