Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

28 matches found

RedhatCVE
RedhatCVEadded 2 days ago6 views

CVE-2026-35401

Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a malicious actor can include many GraphQL mutations or queries in a single API call using aliases or chaining multiple mutations, resulting in resource exhaustion. This vulnerability is fixed in...

7.5CVSS5.5AI score0.0006EPSS
Exploits0References1
GithubExploit
GithubExploitadded 2026/04/11 7:15 p.m.83 views

Exploit for Cross-site Scripting in Saleor

CVE-2026-23499: Saleor vulnerable to stored XSS via Unrestrict...

8.5CVSS5.9AI score0.00061EPSS
Exploits1
RedhatCVE
RedhatCVEadded 2026/04/11 1:21 a.m.0 views

CVE-2026-35407

Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a business-logic and authorization flaw was found in the account email change workflow, the confirmation flow did not verify that the email change confirmation token was issued for the given...

6.5CVSS5.7AI score0.00013EPSS
Exploits0References1
NVD
NVDadded 2026/04/08 7:25 p.m.1 views

CVE-2026-35407

Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a business-logic and authorization flaw was found in the account email change workflow, the confirmation flow did not verify that the email change confirmation token was issued for the given...

6.5CVSS0.00013EPSS
Exploits0References6
NVD
NVDadded 2026/04/08 7:25 p.m.2 views

CVE-2026-35401

Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a malicious actor can include many GraphQL mutations or queries in a single API call using aliases or chaining multiple mutations, resulting in resource exhaustion. This vulnerability is fixed in...

7.5CVSS0.0006EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/04/08 5:24 p.m.16 views

CVE-2026-35407 Saleor has Cross-Account Email Change via Unbound Confirmation Token

Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a business-logic and authorization flaw was found in the account email change workflow, the confirmation flow did not verify that the email change confirmation token was issued for the given...

5.9CVSS0.00013EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2026/04/08 5:22 p.m.2 views

CVE-2026-35401 Saleor has a resource exhaustion vulnerability in GraphQL queries

Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a malicious actor can include many GraphQL mutations or queries in a single API call using aliases or chaining multiple mutations, resulting in resource exhaustion. This vulnerability is fixed in...

7.5CVSS5.9AI score0.0006EPSS
Exploits0References1
CVE
CVEadded 2026/04/08 5:7 p.m.8 views

CVE-2026-33756

CVE-2026-33756 affects Saleor (e-commerce platform). The vulnerability lies in unbounded GraphQL query batching: from 2.0.0 up to just before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, the service allowed multiple GraphQL operations in a single HTTP request without an upper limit, bypassing per-qu...

7.5CVSS5.9AI score0.00115EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologiesadded 2026/04/08 12:0 a.m.5 views

PT-2026-31393

Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, the requestEmailChange mutation was revealing the existence of user-provided email addresses in error messages. This vulnerability is fixed in 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118...

5.3CVSS5.9AI score0.00042EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2026/04/08 12:0 a.m.1 views

PT-2026-31391

Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a malicious actor can include many GraphQL mutations or queries in a single API call using aliases or chaining multiple mutations, resulting in resource exhaustion. This vulnerability is fixed in...

7.5CVSS5.9AI score0.0006EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/01/23 11:38 p.m.7 views

CVE-2026-24136 Saleor has an Insecure Direct Object Reference (IDOR) in GraphQL API

Saleor is an e-commerce platform. Versions 3.2.0 through 3.20.109, 3.21.0-a.0 through 3.21.44 and 3.22.0-a.0 through 3.22.28 have a n Insecure Direct Object Reference IDOR vulnerability that allows unauthenticated actors to extract sensitive information in plain text. Orders created before Saleor...

8.7CVSS5.8AI score0.00018EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/01/23 12:0 a.m.6 views

PT-2026-4536

Saleor is an e-commerce platform. Versions 3.2.0 through 3.20.109, 3.21.0-a.0 through 3.21.44 and 3.22.0-a.0 through 3.22.28 have a n Insecure Direct Object Reference IDOR vulnerability that allows unauthenticated actors to extract sensitive information in plain text. Orders created before Saleor...

8.7CVSS5.4AI score0.00018EPSS
Exploits0References6
NVD
NVDadded 2026/01/21 10:15 p.m.5 views

CVE-2026-23499

Saleor is an e-commerce platform. Starting in version 3.0.0 and prior to versions 3.20.108, 3.21.43, and 3.22.27, Saleor allowed authenticated staff users or Apps to upload arbitrary files, including malicious HTML and SVG files containing Javascript. Depending on the deployment strategy, these...

8.5CVSS0.00061EPSS
Exploits1References7
NVD
NVDadded 2026/01/21 10:15 p.m.3 views

CVE-2026-22849

Saleor is an e-commerce platform. Starting in version 3.0.0 and prior to versions 3.20.108, 3.21.43, and 3.22.27, Saleor was allowing users to modify rich text fields with HTML without running any backend HTML cleaners thus allowing malicious actors to perform stored XSS attacks on dashboards and...

7.2CVSS0.00062EPSS
Exploits0References7
OSV
OSVadded 2026/01/21 9:31 p.m.3 views

CVE-2026-22849 Saleor lacks proper HTML sanitization in rich text fields

Saleor is an e-commerce platform. Starting in version 3.0.0 and prior to versions 3.20.108, 3.21.43, and 3.22.27, Saleor was allowing users to modify rich text fields with HTML without running any backend HTML cleaners thus allowing malicious actors to perform stored XSS attacks on dashboards and...

7.2CVSS5.4AI score0.00062EPSS
Exploits0References9
EUVD
EUVDadded 2026/01/21 9:31 p.m.4 views

EUVD-2026-3777

Saleor is an e-commerce platform. Starting in version 3.0.0 and prior to versions 3.20.108, 3.21.43, and 3.22.27, Saleor was allowing users to modify rich text fields with HTML without running any backend HTML cleaners thus allowing malicious actors to perform stored XSS attacks on dashboards and...

7.2CVSS5.4AI score0.00062EPSS
Exploits0References7
EUVD
EUVDadded 2025/10/03 8:7 p.m.5 views

EUVD-2023-0851

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.00179EPSS
Exploits0References9
EUVD
EUVDadded 2025/10/03 8:7 p.m.4 views

EUVD-2022-41779

Malicious code in bioql PyPI...

5.3CVSS4.9AI score0.00341EPSS
Exploits1References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2023-1093

Malicious code in bioql PyPI...

6.5CVSS5.3AI score0.00268EPSS
Exploits0References10
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2025-27478

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.00082EPSS
Exploits0References4
Rows per page
Query Builder