Vulnerabilities > Magento > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-11-06 CVE-2019-8144 Unspecified vulnerability in Magento 2.3.0/2.3.1/2.3.2
A remote code execution vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento
critical
9.8
2019-11-06 CVE-2019-8136 Unspecified vulnerability in Magento
An insecure component vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento
critical
9.8
2019-11-06 CVE-2019-8135 Injection vulnerability in Magento
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-74
critical
9.8
2019-11-05 CVE-2019-8121 Unspecified vulnerability in Magento
An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3.
network
low complexity
magento
critical
9.8
2019-04-10 CVE-2019-7139 SQL Injection vulnerability in Magento
An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage.
network
low complexity
magento CWE-89
critical
9.8
2017-09-26 CVE-2015-8707 Information Exposure vulnerability in Magento
Password reset tokens in Magento CE before 1.9.2.2, and Magento EE before 1.14.2.2 are passed via a GET request and not canceled after use, which allows remote attackers to obtain user passwords via a crafted external service with access to the referrer field.
network
low complexity
magento CWE-200
critical
9.8
2017-01-23 CVE-2016-4010 Injection vulnerability in Magento
Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data.
network
low complexity
magento CWE-74
critical
9.8