Vulnerabilities > Magento

DATE CVE VULNERABILITY TITLE RISK
2020-07-29 CVE-2020-9692 Incorrect Authorization vulnerability in Magento
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a security mitigation bypass vulnerability.
network
magento CWE-863
8.5
2020-07-29 CVE-2020-9691 Cross-site Scripting vulnerability in Magento
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a dom-based cross-site scripting vulnerability.
network
magento CWE-79
critical
9.3
2020-07-29 CVE-2020-9690 Information Exposure Through Discrepancy vulnerability in Magento
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability.
network
magento CWE-203
3.5
2020-07-29 CVE-2020-9689 Path Traversal vulnerability in Magento
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a path traversal vulnerability.
network
magento CWE-22
8.5
2020-07-22 CVE-2020-9665 Cross-site Scripting vulnerability in Magento
Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a stored cross-site scripting vulnerability.
network
magento CWE-79
4.3
2020-07-22 CVE-2020-9664 Code Injection vulnerability in Magento
Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a php object injection vulnerability.
network
low complexity
magento CWE-94
7.5
2020-06-26 CVE-2020-9632 Unspecified vulnerability in Magento
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability.
network
low complexity
magento
critical
10.0
2020-06-26 CVE-2020-9631 Unspecified vulnerability in Magento
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability.
network
low complexity
magento
critical
10.0
2020-06-26 CVE-2020-9630 Improper Privilege Management vulnerability in Magento
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a business logic error vulnerability.
network
low complexity
magento CWE-269
7.5
2020-06-26 CVE-2020-9591 Information Exposure vulnerability in Magento
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability.
network
low complexity
magento CWE-200
5.0