hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动

Refresh rendered dashboard snapshots

浏览代码
这个提交包含在:
hao
2026-03-18 14:18:50 -07:00
父节点 00d828d090
当前提交 9a5f48cdf7
修改 2488 个文件,包含 3071 行新增242002 行删除
下载 Patch 文件 下载 Diff 文件 展开所有文件 折叠所有文件

88
07-framework-security/ecommerce/adobe-commerce/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `adobe-commerce`
- 分类: `ecommerce`
- 覆盖策略: `history-full`
- 总案例数: `81`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `81`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -34,84 +34,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| CVE-2024-20759 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-02-11T15:59:16.957` | - |
| CVE-2024-20758 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-16T14:53:40.187` | - |
| CVE-2024-20720 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:53:01.000` | - |
| CVE-2024-20719 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:53:00.843` | - |
| CVE-2024-20718 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:53:00.647` | - |
| CVE-2024-20717 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:52:59.233` | - |
| CVE-2024-20716 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:52:59.103` | - |
| CVE-2023-38251 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:13:11.070` | - |
| CVE-2023-38250 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:13:10.920` | - |
| CVE-2023-38249 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:13:10.773` | - |
| CVE-2023-38221 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:13:07.010` | - |
| CVE-2023-38220 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:13:06.863` | - |
| CVE-2023-38219 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:13:06.720` | - |
| CVE-2023-38218 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:13:06.583` | - |
| CVE-2023-26367 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:51:12.530` | - |
| CVE-2023-26366 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:51:12.390` | - |
| CVE-2022-24093 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:49:47.413` | - |
| CVE-2023-38209 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:13:05.447` | - |
| CVE-2023-38208 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:13:05.317` | - |
| CVE-2023-38207 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:13:05.193` | - |
| CVE-2023-29297 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:56:49.170` | - |
| CVE-2023-29296 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:56:49.063` | - |
| CVE-2023-29295 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:56:48.960` | - |
| CVE-2023-29294 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:56:48.850` | - |
| CVE-2023-29293 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:56:48.747` | - |
| CVE-2023-29292 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:56:48.640` | - |
| CVE-2023-29291 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:56:48.530` | - |
| CVE-2023-29290 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:56:48.423` | - |
| CVE-2023-29289 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:56:48.313` | - |
| CVE-2023-29288 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:56:48.197` | - |
| CVE-2023-29287 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:56:48.080` | - |
| CVE-2023-22248 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:44:23.877` | - |
| CVE-2023-22251 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:44:24.210` | - |
| CVE-2023-22250 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:44:24.110` | - |
| CVE-2023-22249 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:44:24.003` | - |
| CVE-2023-22247 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:44:23.737` | - |
| CVE-2022-42344 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:24:47.620` | - |
| CVE-2022-35698 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:11:30.073` | - |
| CVE-2022-35689 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:11:28.990` | - |
| CVE-2022-35692 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:11:29.357` | - |
| CVE-2022-34259 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:09:10.063` | - |
| CVE-2022-34258 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:09:09.953` | - |
| CVE-2022-34257 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:09:09.827` | - |
| CVE-2022-34256 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:09:09.690` | - |
| CVE-2022-34255 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:09:09.567` | - |
| CVE-2022-34254 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:09:09.437` | - |
| CVE-2022-34253 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:09:09.320` | - |
| CVE-2022-24086 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-10-23T14:51:16.013` | - |
| CVE-2021-39864 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:20:25.057` | - |
| CVE-2021-36035 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:12:59.820` | - |
| APSB26-05  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB21-86  Securityupdates availablefor Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB20-22  Securityupdates availablefor Magento | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB20-41  Securityupdates availablefor Magento | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB24-61  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB25-88 : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB22-38  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB23-42  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB21-30  Securityupdates availablefor Magento | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB25-26  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Back to top | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB24-73  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB23-17  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB24-18  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB23-50  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB23-35  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB25-71  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB22-12  Securityupdates availablefor Magento | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB21-08  Securityupdates availablefor Magento | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB24-40  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB24-90 : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB25-08  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB25-94  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB22-48 : Security updates available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB20-02  Securityupdates availablefor Magento | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB20-59  Securityupdates availablefor Magento | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB22-13  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB21-64  Securityupdates availablefor Magento | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB25-50 : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB24-03  : Security update available for Adobe Commerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| APSB20-47  Securityupdates availablefor Magento | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

