| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-41735 | Cross-Site Scripting (XSS) vulnerability in SAP Commerce Backoffice | SAP_SE | SAP Commerce Backoffice | Medium | 5.4 | 2024-08-13 03:49:48 | Deep Dive |
| CVE-2024-33003 | Information Disclosure Vulnerability in SAP Commerce Cloud | SAP_SE | SAP Commerce Cloud | High | 7.4 | 2024-08-13 03:36:55 | Deep Dive |
| CVE-2024-39597 | [CVE-2024-39597] Improper Authorization Checks on Early Login Composable Storefront B2B sites of SAP Commerce | SAP_SE | SAP Commerce | High | 7.2 | 2024-07-09 03:48:11 | Deep Dive |
| CVE-2024-34106 | Insecure Direct Object Reference - An attacker can able to erase the victim quote details | Adobe | Adobe Commerce | Medium | 5.3 | 2024-06-13 09:05:02 | Deep Dive |
| CVE-2024-34103 | Customer account takeover via web API call & subsequent password reset | Adobe | Adobe Commerce | High | 8.1 | 2024-06-13 09:05:01 | Deep Dive |
| CVE-2024-34109 | Adobe Commerce | Improper Input Validation (CWE-20) | Adobe | Adobe Commerce | High | 7.2 | 2024-06-13 09:05:01 | Deep Dive |
| CVE-2024-34110 | RCE in the Adobe Commerce Webhook module through a legit webhook definition | Adobe | Adobe Commerce | High | 7.2 | 2024-06-13 09:05:00 | Deep Dive |
| CVE-2024-34111 | SSRF in service connector | Adobe | Adobe Commerce | Medium | 6.5 | 2024-06-13 09:04:59 | Deep Dive |
| CVE-2024-34105 | Stored Cross Site Scripting in Order Comment | Adobe | Adobe Commerce | Medium | 4.8 | 2024-06-13 09:04:58 | Deep Dive |
| CVE-2024-34107 | Adobe Commerce | Improper Access Control (CWE-284) | Adobe | Adobe Commerce | Medium | 5.3 | 2024-06-13 09:04:58 | Deep Dive |
| CVE-2024-34104 | Adobe Commerce | Improper Authorization (CWE-285) | Adobe | Adobe Commerce | High | 8.2 | 2024-06-13 09:04:57 | Deep Dive |
| CVE-2024-34102 | XXE can expose crypt key and other secrets granting full admin access | Adobe | Adobe Commerce | Critical | 9.8 | 2024-06-13 09:04:56 | Deep Dive |
| CVE-2024-34108 | Large attack surface through legit webhook usage in Adobe Commerce | Adobe | Adobe Commerce | Critical | 9.1 | 2024-06-13 09:04:55 | Deep Dive |
| CVE-2024-32144 | WordPress Welcart e-Commerce plugin <= 2.9.14 - Broken Access Control vulnerability | Welcart Inc. | Welcart e-Commerce | Medium | 5.4 | 2024-06-11 15:48:29 | Deep Dive |
| CVE-2024-1175 | WP-Recall – Registration, Profile, Commerce & More <= 16.26.6 - Unauthenticated Payment Deletion via delete_payment | wppost | WP-Recall – Registration, Profile, Commerce & More | Medium | 5.3 | 2024-06-06 03:53:09 | Deep Dive |
| CVE-2024-35240 | Stored Cross-site Scripting on Print Functionality in Umbraco Commerce | umbraco | Umbraco.Commerce.Issues | Medium | 5.4 | 2024-05-28 20:15:32 | Deep Dive |
| CVE-2024-5049 | Codezips E-Commerce Site editproduct.php unrestricted upload | Codezips | E-Commerce Site | Medium | 6.3 | 2024-05-17 14:00:06 | Deep Dive |
| CVE-2024-4923 | Codezips E-Commerce Site addproduct.php unrestricted upload | Codezips | E-Commerce Site | Medium | 6.3 | 2024-05-16 01:31:04 | Deep Dive |
| CVE-2024-23576 | HCL Commerce is potentially affected by a denial of service and information disclosure vulnerability | HCL Software | Commerce | High | 7.1 | 2024-05-13 21:28:44 | Deep Dive |
| CVE-2024-21100 | Oracle Commerce 的 Oracle Commerce Platform 安全漏洞 | Oracle Corporation | Commerce Platform | Medium | 4.0 | 2024-04-16 21:26:32 | Deep Dive |