Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

OpenMage — Vulnerabilities & Security Advisories 24

Browse all 24 CVE security advisories affecting OpenMage. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by OpenMage:magento-lts
CVE IDTitleCVSSSeverityPublished
CVE-2026-40488 OpenMage LTS has Customer File Upload Extension Blocklist Bypass that Leads to Remote Code Execution — magento-ltsCWE-434 9.8AICriticalAI2026-04-20
CVE-2026-40098 OpenMage LTS imports cross-user wishlist item via shared wishlist code, leading to private option disclosure and file-disclosure variant — magento-ltsCWE-862 8.1AIHighAI2026-04-20
CVE-2026-25525 OpenMage LTS has Path Traversal Filter Bypass in Dataflow Module — magento-ltsCWE-22 4.9 Medium2026-04-20
CVE-2026-25524 OpenMage LTS's Phar Deserialization leads to Remote Code Execution — magento-ltsCWE-502 8.1 High2026-04-20
CVE-2026-25523 Magento's X-Original-Url header can expose admin url — magento-ltsCWE-200 5.3 Medium2026-02-04
CVE-2025-64174 OpenMage is vulnerable to XSS in Admin Notifications — magento-ltsCWE-79 4.8 -2025-11-06
CVE-2025-27400 Magento vulnerable to stored XSS in theme config fields — magento-ltsCWE-79 2.9 Low2025-02-28
CVE-2024-41676 Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configs — magento-ltsCWE-79 4.1 Medium2024-07-29
CVE-2023-41879 Magento LTS's guest order "protect code" can be brute-forced too easily — magento-ltsCWE-330 7.5 High2023-09-11
CVE-2023-23617 OpenMage LTS has DoS vulnerability in MaliciousCode filter — magento-ltsCWE-835 4.9 Medium2023-01-27
CVE-2021-41231 OpenMage LTS DataFlow upload remote code execution vulnerability — magento-ltsCWE-77 7.2 High2023-01-27
CVE-2021-41144 OpenMage LTS authenticated remote code execution through layout update — magento-ltsCWE-77 8.8 High2023-01-27
CVE-2021-41143 OpenMage LTS arbitrary file deletion in customer media allows for remote code execution — magento-ltsCWE-77 7.2 High2023-01-27
CVE-2021-39217 OpenMage LTS arbitrary command execution in custom layout update through blocks — magento-ltsCWE-77 7.2 High2023-01-27
CVE-2021-21395 Magneto-lts vulnerable to Cross-Site Request Forgery — magento-ltsCWE-352 4.2 Medium2023-01-27
CVE-2021-32759 Data Flow Sanitation Issue Fix — magento-ltsCWE-20 7.2 High2021-08-27
CVE-2021-32758 Layout XML Arbitrary Code Fix — magento-ltsCWE-91 7.2 High2021-08-27
CVE-2021-21427 Backport for CVE-2021-21024 Blind SQLi from Magento 2 — magento-ltsCWE-89 9.1 Critical2021-04-21
CVE-2021-21426 Fixes a bug in Zend Framework's Stream HTTP Wrapper — magento-ltsCWE-502 9.8 Critical2021-04-21
CVE-2020-26295 CMS Editor code execution — magento-ltsCWE-22 8.7 High2021-01-21
CVE-2020-26285 Widget instances allows a hacker to inject an executable file on the server on OpenMage — magento-ltsCWE-22 8.7 High2021-01-21
CVE-2020-26252 Layout XML RCE Vulnerability in OpenMage — magento-ltsCWE-22 8.7 High2021-01-20
CVE-2020-15244 RCE in Magento — magento-ltsCWE-502 8.0 High2020-10-21
CVE-2020-15151 Observable Timing Discrepancy in OpenMage LTS — magento-ltsCWE-203 8.0 High2020-08-19

This page lists every published CVE security advisory associated with OpenMage. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.