CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

28 matches found

RedhatCVE•added 2026/06/05 7:10 p.m.•11 views

CVE-2026-35401

Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a malicious actor can include many GraphQL mutations or queries in a single API call using aliases or chaining multiple mutations, resulting in resource exhaustion. This vulnerability is fixed in...

7.5CVSS5.5AI score0.00268EPSS

Exploits0References1

GithubExploit•added 2026/04/11 7:15 p.m.•107 views

Exploit for Cross-site Scripting in Saleor

CVE-2026-23499: Saleor vulnerable to stored XSS via Unrestrict...

8.5CVSS5.9AI score0.00228EPSS

Exploits1

RedhatCVE•added 2026/04/11 1:21 a.m.•1 views

CVE-2026-35407

Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a business-logic and authorization flaw was found in the account email change workflow, the confirmation flow did not verify that the email change confirmation token was issued for the given...

6.5CVSS5.7AI score0.00294EPSS

Exploits0References1

NVD•added 2026/04/08 7:25 p.m.•2 views

CVE-2026-35407

6.5CVSS0.00294EPSS

Exploits0References6

NVD•added 2026/04/08 7:25 p.m.•6 views

CVE-2026-35401

7.5CVSS0.00268EPSS

Exploits0References1

Cvelist•added 2026/04/08 5:24 p.m.•17 views

CVE-2026-35407 Saleor has Cross-Account Email Change via Unbound Confirmation Token

5.9CVSS0.00294EPSS

Exploits0References6

Vulnrichment•added 2026/04/08 5:22 p.m.•3 views

CVE-2026-35401 Saleor has a resource exhaustion vulnerability in GraphQL queries

7.5CVSS5.9AI score0.00268EPSS

Exploits0References1

CVE•added 2026/04/08 5:7 p.m.•13 views

CVE-2026-33756

CVE-2026-33756 affects Saleor (e-commerce platform). The vulnerability lies in unbounded GraphQL query batching: from 2.0.0 up to just before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, the service allowed multiple GraphQL operations in a single HTTP request without an upper limit, bypassing per-qu...

7.5CVSS5.9AI score0.00435EPSS

Exploits0References6Affected Software1

Positive Technologies•added 2026/04/08 12:0 a.m.•2 views

PT-2026-31391

7.5CVSS5.9AI score0.00268EPSS

Exploits0References1

Positive Technologies•added 2026/04/08 12:0 a.m.•7 views

PT-2026-31393

Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, the requestEmailChange mutation was revealing the existence of user-provided email addresses in error messages. This vulnerability is fixed in 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118...

5.3CVSS5.9AI score0.00243EPSS

Exploits0References6

Vulnrichment•added 2026/01/23 11:38 p.m.•9 views

CVE-2026-24136 Saleor has an Insecure Direct Object Reference (IDOR) in GraphQL API

Saleor is an e-commerce platform. Versions 3.2.0 through 3.20.109, 3.21.0-a.0 through 3.21.44 and 3.22.0-a.0 through 3.22.28 have a n Insecure Direct Object Reference IDOR vulnerability that allows unauthenticated actors to extract sensitive information in plain text. Orders created before Saleor...

8.7CVSS5.8AI score0.00364EPSS

Exploits1References5

Positive Technologies•added 2026/01/23 12:0 a.m.•11 views

PT-2026-4536

8.7CVSS5.4AI score0.00364EPSS

Exploits1References6

NVD•added 2026/01/21 10:15 p.m.•5 views

CVE-2026-22849

Saleor is an e-commerce platform. Starting in version 3.0.0 and prior to versions 3.20.108, 3.21.43, and 3.22.27, Saleor was allowing users to modify rich text fields with HTML without running any backend HTML cleaners thus allowing malicious actors to perform stored XSS attacks on dashboards and...

7.2CVSS0.00201EPSS

Exploits0References7

NVD•added 2026/01/21 10:15 p.m.•13 views

CVE-2026-23499

Saleor is an e-commerce platform. Starting in version 3.0.0 and prior to versions 3.20.108, 3.21.43, and 3.22.27, Saleor allowed authenticated staff users or Apps to upload arbitrary files, including malicious HTML and SVG files containing Javascript. Depending on the deployment strategy, these...

8.5CVSS0.00228EPSS

Exploits1References7