Vulnerabilities > Magento > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-02-16 CVE-2022-24086 Improper Input Validation vulnerability in multiple products
Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process.
network
low complexity
adobe magento CWE-20
critical
10.0
2021-02-11 CVE-2021-21019 XML Injection (aka Blind XPath Injection) vulnerability in Magento
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to XML injection in the Widgets module.
network
low complexity
magento CWE-91
critical
9.1
2020-11-09 CVE-2020-24407 Unrestricted Upload of File with Dangerous Type vulnerability in Magento
Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an unsafe file upload vulnerability that could result in arbitrary code execution.
network
low complexity
magento CWE-434
critical
9.0
2020-07-29 CVE-2020-9691 Cross-site Scripting vulnerability in Magento
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a dom-based cross-site scripting vulnerability.
network
magento CWE-79
critical
9.3
2020-06-26 CVE-2020-9632 Unspecified vulnerability in Magento
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability.
network
low complexity
magento
critical
10.0
2020-06-26 CVE-2020-9631 Unspecified vulnerability in Magento
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability.
network
low complexity
magento
critical
10.0
2020-03-09 CVE-2014-1634 SQL Injection vulnerability in Magento Advanced Newsletter 2.3.4
SQL Injection exists in Advanced Newsletter Magento extension before 2.3.5 via the /store/advancednewsletter/index/subscribeajax/an_category_id/ PATH_INFO.
network
low complexity
magento CWE-89
critical
10.0
2020-01-29 CVE-2020-3718 Unspecified vulnerability in Magento
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a security bypass vulnerability.
network
low complexity
magento
critical
10.0
2020-01-29 CVE-2020-3716 Deserialization of Untrusted Data vulnerability in Magento
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a deserialization of untrusted data vulnerability.
network
low complexity
magento CWE-502
critical
10.0
2019-11-06 CVE-2019-8159 OS Command Injection vulnerability in Magento
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-78
critical
9.0