Browse 283+ CVEs from NVD & CNNVD with AI-powered analysis, AI-generated PoCs, KEV/EPSS tracking, and daily security intelligence. Filter by vendor, product, severity, or CWE.
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-45247 | Mirasvit Cache Warmer for Magento < 1.11.12 PHP Object Injection | Mirasvit | Full Page Cache Warmer for Magento 2 | Critical | 9.8 | 2026-05-26 14:15:34 | Deep Dive |
| CVE-2026-42207 | Magento LTS: Open Redirect via Unvalidated `uenc` Parameter in `stockAction()` - magento-lts | OpenMage | magento-lts | Medium | 6.1 | 2026-05-15 17:06:41 | Deep Dive |
| CVE-2026-42155 | Magento LTS: Weak API Session ID — Predictable MD5 of Time-Derived Inputs | OpenMage | magento-lts | - | - | 2026-05-15 17:05:02 | Deep Dive |
| CVE-2026-42458 | Magento LTS: Reflected XSS - Import -> Data Flow (profiles) | OpenMage | magento-lts | - | - | 2026-05-15 17:02:43 | Deep Dive |
| CVE-2026-40488 | OpenMage LTS has Customer File Upload Extension Blocklist Bypass that Leads to Remote Code Execution | OpenMage | magento-lts | - | - | 2026-04-20 16:23:07 | Deep Dive |
| CVE-2026-40098 | OpenMage LTS imports cross-user wishlist item via shared wishlist code, leading to private option disclosure and file-disclosure variant | OpenMage | magento-lts | - | - | 2026-04-20 16:19:55 | Deep Dive |
| CVE-2026-25525 | OpenMage LTS has Path Traversal Filter Bypass in Dataflow Module | OpenMage | magento-lts | Medium | 4.9 | 2026-04-20 16:14:14 | Deep Dive |
| CVE-2026-25524 | OpenMage LTS's Phar Deserialization leads to Remote Code Execution | OpenMage | magento-lts | High | 8.1 | 2026-04-20 16:11:17 | Deep Dive |
| CVE-2026-25523 | Magento's X-Original-Url header can expose admin url | OpenMage | magento-lts | Medium | 5.3 | 2026-02-04 21:21:56 | Deep Dive |
| CVE-2025-64174 | OpenMage is vulnerable to XSS in Admin Notifications | OpenMage | magento-lts | 中危 | - | 2025-11-06 20:45:56 | Deep Dive |
| CVE-2025-58669 | WordPress Magento 2 WordPress Integration plugin <= 1.4.2.1 - Cross Site Scripting (XSS) vulnerability | Modern Minds | Magento 2 WordPress Integration | Medium | 5.9 | 2025-09-22 18:22:56 | Deep Dive |
| CVE-2025-27400 | Magento vulnerable to stored XSS in theme config fields | OpenMage | magento-lts | Low | 2.9 | 2025-02-28 15:26:14 | Deep Dive |
| CVE-2024-41676 | Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configs | OpenMage | magento-lts | Medium | 4.1 | 2024-07-29 14:46:27 | Deep Dive |
| CVE-2023-34379 | WordPress Cart2Cart: Magento to WooCommerce Migration Plugin <= 2.0.0 is vulnerable to Broken Access Control | MagneticOne | Cart2Cart: Magento to WooCommerce Migration | Medium | 5.4 | 2024-01-17 16:12:05 | Deep Dive |
| CVE-2023-41879 | Magento LTS's guest order "protect code" can be brute-forced too easily | OpenMage | magento-lts | High | 7.5 | 2023-09-11 21:14:29 | Deep Dive |
| CVE-2023-38208 | Validate Your Inputs | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78) | Adobe | Magento Commerce | Critical | 9.1 | 2023-08-09 07:41:47 | Deep Dive |
| CVE-2023-38209 | Adobe Commerce Incorrect Authorization Security feature bypass | Adobe | Magento Commerce | Medium | 6.5 | 2023-08-09 07:41:46 | Deep Dive |
| CVE-2023-29291 | Server Side Request Forgery (SSRF) in USPS carrier integration configuration | Adobe | Magento Commerce | Medium | 4.9 | 2023-06-15 00:00:00 | Deep Dive |
| CVE-2023-29290 | Adobe Commerce Guest Cart Shipping Address Overwrite IDOR | Adobe | Magento Commerce | Medium | 5.3 | 2023-06-15 00:00:00 | Deep Dive |
| CVE-2023-29289 | Adobe Commerce XML Injection Security feature bypass | Adobe | Magento Commerce | Medium | 6.5 | 2023-06-15 00:00:00 | Deep Dive |