99
07-framework-security/ecommerce/magento-open-source/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `magento-open-source`
- 分类: `ecommerce`
- 覆盖策略: `history-full`
- 总案例数: `89`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `89`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -32,95 +32,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| CVE-2019-7885 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:54.997` | - |
| CVE-2019-7882 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:54.893` | - |
| CVE-2019-7881 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:54.783` | - |
| CVE-2019-7880 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:54.670` | - |
| CVE-2019-7877 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:54.560` | - |
| CVE-2019-7876 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:54.450` | - |
| CVE-2019-7875 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:54.337` | - |
| CVE-2019-7874 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:54.227` | - |
| CVE-2019-7873 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:54.113` | - |
| CVE-2019-7872 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:54.003` | - |
| CVE-2019-7871 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:53.883` | - |
| CVE-2019-7869 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:53.650` | - |
| CVE-2019-7868 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:53.527` | - |
| CVE-2019-7867 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:53.407` | - |
| CVE-2019-7866 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:53.287` | - |
| CVE-2019-7865 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:53.163` | - |
| CVE-2019-7864 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:53.043` | - |
| CVE-2019-7863 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:52.933` | - |
| CVE-2019-7862 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:52.820` | - |
| CVE-2019-7861 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:52.697` | - |
| CVE-2019-7860 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:52.580` | - |
| CVE-2019-7859 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:52.463` | - |
| CVE-2019-7858 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:52.343` | - |
| CVE-2019-7857 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:52.230` | - |
| CVE-2019-7855 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:52.113` | - |
| CVE-2019-7854 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:52.000` | - |
| CVE-2019-7853 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:51.883` | - |
| CVE-2019-7852 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:51.770` | - |
| CVE-2019-7851 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:51.660` | - |
| CVE-2019-7849 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:51.440` | - |
| CVE-2019-7139 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:47:38.667` | - |
| CVE-2018-5301 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:08:32.663` | - |
| CVE-2016-10704 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-20T01:37:25.860` | - |
| CVE-2015-8707 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-20T01:37:25.860` | - |
| CVE-2014-9758 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-20T01:37:25.860` | - |
| CVE-2017-13761 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-20T01:37:25.860` | - |
| CVE-2016-6485 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-20T01:37:25.860` | - |
| CVE-2016-4010 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-20T01:37:25.860` | - |
| CVE-2016-2212 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2012-3243 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2015-3458 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2015-3457 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2015-1399 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2015-1398 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2015-1397 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2015-2068 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2015-2067 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2014-8770 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2011-5240 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2009-0541 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| Surge in Magento 2 template attacks 2022-09-22 The critical template vulnerability in Magento 2 (CVE-2022-24086) is gaining popularity among eCommerce cyber criminals. The majority of recent Sansec forensic cases concern this attack method. In this article we share our findings of 3 template hacks, and hope it will help you if you are confron... skimming trojanorder | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| MagentoCore group hacks 7,339 stores and counting 2018-08-30 A single group is responsible for planting skimmers on 7339 individual stores in the last 6 months. The MagentoCore skimmer is now the most successful to date. Update 2018-09-07: Because Google Chrome has added the campaign to its blocklist last Saturday, the skimmers are now rapidly replacing &q... skimming MagentoCore skimmer | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Wiki | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Competing digital skimmers sabotage each other 2018-11-20 Skimmers found to subtly sabotage each others fraud operations. Competition is grim in the online skimming business (aka "MageCart"). The aggressive MagentoCore skimmer was previously observed to kick contending parasites from its victim hosts. But this week, we discovered that the bat... skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Case Study: How eCommerce Hackers Silently Steal Credit Card Data 2021-05-03 The majority of online stores have never been hacked and, as a result, take a somewhat lax approach to cybersecurity. However, no less than 20% of all online stores get hacked every year, which means it might only be a matter of time until yours becomes the next victim. skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Magento wish list exploit bypasses WAF protection 2023-12-18 Found your Magento 2 store hacked recently? Chances are, that attackers injected a malicious wish list. Just before Christmas? Oh the irony. skimming trojanorder | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Magento Security Release APSB25-08 [Impact Analysis] 2025-02-12 Critical (CVSS 9.4) release enables attackers to take control of customer accounts. skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Bad extensions now main source of Magento hacks: a solution! 