Expand intel coverage and refresh monitoring
这个提交包含在:
hao
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `81`
|
||||
- 最近渲染时间: `2026-03-18T18:33:36+00:00`
|
||||
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
|
||||
@@ -5,14 +5,14 @@
|
||||
- 系统 ID: `magento-open-source`
|
||||
- 分类: `ecommerce`
|
||||
- 覆盖策略: `history-full`
|
||||
- 总案例数: `101`
|
||||
- 总案例数: `89`
|
||||
- 近 30 天新增/更新: `0`
|
||||
- 重点 Markdown 案例数: `0`
|
||||
- 已实证(真实版本): `0`
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `101`
|
||||
- 最近渲染时间: `2026-03-18T18:33:45+00:00`
|
||||
- 待人工/缺浏览器证据: `89`
|
||||
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
@@ -124,15 +124,3 @@
|
||||
| Issues
|
||||
1.2k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Adobe Commerce merchants to be hit with TrojanOrders this season 2022-11-15 At least seven Magecart groups are injecting TrojanOrders at approximately 38% of Magento and Adobe Commerce websites in November. skimming trojanorder | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
|
||||
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Magento 2 critical vulnerability (CVE-2022-24086 & CVE-2022-24087) 2022-02-14 Adobe has released two emergency patches for a critical vulnerability in Magento 2. You need to apply both patches, in order. The vulnerability allows unauthenticated remote code execution (RCE), which is the worst possible type. Actual abuse has already been reported. To illustrate the severity,... skimming trojanorder | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
|
||||
| ConnectPOS leaked Github secrets for years 2026-01-12 Sansec discovered that ConnectPOS has been showing their Github credentials on their site for 4 years. This would enable attackers to slip malicious code into each of the thousands of ConnectPOS retail installations. Sansec recommends to verify integrity of installed code. skimming supply-chain magento connectpos +2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
|
||||
| Visbot malware found on 6691 stores [analysis] 2016-12-01 Visbot is one of the oldest Magecart payment skimmers: it steals customer data and credit cards. The first case was documented as early as March 2015. But being publicly discussed did not stop it from spreading. We conducted a global research into 300.000 Magento stores and found active Visbot i... skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
|
||||
| Magento vendor Fishpig hacked, backdoors added 2022-09-13 Fishpig, a vendor of popular Magento-Wordpress integrations, has been hacked. Sansec found that attackers have injected malware in Fishpig software and taken control of Fishpig servers. Online stores running Fishpig software may now have the "Rekoobe" malware installed on their servers,... skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
|
||||
| PHP tool 'Adminer' leaks passwords 2019-01-17 Update 2019-01-20: the root cause is a protocol flaw in MySQL. Adminer is a popular PHP tool to administer MySQL and PostgreSQL databases. However, it can be lured to disclose arbitrary files. Attackers can abuse that to fetch passwords for popular apps such as Magento and Wordpress, and gain con... skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
|
||||
| NaturalFreshMall: a Magento Mass Hack 2022-02-08 An investigative report by Sansec researchers on how one vulnerable Magento extension leads to a mass web store attack, with Magecart attackers using naturalfreshmall.com to hide and serve malware to 500+ ecommerce websites. skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
|
||||
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Hackers breached Magento through helpdesk 2017-12-28 Magento merchants have recently received messages like this: Hey, I strongly recommend you to make a redesign! Please contact me if you need a good designer! -- knockers@yahoo.com Upon closer examination, the message contains a specially crafted sender that contains an XSS attack: an attempt to... skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
|
||||
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Is your storeâs newsletter being used for phishing? 2023-11-10 Cybercriminals in eCommerce are diversifying their targets, now aiming at entire customer databases instead of just stealing credit cards. A recent incident revealed this trend: a hacked Magento admin account was exploited to launch a phishing campaign through the platform's newsletter system, re... skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
|
||||
| Will Magento 1 stay PCI compliant? 2020-05-08 Magento 1 will no longer receive official updates & security fixes per July 1st, 2020 (the end-of-life, or EOL date). Merchants are urged to upgrade to Magento 2, but for many stores this deadline is not feasible. Merchants want to know: Will my Magento 1 store still be secure after July 1st... skimming magento 1 pci | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
|
||||
|
||||
@@ -5,14 +5,14 @@
|
||||
- 系统 ID: `medusa`
|
||||
- 分类: `ecommerce`
|
||||
- 覆盖策略: `rolling-24m`
|
||||
- 总案例数: `0`
|
||||
- 总案例数: `15`
|
||||
- 近 30 天新增/更新: `0`
|
||||
- 重点 Markdown 案例数: `0`
|
||||
- 已实证(真实版本): `0`
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T18:34:19+00:00`
|
||||
- 待人工/缺浏览器证据: `15`
|
||||
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
@@ -31,4 +31,22 @@
|
||||
|
||||
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|
||||
|------|--------|----------|----------|----------|------------|----------|--------|
|
||||
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
|
||||
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Issues
|
||||
69 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| medusajs | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Pull requests
|
||||
63 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Report a vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| medusa | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Security
|
||||
0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Star
|
||||
32.4k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Projects | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `100`
|
||||
- 最近渲染时间: `2026-03-18T18:34:19+00:00`
|
||||
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
@@ -81,7 +81,6 @@
|
||||
| CVE-2009-1621 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
|
||||
| CVE-2009-1027 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
|
||||
| CVE-2008-3130 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
|
||||
| Notifications | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| #14937 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| 3.0.5.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
@@ -91,7 +90,6 @@
|
||||
