Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Arbitrary File Creation Arbitrary File Read Arbitrary File Write Authentication Bypass Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial-of-service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilitie Known Vulnerabilities Ldap Injection Malware Missing Update Path Traversal Privilege Escalation Remote Code Execution SSRF SSTI Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity Magento Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-7139) CVE-2019-7139 CWE-138 CWE-138 Critical Magento Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-8127) CVE-2019-8127 CWE-138 CWE-138 High Magento Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-8130) CVE-2019-8130 CWE-138 CWE-138 High Magento Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-8134) CVE-2019-8134 CWE-138 CWE-138 High Magento Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-8143) CVE-2019-8143 CWE-138 CWE-138 Medium Magento Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-3719) CVE-2020-3719 CWE-138 CWE-138 High Magento Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-24400) CVE-2020-24400 CWE-138 CWE-138 High Magento Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-21024) CVE-2021-21024 CWE-138 CWE-138 Critical Magento Improper Privilege Management Vulnerability (CVE-2020-9630) CVE-2020-9630 CWE-269 CWE-269 Critical Magento Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') Vulnerability (CVE-2019-8126) CVE-2019-8126 CWE-776 CWE-776 Medium Magento Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2019-8154) CVE-2019-8154 CWE-829 CWE-829 High Magento Incorrect Authorization Vulnerability (CVE-2020-9587) CVE-2020-9587 CWE-863 CWE-863 High Magento Incorrect Authorization Vulnerability (CVE-2020-9692) CVE-2020-9692 CWE-863 CWE-863 Medium Magento Incorrect Authorization Vulnerability (CVE-2020-24401) CVE-2020-24401 CWE-863 CWE-863 Medium Magento Incorrect Authorization Vulnerability (CVE-2021-28567) CVE-2021-28567 CWE-863 CWE-863 Medium Magento Incorrect Authorization Vulnerability (CVE-2022-34255) CVE-2022-34255 CWE-863 CWE-863 High Magento Incorrect Authorization Vulnerability (CVE-2022-34256) CVE-2022-34256 CWE-863 CWE-863 Critical Magento Insufficient Session Expiration Vulnerability (CVE-2019-8149) CVE-2019-8149 CWE-613 CWE-613 Critical Magento Insufficient Session Expiration Vulnerability (CVE-2021-21031) CVE-2021-21031 CWE-613 CWE-613 Medium Magento Insufficient Session Expiration Vulnerability (CVE-2021-21032) CVE-2021-21032 CWE-613 CWE-613 Medium Magento Insufficient Verification of Data Authenticity Vulnerability (CVE-2019-8112) CVE-2019-8112 CWE-345 CWE-345 High Magento Insufficient Verification of Data Authenticity Vulnerability (CVE-2019-8124) CVE-2019-8124 CWE-345 CWE-345 High Magento Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2020-9588) CVE-2020-9588 High Magento Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2020-9690) CVE-2020-9690 Medium Magento Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2020-15151) CVE-2020-15151 High Magento Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-3458) CVE-2015-3458 CWE-264 CWE-264 Medium Magento remote code execution CVE-2015-1397 CVE-2015-1398 CVE-2015-1399 CWE-94 CWE-94 High Magento Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-7892) CVE-2019-7892 CWE-918 CWE-918 High Magento Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-7911) CVE-2019-7911 CWE-918 CWE-918 High Magento Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-7913) CVE-2019-7913 CWE-918 CWE-918 High Magento Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-7923) CVE-2019-7923 CWE-918 CWE-918 High Magento Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-8151) CVE-2019-8151 CWE-918 CWE-918 High Magento Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-8156) CVE-2019-8156 CWE-918 CWE-918 High Magento Session Fixation Vulnerability (CVE-2019-7849) CVE-2019-7849 CWE-384 CWE-384 High Magento Session Fixation Vulnerability (CVE-2019-8116) CVE-2019-8116 CWE-384 CWE-384 High Magento Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-7861) CVE-2019-7861 CWE-434 CWE-434 High Magento Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-7912) CVE-2019-7912 CWE-434 CWE-434 High Magento Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-7930) CVE-2019-7930 CWE-434 CWE-434 High Magento Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-8093) CVE-2019-8093 CWE-434 CWE-434 High Magento Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-8114) CVE-2019-8114 CWE-434 CWE-434 High Magento Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-8140) CVE-2019-8140 CWE-434 CWE-434 Medium Magento Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-24407) CVE-2020-24407 CWE-434 CWE-434 Critical Magento Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2021-21014) CVE-2021-21014 CWE-434 CWE-434 Critical Magento Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Vulnerability (CVE-2019-8113) CVE-2019-8113 CWE-338 CWE-338 Medium Magento Violation of Secure Design Principles Vulnerability (CVE-2021-28583) CVE-2021-28583 CWE-657 CWE-657 Medium Magento XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2019-8158) CVE-2019-8158 CWE-91 CWE-91 Critical Magento XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2021-21019) CVE-2021-21019 CWE-91 CWE-91 Critical Magento XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2021-21025) CVE-2021-21025 CWE-91 CWE-91 Critical Magento XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2022-34253) CVE-2022-34253 CWE-91 CWE-91 High Mailman Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-6893) CVE-2016-6893 CWE-352 CWE-352 High Mailman Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-42097) CVE-2021-42097 CWE-352 CWE-352 High Mailman Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-44227) CVE-2021-44227 CWE-352 CWE-352 High Mailman CVE-2006-2941 Vulnerability (CVE-2006-2941) CVE-2006-2941 Medium Mailman Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2006-4624) CVE-2006-4624 CWE-94 CWE-94 Low Mailman Improper Input Validation Vulnerability (CVE-2018-13796) CVE-2018-13796 CWE-20 CWE-20 Medium Mailman Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2015-2775) CVE-2015-2775 CWE-22 CWE-22 High Mailman Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-3089) CVE-2010-3089 CWE-707 CWE-707 Low Mailman Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-0707) CVE-2011-0707 CWE-707 CWE-707 Medium Mailman Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-5024) CVE-2011-5024 CWE-707 CWE-707 Medium Mailman Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-0618) CVE-2018-0618 CWE-707 CWE-707 Medium Mailman Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-5950) CVE-2018-5950 CWE-707 CWE-707 Medium Mailman Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-12137) CVE-2020-12137 CWE-707 CWE-707 Medium Mailman Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-43331) CVE-2021-43331 CWE-707 CWE-707 Medium Mailman Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2020-12108) CVE-2020-12108 CWE-138 CWE-138 Medium Mailman Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2020-15011) CVE-2020-15011 CWE-138 CWE-138 Medium Mailman Improper Restriction of Excessive Authentication Attempts Vulnerability (CVE-2021-42096) CVE-2021-42096 CWE-307 CWE-307 Medium Mailman Insufficiently Protected Credentials Vulnerability (CVE-2021-43332) CVE-2021-43332 CWE-522 CWE-522 Medium Mailman Other Vulnerability (CVE-2000-0861) CVE-2000-0861 High Mailman Other Vulnerability (CVE-2001-0290) CVE-2001-0290 Medium Mailman Other Vulnerability (CVE-2001-0884) CVE-2001-0884 Medium Mailman Other Vulnerability (CVE-2001-1132) CVE-2001-1132 High Mailman Other Vulnerability (CVE-2002-0388) CVE-2002-0388 High Mailman Other Vulnerability (CVE-2002-0389) CVE-2002-0389 Low Mailman Other Vulnerability (CVE-2002-0855) CVE-2002-0855 High Mailman Other Vulnerability (CVE-2003-0038) CVE-2003-0038 Medium 1...68697071...303 69 / 303