2019-01-29 In October last year I discovered several Magento extension 0days. As it turns out, this was only the tip of the iceberg: today, insecure 3rd party extensions are used to hack into thousands of stores. A group of Magento professionals have identified 63 vulnerable extensions, and are now releasin... skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Magento and the Log4j vulnerability 2021-12-13 Updated Dec 20th. This article describes how Magento is affected by the critical log4j vulnerability, and what you can (and should) do to prevent a hack. A critical vulnerability in the popular Log4j Java library has been massively exploited since December 1st. It exposes full control to a remote... skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Persistent Magento backdoor hidden in XML 2024-04-04 Does your Interceptor.php keep getting infected? Attackers are using a new method for malware persistence on Magento servers. Sansec discovered a cleverly crafted layout template in the database, which was used to automatically inject malware. skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Persistent parasite in EOL Magento 2 2020-12-02 Over the last months, hackers have quietly added a subtle security flaw to over 50 large online stores, only to exploit them right before Black Friday, Sansec research shows. The flaw's presence would ensure future access for the attackers, even if their primary operation was blown. Sansec has be... skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Magento security extentions vendor got hacked 2019-10-07 The store of a US Magento extension vendor was found compromised. Attackers had write access to the server selling extensions. We are awaiting a statement on the integrity of downloaded software. Our malware crawlers detected a compromise of Extendware, a vendor of Magento extensions such as &quo... skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Magento PolyShell: unrestricted file upload in Magento and Adobe Commerce 2026-03-17 A new vulnerability in the Magento and Adobe Commerce REST API allows attackers to upload executable files to any store. Adobe fixed the issue in a pre-release version but has not backported the patch. Many stores run web server configurations that enable either remote code execution (RCE) or acc... skimming magento adobe-commerce rce +3 | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| magento2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Vendors defeat Magento security patch (+ simple check) 2023-01-17 Magento and Adobe Commerce stores around the world have been hammered with Trojan Order attacks this winter. And even if you have patched or installed Adobe’s 2.4.4 release, you may still be vulnerable. Sansec discovered that several vendors and agencies are actively bypassing this security fix, ... skimming trojanorder | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Warning: fake Magento patch 9789 contains virus 2017-04-21 Update May 21st: a similar phishing mail circulates about a fake patch SUPEE-1798. Update Apr 22nd: added reference to Neutrino Bot and POS systems This week a mail was sent out to announce the new Magento patch SUPEE-9789. It is fake and it contains malware. There is no patch 9789. The message... skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| An OpenCart/Magento hacking dashboard 2017-04-07 This post shows how sophisticated Magento hacking operations have become nowadays. While investigating a bruteforced Magento store, we noticed that the hacker logged in using a curious referrer site: "GET /rss/catalog/notifystock/ HTTP/1.1" 200 5676 "http://194.87.232.147:777/"... skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Pull requests
804 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| SessionReaper attacks have started, 3 in 5 stores still vulnerable 2025-10-22 Six weeks after Adobe's emergency patch, SessionReaper (CVE-2025-54236) has entered active exploitation. Sansec Shield blocked dozens of attacks today. With only 38% of stores patched and exploit details now public, mass abuse will follow in the coming hours. skimming CVE-2025-54236 magento adobe-commerce +6 | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Claude finds 353 zero-days on Packagist 2026-01-22 We built an AI-powered security pipeline to audit popular ecommerce extensions on Packagist. The vulnerabilities we found range from password leaks to full remote code execution. skimming magento adobe-commerce supply-chain +1 | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| magento | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CosmicSting attack threatens 75% of Adobe Commerce stores 2024-06-18 One week after the release of a critical security fix, just a quarter of all Adobe Commerce and Magento stores has been patched. skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| SessionReaper, unauthenticated RCE in Magento & Adobe Commerce (CVE-2025-54236) 2025-09-08 SessionReaper (CVE-2025-54236) is a critical bug in Magento & Adobe Commerce. The bug may hand full control of a store to unauthenticated attackers. Automated attacks have hit over 50% of all stores globally. Merchants should act immediately. skimming CVE-2025-54236 magento adobe-commerce +5 | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| CosmicSting attack & defense overview 2024-09-16 CosmicSting (aka CVE-2024-34102) is the worst bug to hit Magento and Adobe Commerce stores in two years. Sansec observes that stores are getting hacked at a rate of 5 to 30 per hour. Merchants need to implement these counter measures as soon as possible. skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Thousands of Adobe Commerce stores hacked in competing CosmicSting campaigns 2024-10-01 Cybercriminals have hacked 5% of all Adobe Commerce and Magento stores this summer. Among the victims are large international brands. Seven distinct groups are using CosmicSting attacks to plant malicious code on victim stores. skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Adobe patches critical Magento admin takeover via menu injection 2025-06-12 A new attack on Adobe Commerce may break the menu bar for admin users. If your menu bar is missing, someone is stealing your session via CVE-2025-47110. skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Notifications | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Fake Klaviyo accounts added to Magento 2022-12-21 Are your Magento admin accounts legitimate? Chances are, that a klaviyo_support_XXXX account was added this week. Best to quickly remove it and read this article. skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Do