VulnCheck KEV: CVE-2026-45247

Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted...

CVE-2026-45247

Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted...

CVE-2026-5603

A vulnerability was identified in elgentos magento2-dev-mcp up to 1.0.2. The affected element is the function executeMagerun2Command of the file src/index.ts. Such manipulation leads to os command injection. An attack has to be approached locally. The exploit is publicly available and might be...

PT-2024-40368 · Adobe · Magento Open Source +1

Name of the Vulnerable Software and Affected Versions: Magento Commerce and Open Source versions prior to 2.2.6 Magento Commerce and Open Source versions prior to 2.1.15 Description: The issue concerns security enhancements to address Cross-Site Scripting XSS and other vulnerabilities...

CVE-2021-33353

Directory Traversal vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via the file attachment directory setting...

CVE-2022-36433

The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the shortcontent and fullcontent fields, leading to XSS attacks against admin panel users via posts/preview or posts/save...

Amasty Blog 跨站脚本漏洞

Amasty Blog is a website page extension from Amasty. magento2 is an open source PHP e-commerce system. Amasty Blog Pro 2.10.5 before the version for Magento 2 has a cross-site scripting vulnerability , the vulnerability stems from the plugin in the blog post creation function fails to shortconten...

CVE-2022-35501

Stored Cross-site Scripting XSS exists in the Amasty Blog Pro 2.10.3 and 2.10.4 plugin for Magento 2 because of the duplicate post function...

PT-2022-22871 · Amasty +1 · Amasty Blog Pro +1

Name of the Vulnerable Software and Affected Versions: Amasty Blog Pro versions 2.10.3 through 2.10.4 Amasty Blog Pro versions prior to 2.10.4 Description: A Stored Cross-site Scripting XSS issue exists due to the duplicate post function in the Amasty Blog Pro plugin for Magento 2. The create pos...

CVE-2022-36432

The Preview functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 uses eval unsafely. This allows attackers to perform Cross-site Scripting attacks on admin panel users by manipulating the generated preview application response...

PT-2022-23366 · Amasty +1 · Amasty Blog Pro +1

Name of the Vulnerable Software and Affected Versions: Amasty Blog Pro version 2.10.3 Description: The Preview functionality in the Amasty Blog Pro plugin for Magento 2 uses eval unsafely, allowing attackers to perform Cross-site Scripting attacks on admin panel users by manipulating the generate...

CVE-2020-12635

XSS exists in the WebForms Pro M2 extension before 2.9.17 for Magento 2 via the textarea field...