Local Storage seems to be disabled in your browser.
For the best experience on our site, be sure to turn on Local Storage in your browser.
Security
Magento 2 Security related issues.
-
March 09, 2025 55
Check whether your Magento store is affected by CVE-2024-34102(a.k.a Cosmic Sting) with only a few clicks. You can also use it to check whether the applied patch works. Simply input your store's Base URL...
-
December 19, 2024 61
Class
\Magento\Framework\Xml\Security
in Magento 2 framework is intended to prevent XXE and itsscan
method can detect entities in XML input, by design. However, we found a way to bypass thescan
method... -
December 07, 2024 158
The encryption key in Magento is used to encrypt sensitive data such as API credentials, and most important thing, the Admin WebAPI Token is issued by this key. We need to rotate it if the key is leaked...
-
December 02, 2024 39
Starting from Magento 2.4.7, the encryption key has a new format and the key length is increased to 256-bit. We will demonstrate the key generation process and after reading this blog, you should be able...
-
September 12, 2024 155
How to fix CVE-2024-34102 -- a CVSS Score 9.8(Critical) and RCE possible vulnerability? Upgrade Magento to greater than 2.4.7-p1 is the best solution, but sometimes this could not be done in a few days...
-
September 10, 2024 162
CVE-2024-34102(Now it can be chained with another bug to RCE) was discovered in 2023 and its details were published in June 2024. There already exists verified exploit script on the internet. By exploiting...