| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-10969 | SQLi in Farktor Software's E-Commerce Package | Farktor Software E-Commerce Services Inc. | E-Commerce Package | Critical | 9.8 | 2026-02-12 12:50:46 | Deep Dive |
| CVE-2026-24321 | Information Disclosure vulnerability in SAP Commerce Cloud | SAP_SE | SAP Commerce Cloud | Medium | 5.3 | 2026-02-10 03:03:53 | Deep Dive |
| CVE-2026-23684 | Race condition vulnerability in SAP Commerce Cloud | SAP_SE | SAP Commerce Cloud | Medium | 5.9 | 2026-02-10 03:02:15 | Deep Dive |
| CVE-2026-2165 | detronetdip E-commerce Account Creation Endpoint add_seller.php missing authentication | detronetdip | E-commerce | High | 7.3 | 2026-02-08 16:32:14 | Deep Dive |
| CVE-2026-2164 | detronetdip E-commerce addadhar.php unrestricted upload | detronetdip | E-commerce | High | 7.3 | 2026-02-08 16:32:12 | Deep Dive |
| CVE-2026-25522 | Craft Commerce has Stored XSS in Shipping Zone (Name & Description) Fields Leading to Potential Privilege Escalation | craftcms | commerce | - | - | 2026-02-03 18:10:34 | Deep Dive |
| CVE-2026-25490 | Craft Commerce has Stored XSS in Inventory Location Address Leading to Potential Privilege Escalation | craftcms | commerce | - | - | 2026-02-03 18:09:33 | Deep Dive |
| CVE-2026-25489 | Craft Commerce has Stored XSS in Tax Zones (Name & Description) Leading to Potential Privilege Escalation | craftcms | commerce | - | - | 2026-02-03 18:07:40 | Deep Dive |
| CVE-2026-25488 | Craft Commerce has Stored XSS in Tax Categories (Name & Description) Fields Leading to Potential Privilege Escalation | craftcms | commerce | - | - | 2026-02-03 18:07:25 | Deep Dive |
| CVE-2026-25487 | Craft CMS has Stored XSS in Tax Rates Name Leading to Potential Privilege Escalation | craftcms | commerce | - | - | 2026-02-03 18:07:12 | Deep Dive |
| CVE-2026-25486 | Craft Commerce has Stored XSS in Shipping Methods Name Field Leading to Potential Privilege Escalation | craftcms | commerce | - | - | 2026-02-03 18:06:57 | Deep Dive |
| CVE-2026-25485 | Craft Commerce has Stored XSS in Shipping Categories (Name & Description) Fields Leading to Potential Privilege Escalation | craftcms | commerce | - | - | 2026-02-03 18:06:46 | Deep Dive |
| CVE-2026-25484 | Craft Commerce has Stored XSS in Product Type Name | craftcms | commerce | - | - | 2026-02-03 18:06:37 | Deep Dive |
| CVE-2026-25483 | Craft Commerce has Stored XSS via Order Status Message with potential database exfiltration | craftcms | commerce | - | - | 2026-02-03 18:05:49 | Deep Dive |
| CVE-2026-25482 | Craft Commerce has Stored DOM XSS in Order Status Name (Reflects in "Recent Orders" Dashboard Widget) | craftcms | commerce | - | - | 2026-02-03 18:05:10 | Deep Dive |
| CVE-2026-0750 | Payment bypass in Commerce Paybox | Drupal | Drupal Commerce Paybox | - | - | 2026-01-28 18:53:42 | Deep Dive |
| CVE-2025-14205 | code-projects Chamber of Commerce Membership Management System Your Info membership_profile.php cross site scripting | code-projects | Chamber of Commerce Membership Management System | Low | 2.4 | 2025-12-07 23:32:08 | Deep Dive |
| CVE-2025-66572 | Loaded Commerce 6.6 Client-Side Template Injection(CSTI) | loadedcommerce | Loaded Commerce | - | - | 2025-12-04 20:44:51 | Deep Dive |
| CVE-2025-13296 | CSRF in Tekrom Technology's T-Soft E-Commerce | Tekrom Technology Inc. | T-Soft E-Commerce | Medium | 5.4 | 2025-12-01 11:51:11 | Deep Dive |
| CVE-2025-12979 | Welcart e-Commerce <= 2.11.24 - Missing Authorization to Unauthenticated Information Exposure | uscnanbu | Welcart e-Commerce | Medium | 5.3 | 2025-11-13 03:27:38 | Deep Dive |