Lucene search
K

8354 matches found

CVE
CVE
added yesterday4 views

CVE-2026-47992

CVE-2026-47992 affects Adobe Commerce and is described as an SQL Injection vulnerability caused by improper neutralization of special elements in SQL commands. The flaw could allow arbitrary code execution in the context of the current user, with a high-privilege attacker potentially executing ma...

7.2CVSS6.5AI score
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-44761

SAP Commerce Cloud could retain a sample OAuth2 client with publicly documented sample credentials originating from sample configuration provided in SAP Help Portal documentation. If left unchanged, an unauthenticated attacker could use these well-known credentials to obtain a valid access token...

9.1CVSS0.00352EPSS
Exploits0References2
CVE
CVE
added yesterday30 views

CVE-2026-44761

SAP Commerce Cloud is affected by CVE-2026-44761, where a sample OAuth2 client may retain publicly documented sample credentials from SAP Help Portal configuration. If left unchanged, an unauthenticated attacker could obtain a valid access token and invoke certain APIs to read and modify data, re...

9.1CVSS6.1AI score0.00352EPSS
Exploits0References2
Nuclei
Nuclei
added 2 days ago107 views

Cloudpanel 2 < 2.3.1 - Remote Code Execution

CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication. id: CVE-2023-35885 info: name: Cloudpanel 2 2.3.1 - Remote Code Execution author: DhiyaneshDk severity: critical description: | CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication. impact: | Successfu...

9.8CVSS7AI score0.75315EPSS
Exploits3References5
Nuclei
Nuclei
added 2 days ago325 views

Sitecore - Remote Code Execution

Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3. id: CVE-2023-35813 info: name: Sitecore - Remote Code Execution author: DhiyaneshDk,iamnoooob severity: critical description: | Multiple Sitecore...

9.8CVSS7.2AI score0.86685EPSS
Exploits7References5
Nuclei
Nuclei
added 2 days ago245 views

Sitecore Experience Platform <= 10.4 - Arbitrary File Read

An issue was discovered in Sitecore Experience Platform XP, Experience Manager XM, and Experience Commerce XC 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files. id: CVE-2024-46938 info: name: Sitecore Experience Platform = 10.4 - Arbitrary File...

7.5CVSS6.2AI score0.46077EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-43088

vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest registration versions:...

6.1AI score0.00508EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-43062

Incorrect Authorization vulnerability in Drupal Commerce Realex / Global Payments allows Forceful Browsing. This issue affects Commerce Realex / Global Payments versions: from 0.0.0 to 3.0.2...

6.1AI score0.00217EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-43115

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Commerce Core allows Stored XSS. This issue affects Commerce Core versions: from 3.3.0 to 3.3.6...

6.1AI score0.00161EPSS
Exploits0References2
NVD
NVD
added 5 days ago5 views

CVE-2026-15089

vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest registration versions:...

9.1CVSS0.00508EPSS
Exploits0References1
NVD
NVD
added 5 days ago3 views

CVE-2026-13238

Incorrect Authorization vulnerability in Drupal Commerce Realex / Global Payments allows Forceful Browsing. This issue affects Commerce Realex / Global Payments versions: from 0.0.0 to 3.0.2...

4.8CVSS0.00217EPSS
Exploits0References1
NVD
NVD
added 5 days ago3 views

CVE-2026-10769

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Commerce Core allows Stored XSS. This issue affects Commerce Core versions: from 3.3.0 to 3.3.6...

5.4CVSS0.00161EPSS
Exploits0References1
CVE
CVE
added 5 days ago10 views

CVE-2026-15089

The CVE-2026-15089 entry concerns a vulnerability in Drupal Commerce guest registration. Affected component: Drupal Commerce guest registration feature; details on affected versions are not provided beyond “. ” in the documents. The CVSS 3.1 base score is listed as 9.1 (CRITICAL) with high confid...

9.1CVSS6.1AI score0.00508EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-15089 Commerce guest registration - Critical - Unsupported - SA-CONTRIB-2026-079

vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest registration versions:...

0.00508EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-13238 Commerce Realex / Global Payments - Moderately critical - Access Bypass - SA-CONTRIB-2026-058

Incorrect Authorization vulnerability in Drupal Commerce Realex / Global Payments allows Forceful Browsing. This issue affects Commerce Realex / Global Payments versions: from 0.0.0 to 3.0.2...

0.00217EPSS
Exploits0References1
CVE
CVE
added 5 days ago15 views

CVE-2026-13238

CVE-2026-13238 describes an incorrect authorization flaw in Drupal Commerce Realex / Global Payments. The issue permits forceful browsing when the gateway is configured with the redirect payment method, due to insufficient verification of the payment response from Global Payments. Affected versio...

4.8CVSS6.1AI score0.00217EPSS
Exploits0References1
OSV
OSV
added 5 days ago3 views

CVE-2026-10769 Commerce Core - Moderately critical - Cross site scripting - SA-CONTRIB-2026-041

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Commerce Core allows Stored XSS. This issue affects Commerce Core versions: from 3.3.0 to 3.3.6...

5.4CVSS6.1AI score0.00161EPSS
Exploits0References5
CVE
CVE
added 5 days ago27 views

CVE-2026-10769

Summary (CVE-2026-10769, Drupal Commerce Core) : Stored XSS in Drupal Commerce Core due to improper neutralization of user input during web page generation, specifically from customer comments in the order receipt email template. Affected versions: Commerce Core 3.3.0–3.3.6. Condition: installs w...

5.4CVSS6.1AI score0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-10769 Commerce Core - Moderately critical - Cross site scripting - SA-CONTRIB-2026-041

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Commerce Core allows Stored XSS. This issue affects Commerce Core versions: from 3.3.0 to 3.3.6...

0.00161EPSS
Exploits0References1
NVD
NVD
added 5 days ago6 views

CVE-2026-9726

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal AlternativeCommerce Basket allows Object Injection. This issue affects Drupal AlternativeCommerce Basket versions: from 0.0.0 to 2.1.17...

9.8CVSS0.00161EPSS
Exploits0References1
Rows per page
Query Builder