| #14961 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Latest | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| #14936 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Tags | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| #14943 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| #15029 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
@@ -106,11 +104,14 @@
|
||||
| #14938 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| #14980 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| View all tags | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| #15011 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| #14879 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| #14875 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| /pull/14942 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Star
|
||||
8.1k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| #14877 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| #14928 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Projects | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
|
||||
@@ -5,14 +5,14 @@
|
||||
- 系统 ID: `openmage`
|
||||
- 分类: `ecommerce`
|
||||
- 覆盖策略: `rolling-24m`
|
||||
- 总案例数: `0`
|
||||
- 总案例数: `27`
|
||||
- 近 30 天新增/更新: `0`
|
||||
- 重点 Markdown 案例数: `0`
|
||||
- 已实证(真实版本): `0`
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T18:33:45+00:00`
|
||||
- 待人工/缺浏览器证据: `27`
|
||||
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
@@ -31,4 +31,34 @@
|
||||
|
||||
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|
||||
|------|--------|----------|----------|----------|------------|----------|--------|
|
||||
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
|
||||
| Star
|
||||
914 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| OpenMage | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Stored XSS in theme config fields | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Fix for authenticated remote code execution through layout update | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Projects | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Stored XSS in WYSIWYG Editor | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Pull requests
|
||||
66 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| DataFlow upload remote code execution vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Stored XSS in admin file form | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Issues
|
||||
178 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| 3 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| DoS vulnerability in MaliciousCode filter | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Report a vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| XSS in Admin Notifications | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| magento-lts | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Stored XSS in admin system configs | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Guest order "protect code" can be brute-forced too easily | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| X-Original-Url header can expose admin url | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Security
|
||||
22 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Next | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `112`
|
||||
- 最近渲染时间: `2026-03-18T18:34:04+00:00`
|
||||
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
@@ -74,8 +74,8 @@
|
||||
| CVE-2008-6503 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
|
||||
| CVE-2008-5791 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
|
||||
| Events | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Download sources (external link) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Notifications | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| GitHub
|
||||
Discussions (external link) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| 3 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Newsletter | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| [CVE-2024-6648] Absolute Path Traversal vulnerability in AP Page Builder versions prior to 4.0.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
|
||||
@@ -111,6 +111,8 @@
|
||||
| Developer
|
||||
Documentation (external link) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| → Cleaning up old branches: a routine maintenance for a healthier repository We are removing old branches from our repository | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Download
|
||||
sources (external link) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| PrestaShop | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Some attribute not escaped in Validate::isCleanHTML method | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Pull requests
|
||||
@@ -139,11 +141,11 @@
|
||||
| Email enumeration | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| How-to Guides | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| GitHub Discussions (external link) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| [CVE-2024-41670] Improperly Implemented Security Check for Standard in PayPal Official for PrestaShop | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
|
||||
| 2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| → PrestaShop Developer Conference 2025 Filmed Sessions - Community and Security Friends of Presta, Cybersecurity and Ecommerce Development | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Star
|
||||
9k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| RSS | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| YouTube
|
||||
Channel (external link) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
@@ -152,4 +154,5 @@
|
||||
53 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Useful Tools | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| XSS via customer contact form in FO, through file upload | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Next | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
|
||||
@@ -5,14 +5,14 @@
|
||||
- 系统 ID: `saleor`
|
||||
- 分类: `ecommerce`
|
||||
- 覆盖策略: `rolling-24m`
|
||||
- 总案例数: `0`
|
||||
- 总案例数: `24`
|
||||
- 近 30 天新增/更新: `0`
|
||||
- 重点 Markdown 案例数: `0`
|
||||
- 已实证(真实版本): `0`
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `0`
|
||||
- 最近渲染时间: `2026-03-18T18:34:19+00:00`
|
||||
- 待人工/缺浏览器证据: `24`
|
||||
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
@@ -31,4 +31,31 @@
|
||||
|
||||
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|
||||
|------|--------|----------|----------|----------|------------|----------|--------|
|
||||
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |
|
||||
| saleor | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Unauthenticated Information Disclosure Vulnerability via Python Exceptions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Non-constant time HMAC comparison in Adyen plugin | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Customers addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Stored XSS via Unrestricted File Uploads | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Insecure Direct Object Reference (IDOR) in GraphQL API | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Star
