Lucene search
K

8317 matches found

Nuclei
Nuclei
added 12 hours ago60 views

Prodigy Commerce <= 3.3.0 - Local File Inclusion

Prodigy Commerce WordPress plugin = 3.2.9 contains a local file inclusion caused by improper sanitization of 'parameterstemplatename' parameter, letting unauthenticated attackers include and execute arbitrary files remotely. id: CVE-2026-0926 info: name: Prodigy Commerce = 3.3.0 - Local File...

9.8CVSS6.3AI score0.09396EPSS
Exploits5References2
NVD
NVD
added 18 hours ago4 views

CVE-2026-44761

SAP Commerce Cloud could retain a sample OAuth2 client with publicly documented sample credentials originating from sample configuration provided in SAP Help Portal documentation. If left unchanged, an unauthenticated attacker could use these well-known credentials to obtain a valid access token...

9.1CVSS
Exploits0References2
CVE
CVE
added 19 hours ago21 views

CVE-2026-44761

SAP Commerce Cloud is affected by CVE-2026-44761, where a sample OAuth2 client may retain publicly documented sample credentials from SAP Help Portal configuration. If left unchanged, an unauthenticated attacker could obtain a valid access token and invoke certain APIs to read and modify data, re...

9.1CVSS6.1AI score
Exploits0References2
Nuclei
Nuclei
added yesterday107 views

Cloudpanel 2 < 2.3.1 - Remote Code Execution

CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication. id: CVE-2023-35885 info: name: Cloudpanel 2 2.3.1 - Remote Code Execution author: DhiyaneshDk severity: critical description: | CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication. impact: | Successfu...

9.8CVSS7AI score0.75315EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday245 views

Sitecore Experience Platform <= 10.4 - Arbitrary File Read

An issue was discovered in Sitecore Experience Platform XP, Experience Manager XM, and Experience Commerce XC 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files. id: CVE-2024-46938 info: name: Sitecore Experience Platform = 10.4 - Arbitrary File...

7.5CVSS6.2AI score0.46077EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday325 views

Sitecore - Remote Code Execution

Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3. id: CVE-2023-35813 info: name: Sitecore - Remote Code Execution author: DhiyaneshDk,iamnoooob severity: critical description: | Multiple Sitecore...

9.8CVSS7.2AI score0.86685EPSS
Exploits7References5
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43088

vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest registration versions:...

6.1AI score0.00236EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43062

Incorrect Authorization vulnerability in Drupal Commerce Realex / Global Payments allows Forceful Browsing. This issue affects Commerce Realex / Global Payments versions: from 0.0.0 to 3.0.2...

6.1AI score0.0018EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43115

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Commerce Core allows Stored XSS. This issue affects Commerce Core versions: from 3.3.0 to 3.3.6...

6.1AI score0.00161EPSS
Exploits0References2
NVD
NVD
added 4 days ago5 views

CVE-2026-15089

vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest registration versions:...

9.1CVSS0.00236EPSS
Exploits0References1
NVD
NVD
added 4 days ago3 views

CVE-2026-13238

Incorrect Authorization vulnerability in Drupal Commerce Realex / Global Payments allows Forceful Browsing. This issue affects Commerce Realex / Global Payments versions: from 0.0.0 to 3.0.2...

4.8CVSS0.0018EPSS
Exploits0References1
NVD
NVD
added 4 days ago3 views

CVE-2026-10769

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Commerce Core allows Stored XSS. This issue affects Commerce Core versions: from 3.3.0 to 3.3.6...

5.4CVSS0.00161EPSS
Exploits0References1
CVE
CVE
added 4 days ago10 views

CVE-2026-15089

The CVE-2026-15089 entry concerns a vulnerability in Drupal Commerce guest registration. Affected component: Drupal Commerce guest registration feature; details on affected versions are not provided beyond “. ” in the documents. The CVSS 3.1 base score is listed as 9.1 (CRITICAL) with high confid...

9.1CVSS6.1AI score0.00236EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-15089 Commerce guest registration - Critical - Unsupported - SA-CONTRIB-2026-079

vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest registration versions:...

0.00236EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-13238 Commerce Realex / Global Payments - Moderately critical - Access Bypass - SA-CONTRIB-2026-058

Incorrect Authorization vulnerability in Drupal Commerce Realex / Global Payments allows Forceful Browsing. This issue affects Commerce Realex / Global Payments versions: from 0.0.0 to 3.0.2...

0.0018EPSS
Exploits0References1
CVE
CVE
added 4 days ago15 views

CVE-2026-13238

CVE-2026-13238 describes an incorrect authorization flaw in Drupal Commerce Realex / Global Payments. The issue permits forceful browsing when the gateway is configured with the redirect payment method, due to insufficient verification of the payment response from Global Payments. Affected versio...

4.8CVSS6.1AI score0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-10769 Commerce Core - Moderately critical - Cross site scripting - SA-CONTRIB-2026-041

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Commerce Core allows Stored XSS. This issue affects Commerce Core versions: from 3.3.0 to 3.3.6...

0.00161EPSS
Exploits0References1
CVE
CVE
added 4 days ago27 views

CVE-2026-10769

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Commerce Core allows Stored XSS. This issue affects Commerce Core versions: from 3.3.0 to 3.3.6...

5.4CVSS6.1AI score0.00161EPSS
Exploits0References1
OSV
OSV
added 4 days ago2 views

CVE-2026-10769 Commerce Core - Moderately critical - Cross site scripting - SA-CONTRIB-2026-041

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Commerce Core allows Stored XSS. This issue affects Commerce Core versions: from 3.3.0 to 3.3.6...

5.4CVSS6.1AI score0.00161EPSS
Exploits0References5
NVD
NVD
added 4 days ago6 views

CVE-2026-9726

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal AlternativeCommerce Basket allows Object Injection. This issue affects Drupal AlternativeCommerce Basket versions: from 0.0.0 to 2.1.17...

9.8CVSS0.00161EPSS
Exploits0References1
Rows per page
Query Builder