CVE-2026-2944

A security flaw has been discovered in Tosei Online Store Management System ネット店舗管理システム 1.01. Affected is the function system of the file /cgi-bin/monitor.php of the component HTTP POST Request Handler. Performing a manipulation of the argument DevId results in os command injection. The attack ma...

CVE-2026-25486

Craft Commerce is an ecommerce platform for Craft CMS. From version 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Shipping Methods Name field in the Store Management section is n...

EUVD-2026-5204

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Tax Categories Name & Descripti...

CVE-2026-25488 Craft Commerce has Stored XSS in Tax Categories (Name & Description) Fields Leading to Potential Privilege Escalation

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Tax Categories Name & Descripti...

CVE-2026-25487

CVE-2026-25487 affects Craft Commerce (Craft CMS). A stored XSS flaw exists in the Tax Rates Name field displayed in the admin Store Management panel. Affected versions are 4.0.0-RC1 through 4.10.0 and 5.0.0 through 5.5.1. The issue enables attackers with store settings/taxes permissions to injec...

CVE-2026-25487 Craft CMS has Stored XSS in Tax Rates Name Leading to Potential Privilege Escalation

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator's browser. This occurs because the Tax Rates 'Name' field in the...

CVE-2026-25487

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator's browser. This occurs because the Tax Rates 'Name' field in the...

CVE-2026-25486

Craft Commerce is an ecommerce platform for Craft CMS. From version 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Shipping Methods Name field in the Store Management section is n...

CVE-2026-25486 Craft Commerce has Stored XSS in Shipping Methods Name Field Leading to Potential Privilege Escalation

Craft Commerce is an ecommerce platform for Craft CMS. From version 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Shipping Methods Name field in the Store Management section is n...

EUVD-2026-5207

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Shipping Categories Name &...

GHSA-P6W8-Q63M-72C8 Craft Commerce has Stored XSS in Tax Categories (Name & Description) Fields Leading to Potential Privilege Escalation

Summary A stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the Tax Categories Name & Description fields in the Store Management section are not properly sanitized before being displayed in the admin pane...

PT-2026-5748

Name of the Vulnerable Software and Affected Versions Craft Commerce versions 4.0.0-RC1 through 4.10.0 Craft Commerce versions 5.0.0 through 5.5.1 Description Craft Commerce, an ecommerce platform for Craft CMS, contains a stored cross-site scripting XSS issue. The issue resides in the Tax...

PT-2026-5747

Name of the Vulnerable Software and Affected Versions Craft Commerce versions 4.0.0-RC1 through 4.10.0 Craft Commerce versions 5.0.0 through 5.5.1 Description Craft Commerce, an ecommerce platform for Craft CMS, contains a stored cross-site scripting XSS issue. The issue resides in the Tax Rates...

Shopify: [h1-2102] [Plus] User with Store Management Permission can Make changeDomainEnforcementState - that should be limited to User Management Only

Summary: User with Store Management Permission can Make changeDomainEnforcementState - that should be limited to User Management Only Description: User with Store management permission - F1168470 only, is able to change user management settings using the graphql Steps To Reproduce: - - - - - As a...

Hubei Taoma Qianwei Information Technology Co., Ltd. gold micro supermarket cash register system there are logic defects vulnerability

Jinwei supermarket cash register system for small and medium-sized supermarkets and community convenience stores designed to scan the code cash register tools, merchants can use an ordinary computer with Internet access with a scanning gun to achieve the main functions of the supermarket cash...

Microsoft Windows: Turn off access to the Store

This policy setting specifies whether to use the Store service for finding an application to open a file with an unhandled file type or protocol association. When a user opens a file type or protocol that is not associated with any applications on the computer, the user is given the choice to...

PreProject Multi-Vendor Shopping Malls - SQL Injection / Authentication Bypass

--------------------------------------------------------------------------- +Title Multi-Vendor Shopping Malls SQL Injection Vulnerability +Author RoAdKiLlEr +Contact RoAdKiLlEratKhg-CrewdotWs +Tested on Win Xp Sp 2/3 ---------------------------------------------------------------------------...