|
||||
22.7k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| saleor | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Improper object type validation in mutations leading to unauthorized access | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Report a vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Security
|
||||
10 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Issues
|
||||
185 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| CSRF bypass in refreshToken mutation | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Pull requests
|
||||
67 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| User enumeration vulnerability in Saleor due to different error messages | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Lack of proper HTML sanitization in rich text fields | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Staff-Authenticated Error Message Information Disclosure Vulnerability via Python Exceptions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `71`
|
||||
- 最近渲染时间: `2026-03-18T18:34:10+00:00`
|
||||
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
@@ -76,7 +76,6 @@
|
||||
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Pull requests
|
||||
186 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| 2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Issues
|
||||
1.3k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| `/api/_info/config` route exposes information about licenses | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
@@ -85,16 +84,18 @@
|
||||
| 7 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| 3 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Notifications | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| `/api/_info/config` route exposes information about active security fixes | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Star
|
||||
3.3k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| shopware | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Improper Control of Generation of Code in Twig rendered views | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| 6 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| 4 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| User enumeration via distinct error codes on Store API login endpoint | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Unauthenticated data extraction possible through store-api.order endpoint | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Next | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Reflective Cross Site-Scripting (XSS) in CMS components | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| shopware | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Security
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `111`
|
||||
- 最近渲染时间: `2026-03-18T18:33:54+00:00`
|
||||
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
@@ -83,6 +83,9 @@
|
||||
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Call for Testing: WooCommerce Order Fulfillments | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Join us for our “Building Ecommerce Community” Live Event | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Pull requests
|
||||
369 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| See all Release Posts | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| WooCommerce 10.6: What’s coming for developers | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Subscriptions for WooCommerce <= 1.9.2 Missing Authorization to Unauthenticated Arbitrary Subscription Cancellation vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
|
||||
| AI & Agentic Commerce in WooCommerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
@@ -103,8 +106,10 @@
|
||||
| Release Calendar | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Improving WooCommerce Performance at Scale | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| WooCommerce 10.5 Release is Delayed | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Changelog | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Star
|
||||
10.2k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Newsletter | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| See all Roadmap Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Contact Us | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| WooCommerce 10.6: Enhanced blocks and a faster dashboard | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Issues
|
||||
@@ -114,7 +119,6 @@
|
||||
| Call for testing: Experimental REST API Caching in WooCommerce 10.5 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Experimental Product Object Caching in WooCommerce 10.5 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Become a Marketplace partner | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Stay updated | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Restricting per_page for Product and ProductReview Store API Requests in WooCommerce 10.6 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| March Office Hours: Testing, testing | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
@@ -122,15 +126,13 @@
|
||||
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| WooCommerce 10.5.3: Dot release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| woocommerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Roadmap Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Do not sell or share my personal information | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Mailchimp API Maintenance on February 28, 2026 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Community Forum | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| XSS Vulnerability in WooCommerce checkout & registration forms | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| WooCommerce 10.5.1: Dot Release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Call for Testing: WooCommerce MCP Beta | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Pull requests
|
||||
368 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| WooCommerce 10.5: Improving analytics and admin performance | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Security
|
||||
2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
@@ -146,5 +148,4 @@
|
||||
| WooCommerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
|
||||
| WooCommerce Block Theme: An update on our strategy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Join the Woo community on Slack | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Notifications | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
| Release downloads | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
|
||||
|
||||
在新工单中引用
屏蔽一个用户