CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

27 matches found

RedhatCVE•added 2026/02/04 7:28 p.m.•2 views

CVE-2026-25486

Craft Commerce is an ecommerce platform for Craft CMS. From version 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Shipping Methods Name field in the Store Management section is n...

6.1CVSS5.4AI score0.0002EPSS

Exploits1References1

NVD•added 2026/02/03 7:16 p.m.•3 views

CVE-2026-25486

6.1CVSS0.0002EPSS

Exploits1References3

Cvelist•added 2026/02/03 6:6 p.m.•25 views

CVE-2026-25486 Craft Commerce has Stored XSS in Shipping Methods Name Field Leading to Potential Privilege Escalation

6.1CVSS0.0002EPSS

Exploits1References3

CVE•added 2026/02/03 6:6 p.m.•7 views

CVE-2026-25486

CVE-2026-25486 : Craft Commerce (Craft CMS) versions 5.0.0–5.5.1 contain a stored XSS in the Shipping Methods Name field in Store Management, allowing an attacker with store settings/shipping permissions to execute malicious JavaScript in an administrator’s browser. The issue is fixed in version ...

6.1CVSS5.4AI score0.0002EPSS

Exploits1References3Affected Software1

EUVD•added 2026/02/03 6:6 p.m.•2 views

EUVD-2026-5206

6.1CVSS5.4AI score0.0002EPSS

Exploits1References3

Vulnrichment•added 2026/02/03 6:6 p.m.•2 views

CVE-2026-25486 Craft Commerce has Stored XSS in Shipping Methods Name Field Leading to Potential Privilege Escalation

6.1CVSS5.4AI score0.0002EPSS

Exploits1References3

OSV•added 2026/02/02 10:49 p.m.•2 views

GHSA-G92V-WPV7-6W22 Craft Commerce has Stored XSS in Shipping Methods Name Field Leading to Potential Privilege Escalation

Summary A stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Shipping Methods Name field in the Store Management section is not properly sanitized before being displayed in the admin panel. --- Proof o...

6.1CVSS5.7AI score0.0002EPSS

Exploits1References5

Github Security Blog•added 2026/02/02 10:49 p.m.•5 views

Craft Commerce has Stored XSS in Shipping Methods Name Field Leading to Potential Privilege Escalation

6.1CVSS5.7AI score0.0002EPSS

Exploits1References5Affected Software1

Positive Technologies•added 2026/02/02 12:0 a.m.•2 views

PT-2026-5746

Name of the Vulnerable Software and Affected Versions Craft Commerce versions 5.0.0 through 5.5.1 Description A stored cross-site scripting XSS issue exists in Craft Commerce that allows attackers to execute malicious JavaScript in an administrator’s browser. The issue stems from insufficient...

6.1CVSS5.2AI score0.0002EPSS

Exploits1References8

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-43280

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00149EPSS

Exploits2References1

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-30530

Malicious code in bioql PyPI...

5.3CVSS6.5AI score0.00042EPSS

Exploits0References2

RedhatCVE•added 2025/09/24 6:32 p.m.•2 views

CVE-2025-58656

Use of Hard-coded Credentials vulnerability in Risto Niinemets Estonian Shipping Methods for WooCommerce estonian-shipping-methods-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Estonian Shipping Methods for WooCommerce: from n/a through = 1.7.2...

5.3CVSS5.9AI score0.00042EPSS

Exploits0References1

NVD•added 2025/09/22 7:16 p.m.•1 views

CVE-2025-58656

5.3CVSS0.00042EPSS

Exploits0References1

Patchstack•added 2025/09/22 6:40 p.m.•3 views

WordPress Estonian Shipping Methods for WooCommerce Plugin <= 1.7.2 - Sensitive Data Exposure Vulnerability

Sensitive Data Exposure Vulnerability discovered by Legion Hunter in WordPress Plugin Estonian Shipping Methods for WooCommerce versions = 1.7.2...

5.3CVSS6.7AI score0.00042EPSS

Exploits0Affected Software1

Cvelist•added 2025/09/22 6:23 p.m.•6 views

CVE-2025-58656 WordPress Estonian Shipping Methods for WooCommerce Plugin <= 1.7.2 - Sensitive Data Exposure Vulnerability

5.3CVSS0.00042EPSS

Exploits0References1

Vulnrichment•added 2025/09/22 6:23 p.m.•1 views

CVE-2025-58656 WordPress Estonian Shipping Methods for WooCommerce Plugin <= 1.7.2 - Sensitive Data Exposure Vulnerability

5.3CVSS5.9AI score0.00042EPSS

Exploits0References1

CVE•added 2025/09/22 6:23 p.m.•6 views

CVE-2025-58656

CVE-2025-58656 concerns the Estonian Shipping Methods for WooCommerce plugin. The CVE description notes a vulnerability involving hard-coded credentials that could lead to the retrieval of embedded sensitive data, affecting versions from unknown starting point up to and including 1.7.2. The conne...

5.3CVSS5.9AI score0.00042EPSS

Exploits0References1

Positive Technologies•added 2025/09/22 12:0 a.m.•3 views

PT-2025-38945

Name of the Vulnerable Software and Affected Versions Estonian Shipping Methods for WooCommerce versions through 1.7.2 Description The Estonian Shipping Methods for WooCommerce software contains hard-coded credentials, potentially allowing retrieval of embedded sensitive data. Recommendations...

5.3CVSS6.6AI score0.00042EPSS

Exploits0References3

CNNVD•added 2025/09/22 12:0 a.m.•1 views

WordPress plugin Estonian Shipping Methods for WooCommerce 信任管理问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plug...

5.3CVSS6.5AI score0.00042EPSS

Exploits0References2

Positive Technologies•added 2023/07/06 12:0 a.m.•1 views

PT-2023-33019 · Vendure · Vendure

Name of the Vulnerable Software and Affected Versions: Vendure affected versions not specified Description: The issue concerns an authorization system with different levels of privileges. In the admin UI, certain description inputs, such as those for inventory, collection catalog, shipping method...

5.6AI score

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by