34 matches found
CVE-2019-7895
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to layouts can execute arbitrary code through a crafted XML layout update...
EUVD-2025-197941
The ACF Flexible Layouts Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'acfflmupdatetemplatewithpastedlayout' function in all versions up to, and including, 1.1.6. This makes it possible for unauthenticated attackers to...
EUVD-2022-2657
Malicious code in bioql PyPI...
EUVD-2022-4633
Malicious code in bioql PyPI...
EUVD-2022-2712
Malicious code in bioql PyPI...
CVE-2025-38691 pNFS: Fix uninited ptr deref in block/scsi layout
In the Linux kernel, the following vulnerability has been resolved: pNFS: Fix uninited ptr deref in block/scsi layout The error occurs on the third attempt to encode extents. When function exttreepreparecommit reallocates a larger buffer to retry encoding extents, the "layoutupdatepages" page arr...
CVE-2019-8137
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to manipulate CMS section of the website can trigger remote code execution via custom layout update...
CVE-2019-8122
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user with privileges to create products can craft custom layout update and use import product functionality to enable remote code execution...
Advisory ROSA-SA-2023-2217
Software: libmicrohttpd 0.9.76 OS: ROSA-CHROME packageevrstring: libmicrohttpd-0.9.76-1.src.rpm CVE-ID: CVE-2023-27371 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: GNU libmicrohttpd before version 0.9.76 allowed remote DoS denial of service due to improper multipart/form-data boundary parsing in the...
CVE-2021-41144 OpenMage LTS authenticated remote code execution through layout update
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block blacklist to execute remote code. Versions 19.4.22 and 20.0.19 contain a patch for this issue...
Fix for authenticated remote code execution through layout update
Impact A layout block was able to bypass the block blacklist to execute remote code...
GHSA-5J2G-3PH4-RGVM Fix for authenticated remote code execution through layout update
Impact A layout block was able to bypass the block blacklist to execute remote code...
GHSA-5V5P-X8C2-MQXP Magento 2 Community Edition RCE Vulnerability
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user with privileges to create products can craft custom layout update and use import product functionality to enable remote code execution...
Magento 2 Community Edition RCE Vulnerability
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user with privileges to create products can craft custom layout update and use import product functionality to enable remote code execution...
GHSA-653Q-VQM6-GMJM Magento 2 Community Edition Arbitrary File Deletion
An arbitrary file deletion vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated users can manipulate the design layout update feature...
Magento 2 Community Edition RCE Vulnerability
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to layouts can execute arbitrary code through a crafted XML layout update...
GHSA-2X55-MG9R-24F7 Magento 2 Community Edition RCE Vulnerability
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to layouts can execute arbitrary code through a combination of product import, crafted csv file and XML layout...
Magento 2 Community Edition RCE Vulnerability
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to layouts can execute arbitrary code through a combination of product import, crafted csv file and XML layout...
GHSA-MW5W-CF76-73M8 Magento 2 Community Edition RCE Vulnerability
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to layouts can execute arbitrary code through a crafted XML layout update...
Magento Remote Code Execution Vulnerability (CNVD-2019-40725)
Magento is an open source PHP e-commerce system from the U.S. company Magento. A remote code execution vulnerability exists in Magento. An attacker can exploit this vulnerability to achieve remote code execution via a specially crafted custom layout update and import product functionality...