CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1114 matches found

NVD•added 2021/06/28 2:15 p.m.•12 views

CVE-2021-28584

Magento versions 2.4.2 and earlier, 2.4.1-p1 and earlier and 2.3.6-p1 and earlier are affected by a Path Traversal vulnerability when creating a store with child theme.Successful exploitation could lead to arbitrary file system write by an authenticated attacker. Access to the admin console is...

7.2CVSS0.00574EPSS

Exploits0References1

OSV•added 2021/06/28 2:15 p.m.•22 views

CVE-2021-28584

7.2CVSS6.5AI score

Exploits0References1

NVD•added 2021/06/28 2:15 p.m.•8 views

CVE-2021-28563

Magento versions 2.4.2 and earlier, 2.4.1-p1 and earlier and 2.3.6-p1 and earlier are affected by an Improper Authorization vulnerability via the 'Create Customer' endpoint. Successful exploitation could lead to unauthorized modification of customer data by an unauthenticated attacker. Access to...

6.5CVSS0.00257EPSS

Exploits0References1

Prion•added 2021/06/28 2:15 p.m.•16 views

Authorization

6.4CVSS6.4AI score0.00257EPSS

Exploits0References1Affected Software1

Prion•added 2021/06/28 2:15 p.m.•18 views

Path traversal

6.5CVSS6.7AI score0.00574EPSS

Exploits0References1Affected Software1

Cvelist•added 2021/06/28 1:49 p.m.•12 views

CVE-2021-28584 Magento Commerce path traversal vulnerability in child theme store creation

5.4CVSS6.9AI score0.00574EPSS

Exploits0References1

CVE•added 2021/06/28 1:49 p.m.•58 views

CVE-2021-28584

CVE-2021-28584 is a Magento path-traversal vulnerability affecting Magento Commerce/Open Source versions up to 2.4.2, 2.4.1-p1, and 2.3.6-p1. An authenticated admin can exploit a flaw when creating a store with a child theme to perform arbitrary file-system writes. The impact is authenticated acc...

7.2CVSS5.9AI score0.00574EPSS

Exploits0References1Affected Software1

CVE•added 2021/06/28 1:45 p.m.•111 views

CVE-2021-28563

Magento Commerce/Open Source prior to 2.4.3 (specifically 2.4.2 and earlier, 2.4.1-p1 and earlier, 2.3.6-p1 and earlier) is affected by an Improper Authorization vulnerability via the Create Customer endpoint. An unauthenticated attacker could cause unauthorized modification of customer data, wit...

6.5CVSS6.2AI score0.00257EPSS

Exploits0References1Affected Software1

Cvelist•added 2021/06/28 1:45 p.m.•15 views

CVE-2021-28563 Magento Commerce improper Authorization via the 'Create Customer' endpoint

6.5CVSS6.5AI score0.00257EPSS

Exploits0References1

Github Security Blog•added 2021/05/25 6:45 p.m.•71 views

Cross-site Scripting in Wildfly

A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity...

4.8CVSS5.6AI score0.00284EPSS

Exploits0References3Affected Software1

OSV•added 2021/05/25 6:45 p.m.•40 views

GHSA-V2WX-JJ66-2HP7 Cross-site Scripting in Wildfly

3.8CVSS5.2AI score0.00284EPSS

Exploits0References2

OSV•added 2021/05/20 1:15 p.m.•27 views

CVE-2021-3536

4.8CVSS6.4AI score

Exploits0References1

Prion•added 2021/05/20 1:15 p.m.•27 views

Design/Logic Flaw

3.5CVSS5.2AI score0.00284EPSS

Exploits0References1Affected Software5

CVE•added 2021/05/20 12:15 p.m.•272 views

CVE-2021-3536

CVE-2021-3536 concerns WildFly/JBoss EAP domain-mode admin console vulnerability allowing XSS via the name field when creating roles, affecting Confidentiality and Integrity. Affected software is WildFly (prior to 23.0.2.Final). The issue arises in the domain mode role-creation flow and can be tr...

4.8CVSS5AI score0.00284EPSS

Exploits0References1Affected Software9

Cvelist•added 2021/05/20 12:15 p.m.•22 views

CVE-2021-3536

5.7AI score0.00284EPSS

Exploits0References1

Positive Technologies•added 2021/05/20 12:0 a.m.•2 views

PT-2021-20899 · Red Hat · Wildfly

Name of the Vulnerable Software and Affected Versions: Wildfly versions prior to 23.0.2.Final Description: A flaw was found in Wildfly while creating a new role in domain mode via the admin console, allowing a payload to be added in the name field, leading to XSS. This affects Confidentiality and...

4.8CVSS4.7AI score0.00284EPSS

Exploits0References8

ATTACKERKB•added 2021/05/11 11:0 p.m.•3 views

CVE-2021-28563

6.5CVSS5.4AI score0.00257EPSS

Exploits0References2

ATTACKERKB•added 2021/05/11 11:0 p.m.•3 views

CVE-2021-28566

Magento versions 2.4.2 and earlier, 2.4.1-p1 and earlier and 2.3.6-p1 and earlier are vulnerable to an Information Disclosure vulnerability when uploading a modified png file to a product image. Successful exploitation could lead to the disclosure of document root path by an unauthenticated...

4CVSS5.4AI score0.00731EPSS

Exploits0References2

Positive Technologies•added 2021/05/11 12:0 a.m.•1 views

PT-2021-3425 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.2 and earlier Magento versions 2.4.1-p1 and earlier Magento versions 2.3.6-p1 and earlier Description: The issue is related to insufficient input validation, which could allow a remote attacker to access confidential...

4CVSS4.2AI score0.00731EPSS

Exploits0References11

Positive Technologies•added 2021/05/11 12:0 a.m.•2 views

PT-2021-3431 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.2 and earlier Magento versions 2.4.1-p1 and earlier Magento versions 2.3.6-p1 and earlier Description: The issue is related to an Improper Authorization vulnerability via the "Create Customer" endpoint. Successful...

6.5CVSS5.5AI score0.00257EPSS

Exploits0References11

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by