CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

41 matches found

Friends Of PHP•added 2019/10/08 12:0 a.m.•12 views

PRODSECBUG-2485: Information Disclosure via File upload functionality

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

8.8CVSS7.2AI score0.00201EPSS

Exploits0Affected Software1

Friends Of PHP•added 2019/10/08 12:0 a.m.•14 views

PRODSECBUG-2342: Cross-Site Scripting mitigation bypass

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

6.1CVSS7.2AI score0.00047EPSS

Exploits0Affected Software1

Friends Of PHP•added 2019/10/08 12:0 a.m.•16 views

PRODSECBUG-2489: Cross side scripting during the preview of email templates

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00148EPSS

Exploits0Affected Software1

Friends Of PHP•added 2019/10/08 12:0 a.m.•15 views

PRODSECBUG-2434: SQL injection in 'Catalog Products List' widget leading to privilege escalation

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

8.8CVSS7.2AI score0.00113EPSS

Exploits0Affected Software1

Friends Of PHP•added 2019/10/08 12:0 a.m.•10 views

PRODSECBUG-2408: Unrestricted upload of file with dangerous type

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

4.9CVSS7.2AI score0.00241EPSS

Exploits0Affected Software1

Friends Of PHP•added 2019/10/08 12:0 a.m.•16 views

PRODSECBUG-2405: Injection vulnerability via email templates

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

6.5CVSS7.2AI score0.00136EPSS

Exploits0Affected Software1

Friends Of PHP•added 2019/10/08 12:0 a.m.•12 views

PRODSECBUG-2223: Remote code execution when using functionality that imports a new product

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

9CVSS7.2AI score0.01627EPSS

Exploits0Affected Software1

Friends Of PHP•added 2019/10/08 12:0 a.m.•7 views

PRODSECBUG-2422: Cross-Site Scripting via Email Template Name

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00148EPSS

Exploits0Affected Software1

Friends Of PHP•added 2019/10/08 12:0 a.m.•13 views

PRODSECBUG-2440: Information disclosure through processing of external XML entities

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

4.9CVSS7.2AI score0.00108EPSS

Exploits0Affected Software1

Friends Of PHP•added 2019/10/08 12:0 a.m.•16 views

PRODSECBUG-2425: Cross-Site Scripting via Signifyd Guarantee Option Translation Override

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00148EPSS

Exploits0Affected Software1

Friends Of PHP•added 2019/10/08 12:0 a.m.•16 views

PRODSECBUG-2403: Remote code execution through crafted PageBuilder templates

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

9.8CVSS7.2AI score0.02899EPSS

Exploits0Affected Software1

Friends Of PHP•added 2019/10/08 12:0 a.m.•10 views

PRODSECBUG-2390: Broken authentication and session managememt

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

9.8CVSS7.2AI score0.00424EPSS

Exploits0Affected Software1

Friends Of PHP•added 2019/06/25 12:0 a.m.•17 views

PRODSECBUG-2275: Unsafe functionality is exposed via email templates manipulation

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

6.5CVSS7.2AI score0.00081EPSS

Exploits0Affected Software1

Friends Of PHP•added 2019/06/25 12:0 a.m.•20 views

PRODSECBUG-2353: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

4.8CVSS7.2AI score0.00092EPSS

Exploits0Affected Software1

Friends Of PHP•added 2019/06/25 12:0 a.m.•20 views

PRODSECBUG-2387: Cross site request forgery attacks are possible via the gift card removal feature

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...

6.5CVSS7.2AI score0.00032EPSS

Exploits0Affected Software1

Friends Of PHP•added 2019/06/25 12:0 a.m.•14 views

PRODSECBUG-2366: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

4.8CVSS7.2AI score0.00092EPSS

Exploits0Affected Software1

Friends Of PHP•added 2019/06/25 12:0 a.m.•15 views

PRODSECBUG-2380: Stored cross-site scripting in the Currency Symbols field

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

5.4CVSS7.2AI score0.00086EPSS

Exploits0Affected Software1

Friends Of PHP•added 2019/06/25 12:0 a.m.•16 views

PRODSECBUG-2387: Cross site request forgery attacks are possible via the gift card removal feature

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...

6.5CVSS7.2AI score0.00032EPSS

Exploits0Affected Software1

Friends Of PHP•added 2019/06/25 12:0 a.m.•21 views

PRODSECBUG-2380: Stored cross-site scripting in the Currency Symbols field

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

5.4CVSS7.2AI score0.00086EPSS

Exploits0Affected Software1

Friends Of PHP•added 2019/06/25 12:0 a.m.•20 views

PRODSECBUG-2246: Stored cross-site scripting in the WYSIWYG editor

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

5.4CVSS7.2AI score0.00086EPSS

Exploits0Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by