| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-40488 | OpenMage LTS has Customer File Upload Extension Blocklist Bypass that Leads to Remote Code Execution | OpenMage | magento-lts | - | - | 2026-04-20 16:23:07 | Deep Dive |
| CVE-2026-40098 | OpenMage LTS imports cross-user wishlist item via shared wishlist code, leading to private option disclosure and file-disclosure variant | OpenMage | magento-lts | - | - | 2026-04-20 16:19:55 | Deep Dive |
| CVE-2026-25525 | OpenMage LTS has Path Traversal Filter Bypass in Dataflow Module | OpenMage | magento-lts | Medium | 4.9 | 2026-04-20 16:14:14 | Deep Dive |
| CVE-2026-25524 | OpenMage LTS's Phar Deserialization leads to Remote Code Execution | OpenMage | magento-lts | High | 8.1 | 2026-04-20 16:11:17 | Deep Dive |
| CVE-2026-25523 | Magento's X-Original-Url header can expose admin url | OpenMage | magento-lts | Medium | 5.3 | 2026-02-04 21:21:56 | Deep Dive |
| CVE-2025-64174 | OpenMage is vulnerable to XSS in Admin Notifications | OpenMage | magento-lts | 中危 | - | 2025-11-06 20:45:56 | Deep Dive |
| CVE-2025-58669 | WordPress Magento 2 WordPress Integration plugin <= 1.4.2.1 - Cross Site Scripting (XSS) vulnerability | Modern Minds | Magento 2 WordPress Integration | Medium | 5.9 | 2025-09-22 18:22:56 | Deep Dive |
| CVE-2025-27400 | Magento vulnerable to stored XSS in theme config fields | OpenMage | magento-lts | Low | 2.9 | 2025-02-28 15:26:14 | Deep Dive |
| CVE-2024-41676 | Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configs | OpenMage | magento-lts | Medium | 4.1 | 2024-07-29 14:46:27 | Deep Dive |
| CVE-2023-34379 | WordPress Cart2Cart: Magento to WooCommerce Migration Plugin <= 2.0.0 is vulnerable to Broken Access Control | MagneticOne | Cart2Cart: Magento to WooCommerce Migration | Medium | 5.4 | 2024-01-17 16:12:05 | Deep Dive |
| CVE-2023-41879 | Magento LTS's guest order "protect code" can be brute-forced too easily | OpenMage | magento-lts | High | 7.5 | 2023-09-11 21:14:29 | Deep Dive |
| CVE-2023-38208 | Validate Your Inputs | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78) | Adobe | Magento Commerce | Critical | 9.1 | 2023-08-09 07:41:47 | Deep Dive |
| CVE-2023-38209 | Adobe Commerce Incorrect Authorization Security feature bypass | Adobe | Magento Commerce | Medium | 6.5 | 2023-08-09 07:41:46 | Deep Dive |
| CVE-2023-29291 | Server Side Request Forgery (SSRF) in USPS carrier integration configuration | Adobe | Magento Commerce | Medium | 4.9 | 2023-06-15 00:00:00 | Deep Dive |
| CVE-2023-22248 | Adobe Commerce Incorrect Authorization Security feature bypass | Adobe | Magento Commerce | High | 7.5 | 2023-06-15 00:00:00 | Deep Dive |
| CVE-2023-29287 | Adobe Commerce Information Exposure Security feature bypass | Adobe | Magento Commerce | Medium | 5.3 | 2023-06-15 00:00:00 | Deep Dive |
| CVE-2023-29289 | Adobe Commerce XML Injection Security feature bypass | Adobe | Magento Commerce | Medium | 6.5 | 2023-06-15 00:00:00 | Deep Dive |
| CVE-2023-29290 | Adobe Commerce Guest Cart Shipping Address Overwrite IDOR | Adobe | Magento Commerce | Medium | 5.3 | 2023-06-15 00:00:00 | Deep Dive |
| CVE-2023-29292 | Server Side Request Forgery (SSRF) in FedEx carrier integration configuration | Adobe | Magento Commerce | Medium | 4.9 | 2023-06-15 00:00:00 | Deep Dive |
| CVE-2023-29297 | Admin-to-admin stored XSS via cache poisoning | Adobe | Magento Commerce | Critical | 9.1 | 2023-06-15 00:00:00 | Deep Dive |