these two things to keep your Magento 1 store running after June 2020-05-28 Over a 100 thousands Magento 1 stores will be running after Adobe terminates support in June (end-of-life). Many merchants need more time to transition to Magento 2 or another platform. No need to panic, your store will not suddenly crash on July 1st. But you should make two important arrangement... skimming magento 1 deadline | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Extortion of Magento merchants 2022-11-07 Sansec has received reports of criminals trying to extort Magento merchants with the message below. As long as the sender does not produce evidence, they almost certainly did not steal your sensitive data. Ignoring them is best. skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Projects | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Critical Magento 2 flaw exploited within 16 hours 2019-05-10 The number of hacked Magento 2 stores spiked in the last four weeks, after a critical security flaw was discovered in March and criminals stole admin passwords within 16 hours. Merchants are advised to implement emergency measures, even if they had already patched. Update June 12th: While there w... skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| A Magento breach analysis: part 1 2017-04-12 Part of a series where Magento security professionals share their case notes, so that we can ultimately distill a set of best practices, tools and workflow. Part of the job of running the MageReport service is that I get to investigate tons of hacked stores. About 50-200 new stores get hacked pe... skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Cardbleed: 3% of Magento install base hacked 2020-09-14 Update Sept 18: Cardbleed has infected 2806 Magento1 stores so far (3% of total install base) Over the weekend, almost two thousand Magento 1 stores across the world have been hacked in the largest documented campaign to date. It was a typical Magecart attack: injected malicious code would inter... skimming | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Issues
1.2k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Adobe Commerce merchants to be hit with TrojanOrders this season 2022-11-15 At least seven Magecart groups are injecting TrojanOrders at approximately 38% of Magento and Adobe Commerce websites in November. skimming trojanorder | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

26
07-framework-security/ecommerce/medusa/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `medusa`
- 分类: `ecommerce`
- 覆盖策略: `rolling-24m`
- 总案例数: `15`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `15`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -31,22 +31,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Issues
69 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| medusajs | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Pull requests
63 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Report a vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| medusa | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Star
32.4k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Projects | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

111
07-framework-security/ecommerce/opencart/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `opencart`
- 分类: `ecommerce`
- 覆盖策略: `history-full`
- 总案例数: `100`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `100`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -31,107 +31,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| CVE-2025-1749 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-05-07T19:49:23.300` | - |
| CVE-2025-1748 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-05-07T19:47:43.517` | - |
| CVE-2025-1747 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-05-07T19:47:20.830` | - |
| CVE-2025-1746 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-05-07T19:47:12.877` | - |
| CVE-2025-1117 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-02-08T13:15:07.843` | - |
| CVE-2025-1116 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-02-08T12:15:39.660` | - |
| CVE-2025-0974 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-02-03T02:15:26.433` | - |
| CVE-2025-0841 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-01-29T21:15:20.973` | - |
| CVE-2025-0580 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-01-20T03:15:08.540` | - |
| CVE-2025-0579 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-01-20T03:15:08.353` | - |
| CVE-2025-0460 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-01-14T16:15:34.800` | - |
| CVE-2025-22335 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-01-07T16:15:42.703` | - |
| CVE-2025-0214 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-01-04T17:15:07.507` | - |
| CVE-2024-36694 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-22T15:36:02.527` | - |
| CVE-2024-51835 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-19T21:56:45.533` | - |
| CVE-2024-21519 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:54:36.377` | - |
| CVE-2024-21518 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:54:36.223` | - |
| CVE-2024-21517 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-01-14T17:15:16.380` | - |
| CVE-2024-21516 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-01-14T17:15:15.903` | - |
| CVE-2024-21515 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-01-14T17:15:15.357` | - |
| CVE-2024-21514 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:54:35.600` | - |
| CVE-2023-47444 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:30:17.177` | - |
| CVE-2023-2315 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:58:22.310` | - |
| CVE-2023-40834 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T08:20:11.673` | - |
| CVE-2020-20491 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-12-10T20:15:07.187` | - |
| CVE-2021-37823 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-05-05T14:15:21.957` | - |
| CVE-2022-41403 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-05-15T19:15:54.980` | - |
| CVE-2013-1891 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T01:50:35.890` | - |
| CVE-2022-24108 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:49:49.213` | - |
| CVE-2020-29471 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:24:03.283` | - |
| CVE-2020-29470 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:24:03.120` | - |
| CVE-2020-28838 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:23:10.513` | - |
| CVE-2020-15478 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:05:35.830` | - |
| CVE-2020-13980 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:02:17.100` | - |
| CVE-2020-10596 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:55:40.073` | - |
| CVE-2019-15081 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:28:00.747` | - |
