Vulnerabilities > Magento

DATE CVE VULNERABILITY TITLE RISK
2020-06-26 CVE-2020-9579 Unspecified vulnerability in Magento
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability.
network
low complexity
magento
critical
9.8
2020-06-26 CVE-2020-9578 Command Injection vulnerability in Magento
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability.
network
low complexity
magento CWE-77
critical
9.8
2020-06-26 CVE-2020-9577 Cross-site Scripting vulnerability in Magento
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability.
network
low complexity
magento CWE-79
6.1
2020-06-26 CVE-2020-9576 Command Injection vulnerability in Magento
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability.
network
low complexity
magento CWE-77
critical
9.8
2020-03-09 CVE-2014-1634 SQL Injection vulnerability in Magento Advanced Newsletter 2.3.4
SQL Injection exists in Advanced Newsletter Magento extension before 2.3.5 via the /store/advancednewsletter/index/subscribeajax/an_category_id/ PATH_INFO.
network
low complexity
magento CWE-89
critical
9.8
2020-01-29 CVE-2020-3758 Cross-site Scripting vulnerability in Magento
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a stored cross-site scripting vulnerability.
network
low complexity
magento CWE-79
6.1
2020-01-29 CVE-2020-3719 SQL Injection vulnerability in Magento
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have an sql injection vulnerability.
network
low complexity
magento CWE-89
7.5
2020-01-29 CVE-2020-3718 Unspecified vulnerability in Magento
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a security bypass vulnerability.
network
low complexity
magento
critical
9.8
2020-01-29 CVE-2020-3717 Path Traversal vulnerability in Magento
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a path traversal vulnerability.
network
low complexity
magento CWE-22
5.3
2020-01-29 CVE-2020-3716 Deserialization of Untrusted Data vulnerability in Magento
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a deserialization of untrusted data vulnerability.
network
low complexity
magento CWE-502
critical
9.8