ReportizFlow
Filtered by vendor Magento
Subscriptions
Total
225 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-7849 | 1 Magento | 1 Magento | 2024-11-21 | N/A |
| A defense-in-depth check was added to mitigate inadequate session validation handling by 3rd party checkout modules. This impacts Magento 1.x prior to 1.9.4.2, Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2. | ||||
| CVE-2019-7139 | 1 Magento | 1 Magento | 2024-11-21 | N/A |
| An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | ||||
| CVE-2018-5301 | 1 Magento | 1 Magento | 2024-11-21 | N/A |
| Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have CSRF resulting in deletion of a customer address from an address book, aka APPSEC-1433. | ||||
| CVE-2015-6497 | 2 Magento, Php | 2 Magento, Php | 2024-11-21 | 8.8 High |
| The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2.php in Magento Community Edition (CE) before 1.9.2.1 and Enterprise Edition (EE) before 1.14.2.1, when used with PHP before 5.4.24 or 5.5.8, allows remote authenticated users to execute arbitrary PHP code via the productData parameter to index.php/api/v2_soap. | ||||
| CVE-2014-1634 | 1 Magento | 1 Advanced Newsletter | 2024-11-21 | 9.8 Critical |
| SQL Injection exists in Advanced Newsletter Magento extension before 2.3.5 via the /store/advancednewsletter/index/subscribeajax/an_category_id/ PATH_INFO. | ||||