| CVE-2018-1000640 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:40:18.203` | - |
| CVE-2018-13067 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:46:20.270` | - |
| CVE-2018-11495 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:43:29.193` | - |
| CVE-2018-11494 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:43:29.020` | - |
| CVE-2018-11231 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:42:57.327` | - |
| CVE-2014-3990 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T02:09:17.240` | - |
| CVE-2016-10509 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-20T01:37:25.860` | - |
| CVE-2015-4671 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2011-3763 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2010-1610 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2010-0956 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2009-1621 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2009-1027 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2008-3130 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| #14937 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 3.0.5.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| opencart | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14933 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 3.0.5.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14961 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Latest | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14936 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14943 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #15029 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #15012 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14874 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14929 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #15010 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14941 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14940 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14938 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14980 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| View all tags | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #15011 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14879 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14875 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| /pull/14942 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Star
8.1k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14877 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14928 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Projects | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Pull requests
27 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14955 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14930 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14931 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14932 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14934 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14979 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #15034 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| opencart | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Wiki | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14939 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14956 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| bf120c7 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14935 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| #14916 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Issues
112 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

38
07-framework-security/ecommerce/openmage/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `openmage`
- 分类: `ecommerce`
- 覆盖策略: `rolling-24m`
- 总案例数: `27`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `27`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -31,34 +31,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| Star
914 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| OpenMage | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Stored XSS in theme config fields | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Fix for authenticated remote code execution through layout update | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Projects | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Stored XSS in WYSIWYG Editor | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Pull requests
66 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| DataFlow upload remote code execution vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Stored XSS in admin file form | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Issues
178 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 3 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| DoS vulnerability in MaliciousCode filter | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Report a vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| XSS in Admin Notifications | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| magento-lts | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Stored XSS in admin system configs | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Guest order "protect code" can be brute-forced too easily | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| X-Original-Url header can expose admin url | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
22 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Next | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

130
07-framework-security/ecommerce/prestashop/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `prestashop`
- 分类: `ecommerce`
- 覆盖策略: `history-full`
- 总案例数: `112`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `112`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -33,126 +33,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| CVE-2020-5294 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:33:51.140` | - |
| CVE-2020-5273 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:33:48.777` | - |
| CVE-2020-5266 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:33:47.980` | - |
| CVE-2020-5277 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:33:49.217` | - |
| CVE-2020-5250 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:33:45.950` | - |
| CVE-2013-6295 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T01:58:57.763` | - |
| CVE-2013-4792 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T01:56:25.330` | - |
| CVE-2013-4791 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T01:56:25.180` | - |
| CVE-2012-2517 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T01:39:10.433` | - |
| CVE-2013-6358 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T01:59:04.000` | - |
| CVE-2020-6632 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:36:04.413` | - |
