Skip to main content
CVE-2021-36042 HIGH PATCH This Week

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the API File Option Upload Extension. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE File Upload Adobe Adobe Commerce Magento Open Source
NVD
CVSS 3.1
7.2
EPSS
2.5%
CVE-2021-36041 HIGH PATCH This Week

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Adobe Adobe Commerce Magento Open Source
NVD
CVSS 3.1
7.2
EPSS
2.4%
CVE-2021-36040 HIGH PATCH This Week

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Adobe Adobe Commerce Magento Open Source
NVD
CVSS 3.1
7.2
EPSS
2.9%
CVE-2021-36035 HIGH PATCH This Week

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Adobe Adobe Commerce Magento Open Source
NVD
CVSS 3.1
7.2
EPSS
2.8%
CVE-2021-36034 HIGH PATCH This Week

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Adobe Adobe Commerce Magento Open Source
NVD
CVSS 3.1
7.2
EPSS
2.4%
CVE-2021-36033 HIGH PATCH This Week

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Module. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Adobe Adobe Commerce Magento Open Source
NVD
CVSS 3.1
7.2
EPSS
3.1%
CVE-2021-36031 HIGH PATCH This Week

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a Path Traversal vulnerability via the `theme[preview_image]` parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Path Traversal Adobe Adobe Commerce Magento Open Source
NVD
CVSS 3.1
7.2
EPSS
3.1%
CVE-2021-36029 HIGH PATCH This Week

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper improper authorization vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Adobe RCE Authentication Bypass Adobe Commerce Magento Open Source
NVD
CVSS 3.1
7.2
EPSS
2.5%
CVE-2021-36028 HIGH PATCH This Week

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability when saving a configurable product. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Adobe Adobe Commerce Magento Open Source
NVD
CVSS 3.1
7.2
EPSS
2.9%
CVE-2021-36025 HIGH PATCH This Week

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability while saving a customer's details with a. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Adobe Adobe Commerce Magento Open Source
NVD
CVSS 3.1
7.2
EPSS
2.8%
CVE-2021-36024 HIGH PATCH This Week

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an Improper Neutralization of Special Elements Used In A Command via the Data collection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE Command Injection Adobe Adobe Commerce Magento Open Source
NVD
CVSS 3.1
7.2
EPSS
2.9%
CVE-2021-36022 HIGH PATCH This Week

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Update Layout. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE Command Injection Adobe Adobe Commerce Magento Open Source
NVD
CVSS 3.1
7.2
EPSS
3.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy