Adobe commerce
This hub aggregates every CVE we track for Adobe commerce, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
221
CVEs tracked
27
Critical
76
High
3
In CISA KEV
Severity distribution
MEDIUM105HIGH76CRITICAL27LOW13
Monthly trend
0
23
1
22
1
0
0
31
0
5
0
7
0
6
1
5
0
0
0
0
19
0
15
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Adobe commerce.
- CVE-2026-34656Adobe Commerce | Improper Authorization (CWE-285)4.3
- CVE-2026-34658Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)4.8
- CVE-2026-34650Adobe Commerce | Uncontrolled Resource Consumption (CWE-400)7.5
- CVE-2026-34686Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)8.7
- CVE-2026-34647Adobe Commerce | Server-Side Request Forgery (SSRF) (CWE-918)7.4
- CVE-2026-34685Adobe Commerce | Improper Input Validation (CWE-20)3.4
- CVE-2026-34653Adobe Commerce | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)8.7
- CVE-2026-34652Adobe Commerce | Dependency on Vulnerable Third-Party Component (CWE-1395)7.5
- CVE-2026-34645Adobe Commerce | Incorrect Authorization (CWE-863)7.5
- CVE-2026-34648Adobe Commerce | Uncontrolled Resource Consumption (CWE-400)7.5
- CVE-2026-34649Adobe Commerce | Uncontrolled Resource Consumption (CWE-400)7.5
- CVE-2026-34655Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)4.8
- CVE-2026-34654Adobe Commerce | Dependency on Vulnerable Third-Party Component (CWE-1395)5.3
- CVE-2026-34651Adobe Commerce | Uncontrolled Resource Consumption (CWE-400)7.5
- CVE-2026-34646Adobe Commerce | Incorrect Authorization (CWE-863)7.5
Product normalization is registry-driven with AI assist and human review. How it works