| CVE-2019-19595 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:35:01.013` | - |
| CVE-2019-19594 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:35:00.853` | - |
| CVE-2019-15565 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:29:01.730` | - |
| CVE-2019-13461 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:24:56.967` | - |
| CVE-2019-11876 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:21:56.310` | - |
| CVE-2018-20717 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:02:01.370` | - |
| CVE-2018-19355 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:57:47.527` | - |
| CVE-2018-19126 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:57:22.610` | - |
| CVE-2018-19125 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:57:22.450` | - |
| CVE-2018-19124 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:57:22.300` | - |
| CVE-2018-13784 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:47:58.403` | - |
| CVE-2018-8824 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:14:23.640` | - |
| CVE-2018-10942 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:42:21.540` | - |
| CVE-2018-8823 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:14:23.493` | - |
| CVE-2018-7491 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:12:14.077` | - |
| CVE-2018-5682 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:09:09.393` | - |
| CVE-2018-5681 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:09:09.263` | - |
| CVE-2015-1175 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2014-2009 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2014-2008 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2012-6641 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2012-5801 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2012-5800 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2012-5799 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2011-4545 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2011-4544 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2011-3796 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-11T00:51:21.963` | - |
| CVE-2008-6503 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| CVE-2008-5791 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-09T00:30:58.490` | - |
| Events | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| GitHub
Discussions (external link) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 3 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Newsletter | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| [CVE-2024-6648] Absolute Path Traversal vulnerability in AP Page Builder versions prior to 4.0.0 | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| → Discover the PrestaShop example modules repository A hands-on library of working code examples to help you understand how PrestaShop module development really works. | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PrestaShop | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Support (external link) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Latest Releases | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| XSS can be stored in DB from "add a message form" in order detail page (FO) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| → PrestaShop Core Monthly - January 2026 9.1 Beta opens for feedback, Developer Conference videos go live, and big features take shape | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| [CVE-2025-51586] User enumeration vulnerability in the AdminLogin controller in PrestaShop 1.7 through 8.2.2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| → PrestaShop 8.2.4 is available Security improvements for branch 8.2.x | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| → Hummingbird v2: Architecture, Best Practices, and Contribution Guide A developer-oriented foundation for modern and scalable PrestaShop themes | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| its members and contributors | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| [CVE-2025-61922] Customer account takeover via email in PrestaShop Checkout module for PrestaShop | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Contributor's Guide | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Path disclosure in JavaScript variable | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| SQL injection possible in search product in BO | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 6 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| → Join us at the inaugural Ecommerce Open Source Summit (EO2S) in Paris Organized by Friends of Presta, EO2S brings together the open source ecommerce community on March 26, 2026 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Join Slack
Community
(external link) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| path traversal: file deletion | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| → PrestaShop Core Monthly - February 2026 New releases, Hummingbird v2, B2B foundations, and a one-page checkout on the horizon | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Core Monthly | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Issues
2.3k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 4 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Developer
Documentation (external link) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| → Cleaning up old branches: a routine maintenance for a healthier repository We are removing old branches from our repository | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Download
sources (external link) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PrestaShop | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Some attribute not escaped in Validate::isCleanHTML method | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Pull requests
305 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Top Contributors
