Commerce
This hub aggregates every CVE we track for Commerce, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
228
CVEs tracked
19
Critical
76
High
3
In CISA KEV
Severity distribution
MEDIUM117HIGH76CRITICAL19LOW16
Monthly trend
0
24
0
22
1
0
0
23
0
4
0
6
0
6
1
5
0
0
0
10
26
0
15
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Commerce.
- CVE-2026-34656Adobe Commerce | Improper Authorization (CWE-285)4.3
- CVE-2026-34658Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)4.8
- CVE-2026-34650Adobe Commerce | Uncontrolled Resource Consumption (CWE-400)7.5
- CVE-2026-34686Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)8.7
- CVE-2026-34647Adobe Commerce | Server-Side Request Forgery (SSRF) (CWE-918)7.4
- CVE-2026-34685Adobe Commerce | Improper Input Validation (CWE-20)3.4
- CVE-2026-34653Adobe Commerce | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)8.7
- CVE-2026-34652Adobe Commerce | Dependency on Vulnerable Third-Party Component (CWE-1395)7.5
- CVE-2026-34645Adobe Commerce | Incorrect Authorization (CWE-863)7.5
- CVE-2026-34648Adobe Commerce | Uncontrolled Resource Consumption (CWE-400)7.5
- CVE-2026-34649Adobe Commerce | Uncontrolled Resource Consumption (CWE-400)7.5
- CVE-2026-34655Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)4.8
- CVE-2026-34654Adobe Commerce | Dependency on Vulnerable Third-Party Component (CWE-1395)5.3
- CVE-2026-34651Adobe Commerce | Uncontrolled Resource Consumption (CWE-400)7.5
- CVE-2026-34646Adobe Commerce | Incorrect Authorization (CWE-863)7.5
Product normalization is registry-driven with AI assist and human review. How it works