CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

CVE-2026-45247

Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted...

9.8CVSS6.7AI score0.06149EPSS

Exploits0References1

The Hacker News•added 2 days ago•10 views

CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Wednesday added a critical flaw impacting Mirasvit Cache Warmer, a popular Magento full-page cache extension, to its Known Exploited Vulnerabilities KEV catalog, following reports of active exploitation in the wild. The...

9.8CVSS6.9AI score0.06149EPSS

Exploits0

CISA•added 2 days ago•3 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-45247link is external Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability This type of vulnerability is a frequent attack vector...

9.8CVSS5.8AI score0.06149EPSS

In wildExploits0References6

CISA KEV Catalog•added 2 days ago•8 views

Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability

Mirasvit Full Page Cache Warmer contains a deserialization of untrusted data vulnerability that could allow unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie...

9.8CVSS6.4AI score0.06149EPSS

In wildExploits0

Imperva Blog•added last week•12 views

Imperva Customers Protected Against CVE-2026-45247 in Mirasvit Full Page Cache Warmer for Magento

TL;DR: CVE-2026-45247 is a critical unauthenticated remote code execution RCE vulnerability affecting Mirasvit Full Page Cache Warmer for Magento 2. The flaw stems from unsafe PHP deserialization of attacker-controlled data supplied through the CacheWarmer cookie. Successful exploitation can allo...

9.8CVSS6.7AI score0.06149EPSS

Exploits0

VulnCheck KEV•added 2026/05/29 12:0 a.m.•60 views

VulnCheck KEV: CVE-2026-45247

9.8CVSS6.7AI score0.06149EPSS

In wildExploits0References3

NVD•added 2026/05/26 3:16 p.m.•6 views

CVE-2026-45247

9.8CVSS0.06149EPSS

Exploits0References5

Cvelist•added 2026/05/26 2:15 p.m.•36 views

CVE-2026-45247 Mirasvit Cache Warmer for Magento < 1.11.12 PHP Object Injection

9.8CVSS0.06149EPSS

Exploits0References3

ATTACKERKB•added 2026/05/26 2:15 p.m.•8 views

CVE-2026-45247

9.8CVSS6.7AI score0.06149EPSS

Exploits0References4

CVE•added 2026/05/26 2:15 p.m.•134 views

CVE-2026-45247

Summary: CVE-2026-45247 affects Mirasvit Full Page Cache Warmer for Magento 2 (pre‑1.11.12). The vulnerability arises from an unsafe PHP deserialization: a crafted serialized object placed in the CacheWarmer cookie is passed to PHP’s unserialize() without class restrictions, enabling unauthentica...

9.8CVSS6.7AI score0.06149EPSS

In wildExploits0References5Affected Software1

EUVD•added 2026/05/26 2:15 p.m.•7 views

EUVD-2026-31837

9.8CVSS6.7AI score0.06149EPSS

Exploits0References3

Vulnrichment•added 2026/05/26 2:15 p.m.•6 views

CVE-2026-45247 Mirasvit Cache Warmer for Magento < 1.11.12 PHP Object Injection

9.8CVSS6.7AI score0.06149EPSS

Exploits0References3

CNNVD•added 2026/05/26 12:0 a.m.•5 views

Mirasvit Full Page Cache Warmer for Magento 2 代码问题漏洞

Mirasvit Full Page Cache Warmer for Magento 2 is a caching preheating extension developed by the American company Mirasvit for Magento 2. Versions prior to 1.11.12 of Mirasvit Full Page Cache Warmer for Magento 2 contained a code vulnerability. This vulnerability stemmed from the lack of...

9.8CVSS6.2AI score0.06149EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by