(external link) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Contact us | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Projects | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Start Developing | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| About us | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 5 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| [CVE-2024-36682] Exposure of Private Personal Information to an Unauthorized Actor in Promokit.eu - Theme settings module for PrestaShop | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| [CVE-2025-69633] Improper neutralization of SQL parameters in Advanced Popup Creator module from Idnovate for PrestaShop | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| → PrestaShop 9.1 RC1 is open for testing! The first Release Candidate of PrestaShop 9.1 is here. Help us validate it before the final release. | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Time based enumeration in FO login form | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Live Updates | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| [CVE-2024-34989] Improper neutralization of SQL parameter in RSI PDF/HTML catalog evolution (prestapdf) module for PrestaShop | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| New possible XSS injection through Validate::isCleanHTML method | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Top Translators (external link) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| [CVE-2023-45256] Improper neutralization of SQL parameters in Monetico Paiement module from EuroInformation for PrestaShop | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Anonymous customer can download other customers's invoices | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PrestaShop 8.x | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| PrestaShop 9.x | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| → AI-Powered API Hackathon: 14+ Endpoints in a Single Day How PrestaShop teams used Claude Code to accelerate Admin API contributions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| [CVE-2024-36683] Improper neutralization of SQL parameter in Smart Modules - Products Alert module for PrestaShop | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Email enumeration | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| How-to Guides | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| [CVE-2024-41670] Improperly Implemented Security Check for Standard in PayPal Official for PrestaShop | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| → PrestaShop Developer Conference 2025 Filmed Sessions - Community and Security Friends of Presta, Cybersecurity and Ecommerce Development | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Star
9k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| RSS | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| YouTube
Channel (external link) | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Development Tools | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
53 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Useful Tools | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| XSS via customer contact form in FO, through file upload | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Next | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

35
07-framework-security/ecommerce/saleor/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `saleor`
- 分类: `ecommerce`
- 覆盖策略: `rolling-24m`
- 总案例数: `24`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `24`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -31,31 +31,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| saleor | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Unauthenticated Information Disclosure Vulnerability via Python Exceptions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Non-constant time HMAC comparison in Adyen plugin | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Customers addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Stored XSS via Unrestricted File Uploads | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Insecure Direct Object Reference (IDOR) in GraphQL API | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Star
22.7k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| saleor | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Improper object type validation in mutations leading to unauthorized access | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Report a vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
10 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Issues
185 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| CSRF bypass in refreshToken mutation | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Pull requests
67 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| User enumeration vulnerability in Saleor due to different error messages | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Lack of proper HTML sanitization in rich text fields | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Staff-Authenticated Error Message Information Disclosure Vulnerability via Python Exceptions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

82
07-framework-security/ecommerce/shopware/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `shopware`
- 分类: `ecommerce`
- 覆盖策略: `history-full`
- 总案例数: `71`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `71`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -31,78 +31,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| CVE-2023-22730 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:45:18.660` | - |
| CVE-2022-36102 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:12:23.590` | - |
| CVE-2022-36101 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:12:23.440` | - |
| CVE-2022-31148 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:03:59.930` | - |
| CVE-2022-31057 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T07:03:48.270` | - |
| CVE-2022-24892 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:51:20.243` | - |
| CVE-2022-24879 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:51:18.403` | - |
| CVE-2022-24873 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:51:17.737` | - |
| CVE-2022-24872 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:51:17.607` | - |
| CVE-2022-24871 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:51:17.483` | - |
| CVE-2022-24956 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:51:27.467` | - |
| CVE-2022-24748 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:51:00.577` | - |
| CVE-2022-24747 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:51:00.453` | - |
| CVE-2022-24746 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:51:00.337` | - |
| CVE-2022-24745 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:51:00.213` | - |
| CVE-2022-24744 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:51:00.097` | - |
| CVE-2022-21652 | `low` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:45:09.557` | - |
| CVE-2022-21651 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:45:09.420` | - |
| CVE-2021-41188 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:25:43.210` | - |
| CVE-2021-37710 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:15:45.890` | - |
| CVE-2021-37709 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:15:45.713` | - |
| CVE-2021-37708 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:15:45.560` | - |
| CVE-2021-37707 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:15:45.410` | - |
| CVE-2021-32717 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:07:35.447` | - |
| CVE-2021-32716 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:07:35.340` | - |
