CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1114 matches found

OSV•added 2021/02/11 8:15 p.m.•19 views

CVE-2021-21025

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to XML injection in the product layout updates. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful...

9.1CVSS7.5AI score

Exploits0References1

OSV•added 2021/02/11 8:15 p.m.•16 views

CVE-2021-21023

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to a stored cross-site scripting vulnerability in the admin console. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Access to the admin console is required...

4.8CVSS5.9AI score

Exploits0References1

NVD•added 2021/02/11 8:15 p.m.•12 views

CVE-2021-21026

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are affected by an improper authorization vulnerability in the integrations module. Successful exploitation could lead to unauthorized access to restricted resources by an unauthenticated attacker. Access to the admin...

5.3CVSS0.00679EPSS

Exploits0References1

NVD•added 2021/02/11 8:15 p.m.•11 views

CVE-2021-21024

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are affected by a blind SQL injection vulnerability in the Search module. Successful exploitation could lead to unauthorized access to restricted resources by an unauthenticated attacker. Access to the admin console is...

9.1CVSS0.02071EPSS

Exploits0References1

NVD•added 2021/02/11 8:15 p.m.•15 views

CVE-2021-21025

9.1CVSS0.04724EPSS

Exploits0References1

OSV•added 2021/02/11 8:15 p.m.•22 views

CVE-2021-21019

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to XML injection in the Widgets module. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation...

9.1CVSS7.5AI score

Exploits0References1

OSV•added 2021/02/11 8:15 p.m.•15 views

CVE-2021-21024

9.1CVSS7.5AI score

Exploits0References1

OSV•added 2021/02/11 8:15 p.m.•14 views

CVE-2021-21015

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to an OS command injection via the customer attribute save controller. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required...

8CVSS7.7AI score

Exploits0References1

NVD•added 2021/02/11 8:15 p.m.•16 views

CVE-2021-21015

8.5CVSS0.04856EPSS

Exploits0References1

NVD•added 2021/02/11 8:15 p.m.•12 views

CVE-2021-21016

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to OS command injection via the WebAPI. Successful exploitation could lead to remote code execution by an authenticated attacker. Access to the admin console is required for successful exploitation...

9.1CVSS0.04449EPSS

Exploits0References1

OSV•added 2021/02/11 8:15 p.m.•11 views

CVE-2021-21016

9.1CVSS7.8AI score

Exploits0References1

Prion•added 2021/02/11 8:15 p.m.•17 views

Command injection

9CVSS9.3AI score0.04449EPSS

Exploits0References1Affected Software1

Prion•added 2021/02/11 8:15 p.m.•21 views

Cross site scripting

3.5CVSS5.4AI score0.03783EPSS

Exploits0References1Affected Software1

Prion•added 2021/02/11 8:15 p.m.•20 views

Cross site scripting

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are affected by a Reflected Cross-site Scripting vulnerability via 'file' parameter. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Access to the admin console is required...

3.5CVSS5.6AI score0.43501EPSS

Exploits1References1Affected Software1

Prion•added 2021/02/11 8:15 p.m.•20 views

Design/Logic Flaw

6.5CVSS9.2AI score0.04035EPSS

Exploits0References1Affected Software1

Prion•added 2021/02/11 8:15 p.m.•20 views

Command injection

8.5CVSS8.4AI score0.04856EPSS

Exploits0References1Affected Software1

Prion•added 2021/02/11 8:15 p.m.•27 views

Command injection

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to OS command injection via the scheduled operation module. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for...

9CVSS9.3AI score0.06906EPSS

Exploits0References1Affected Software1

Prion•added 2021/02/11 8:15 p.m.•18 views

Design/Logic Flaw

6.5CVSS9.2AI score0.04724EPSS

Exploits0References1Affected Software1

Prion•added 2021/02/11 8:15 p.m.•16 views

Authorization

4CVSS5.9AI score0.00679EPSS

Exploits0References1Affected Software1

Prion•added 2021/02/11 8:15 p.m.•17 views

Authentication flaw

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier do not adequately invalidate user sessions. Successful exploitation could lead to unauthorized access to restricted resources. Access to the admin console is not required for successful exploitation...

7.5CVSS6.1AI score0.00171EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by