| CVE-2026-32270 |
unknown |
— |
— |
|
|
|
2mo ago |
Craft Commerce has an unauthenticated information disclosure that can leak some customer order data on anonymous payments |
| CVE-2026-32271 |
unknown |
— |
— |
|
|
|
2mo ago |
Craft Commerce has a SQL Injection can lead to Remote Code Execution via TotalRevenue Widget |
| CVE-2026-32272 |
unknown |
— |
— |
|
|
|
2mo ago |
Craft Commerce hasVariant/hasProduct Blind SQL Injection |
| CVE-2026-31867 |
unknown |
— |
— |
|
|
|
3mo ago |
Craft Commerce: Potential IDOR in Commerce carts |
| CVE-2026-29177 |
unknown |
— |
— |
|
|
|
3mo ago |
Craft Commerce has stored XSS in Craft Commerce Order Details Slideout |
| CVE-2026-29176 |
unknown |
— |
— |
|
|
|
3mo ago |
Craft Commerce has stored XSS in Inventory Location Name |
| CVE-2026-29175 |
unknown |
— |
— |
|
|
|
3mo ago |
Craft Commerce has multiple Stored XSS in Commerce Inventory Page, Leading to Session Hijacking |
| CVE-2026-29174 |
unknown |
— |
— |
|
|
|
3mo ago |
Craft Commerce is vulnerable to SQL Injection in Commerce Inventory Table Sorting |
| CVE-2026-29173 |
unknown |
— |
— |
|
|
|
3mo ago |
Craft Commerce is Vulnerable to Stored XSS while updating Order Status from Orders Table |
| CVE-2026-29172 |
unknown |
— |
— |
|
|
|
3mo ago |
Craft Commerce is Vulnerable to SQL Injection in Commerce Purchasables Table Sorting |
| CVE-2026-25522 |
unknown |
— |
— |
|
|
|
4mo ago |
Craft Commerce has Stored XSS in Shipping Zone (Name & Description) Fields Leading to Potential Privilege Escalation |
| CVE-2026-25490 |
unknown |
— |
— |
|
|
|
4mo ago |
Craft Commerce has Stored XSS in Inventory Location Address Leading to Potential Privilege Escalation |
| CVE-2026-25489 |
unknown |
— |
— |
|
|
|
4mo ago |
Craft Commerce has Stored XSS in Tax Zones (Name & Description) Leading to Potential Privilege Escalation |
| CVE-2026-25488 |
unknown |
— |
— |
|
|
|
4mo ago |
Craft Commerce has Stored XSS in Tax Categories (Name & Description) Fields Leading to Potential Privilege Escalation |
| CVE-2026-25487 |
unknown |
— |
— |
|
|
|
4mo ago |
Craft CMS has Stored XSS in Tax Rates Name Leading to Potential Privilege Escalation |
| CVE-2026-25486 |
unknown |
— |
— |
|
|
|
4mo ago |
Craft Commerce has Stored XSS in Shipping Methods Name Field Leading to Potential Privilege Escalation |
| CVE-2026-25484 |
unknown |
— |
— |
|
|
|
4mo ago |
Craft Commerce has Stored XSS in Product Type Name |
| CVE-2026-25483 |
unknown |
— |
— |
|
|
|
4mo ago |
Craft Commerce has Stored XSS via Order Status Message with potential database exfiltration |
| CVE-2026-25482 |
unknown |
— |
— |
|
|
|
4mo ago |
Craft Commerce has Stored DOM XSS in Order Status Name (Reflects in "Recent Orders" Dashboard Widget) |