浏览 24+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-40488 | OpenMage LTS has Customer File Upload Extension Blocklist Bypass that Leads to Remote Code Execution | OpenMage | magento-lts | - | - | 2026-04-20 16:23:07 | Deep Dive |
| CVE-2026-40098 | OpenMage LTS imports cross-user wishlist item via shared wishlist code, leading to private option disclosure and file-disclosure variant | OpenMage | magento-lts | - | - | 2026-04-20 16:19:55 | Deep Dive |
| CVE-2026-25525 | OpenMage LTS has Path Traversal Filter Bypass in Dataflow Module | OpenMage | magento-lts | Medium | 4.9 | 2026-04-20 16:14:14 | Deep Dive |
| CVE-2026-25524 | OpenMage LTS's Phar Deserialization leads to Remote Code Execution | OpenMage | magento-lts | High | 8.1 | 2026-04-20 16:11:17 | Deep Dive |
| CVE-2026-25523 | Magento's X-Original-Url header can expose admin url | OpenMage | magento-lts | Medium | 5.3 | 2026-02-04 21:21:56 | Deep Dive |
| CVE-2025-64174 | OpenMage is vulnerable to XSS in Admin Notifications | OpenMage | magento-lts | 中危 | - | 2025-11-06 20:45:56 | Deep Dive |
| CVE-2025-27400 | Magento vulnerable to stored XSS in theme config fields | OpenMage | magento-lts | Low | 2.9 | 2025-02-28 15:26:14 | Deep Dive |
| CVE-2024-41676 | Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configs | OpenMage | magento-lts | Medium | 4.1 | 2024-07-29 14:46:27 | Deep Dive |
| CVE-2023-41879 | Magento LTS's guest order "protect code" can be brute-forced too easily | OpenMage | magento-lts | High | 7.5 | 2023-09-11 21:14:29 | Deep Dive |
| CVE-2023-23617 | OpenMage LTS has DoS vulnerability in MaliciousCode filter | OpenMage | magento-lts | Medium | 4.9 | 2023-01-27 23:24:33 | Deep Dive |
| CVE-2021-41231 | OpenMage LTS DataFlow upload remote code execution vulnerability | OpenMage | magento-lts | High | 7.2 | 2023-01-27 18:12:01 | Deep Dive |
| CVE-2021-41144 | OpenMage LTS authenticated remote code execution through layout update | OpenMage | magento-lts | High | 8.8 | 2023-01-27 18:08:42 | Deep Dive |
| CVE-2021-41143 | OpenMage LTS arbitrary file deletion in customer media allows for remote code execution | OpenMage | magento-lts | High | 7.2 | 2023-01-27 18:02:09 | Deep Dive |
| CVE-2021-39217 | OpenMage LTS arbitrary command execution in custom layout update through blocks | OpenMage | magento-lts | High | 7.2 | 2023-01-27 17:57:58 | Deep Dive |
| CVE-2021-21395 | Magneto-lts vulnerable to Cross-Site Request Forgery | OpenMage | magento-lts | Medium | 4.2 | 2023-01-27 15:03:32 | Deep Dive |
| CVE-2021-32759 | Data Flow Sanitation Issue Fix | OpenMage | magento-lts | High | 7.2 | 2021-08-27 22:00:11 | Deep Dive |
| CVE-2021-32758 | Layout XML Arbitrary Code Fix | OpenMage | magento-lts | High | 7.2 | 2021-08-27 17:30:10 | Deep Dive |
| CVE-2021-21427 | Backport for CVE-2021-21024 Blind SQLi from Magento 2 | OpenMage | magento-lts | Critical | 9.1 | 2021-04-21 20:55:14 | Deep Dive |
| CVE-2021-21426 | Fixes a bug in Zend Framework's Stream HTTP Wrapper | OpenMage | magento-lts | Critical | 9.8 | 2021-04-21 20:15:18 | Deep Dive |
| CVE-2020-26295 | CMS Editor code execution | OpenMage | magento-lts | High | 8.7 | 2021-01-21 13:40:19 | Deep Dive |