| CVE-2021-32713 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:07:35.013` | - |
| CVE-2021-32712 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:07:34.910` | - |
| CVE-2021-32711 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:07:34.803` | - |
| CVE-2021-32710 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:07:34.690` | - |
| CVE-2021-32709 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T06:07:34.577` | - |
| CVE-2020-28199 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:22:27.980` | - |
| CVE-2020-13997 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:02:18.893` | - |
| CVE-2020-13971 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:02:16.100` | - |
| CVE-2020-13970 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:02:15.970` | - |
| CVE-2019-12935 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:23:51.287` | - |
| CVE-2019-12799 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:23:36.247` | - |
| CVE-2018-20713 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:02:00.820` | - |
| CVE-2017-18357 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:19:55.227` | - |
| CVE-2017-15374 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-20T01:37:25.860` | - |
| CVE-2016-3109 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-20T01:37:25.860` | - |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Report a vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Pull requests
186 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Issues
1.3k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| `/api/_info/config` route exposes information about licenses | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Reflected XSS in Storefront Login Page | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 7 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 3 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| `/api/_info/config` route exposes information about active security fixes | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Star
3.3k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| shopware | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Improper Control of Generation of Code in Twig rendered views | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 6 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 4 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| User enumeration via distinct error codes on Store API login endpoint | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Unauthenticated data extraction possible through store-api.order endpoint | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Next | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Reflective Cross Site-Scripting (XSS) in CMS components | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| shopware | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
68 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Password recovery link does not expire after email change | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Path traversal via Plugin upload | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| 5 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Projects | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Potential take over of app credentials | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |

122
07-framework-security/ecommerce/woocommerce/INDEX.md
查看文件

@@ -5,14 +5,14 @@
- 系统 ID: `woocommerce`
- 分类: `ecommerce`
- 覆盖策略: `history-full`
- 总案例数: `111`
- 总案例数: `0`
- 近 30 天新增/更新: `0`
- 重点 Markdown 案例数: `0`
- 已实证(真实版本): `0`
- 已实证(synthetic): `0`
- 阻塞数: `0`
- 待人工/缺浏览器证据: `111`
- 最近渲染时间: `2026-03-18T21:16:45+00:00`
- 待人工/缺浏览器证据: `0`
- 最近渲染时间: `2026-03-18T21:18:14+00:00`
## 目标约束
@@ -34,118 +34,4 @@
| 标题 | 严重度 | 案例状态 | 实证状态 | 实证方式 | 来源置信度 | 更新时间 | 案例页 |
|------|--------|----------|----------|----------|------------|----------|--------|
| CVE-2019-18834 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:33:40.530` | - |
| CVE-2019-20891 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:39:37.827` | - |
| CVE-2020-11727 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:58:29.603` | - |
| CVE-2020-8819 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T05:39:30.133` | - |
| CVE-2014-4558 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T02:10:26.603` | - |
| CVE-2019-18668 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:33:29.677` | - |
| CVE-2019-14979 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:27:48.810` | - |
| CVE-2019-14978 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:27:48.663` | - |
| CVE-2017-18592 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:20:28.627` | - |
| CVE-2016-10935 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T02:45:06.817` | - |
| CVE-2019-15092 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:28:02.440` | - |
| CVE-2016-10923 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T02:45:05.073` | - |
| CVE-2016-10922 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T02:45:04.920` | - |
| CVE-2018-20966 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:02:35.007` | - |
| CVE-2019-14948 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:27:44.950` | - |
| CVE-2017-18506 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:20:16.597` | - |
| CVE-2019-14796 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:27:22.400` | - |
| CVE-2019-14774 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:27:19.310` | - |
| CVE-2019-1010124 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:17:58.953` | - |
| CVE-2019-5979 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:45:50.723` | - |
| CVE-2019-11807 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:21:48.027` | - |
| CVE-2019-7441 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:48:14.587` | - |
| CVE-2019-9168 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:51:07.733` | - |
| CVE-2018-20782 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:02:09.783` | - |
| CVE-2018-20714 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:02:00.963` | - |
| CVE-2017-18356 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:19:55.073` | - |
| CVE-2018-11525 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:43:32.763` | - |
| CVE-2018-11486 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:43:27.857` | - |
| CVE-2018-11485 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:43:27.710` | - |
| CVE-2018-11579 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T03:43:39.363` | - |
| CVE-2018-8711 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:14:10.983` | - |
| CVE-2018-8710 | `critical` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:14:10.840` | - |
| CVE-2015-2329 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T02:27:13.723` | - |
| CVE-2018-5316 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2024-11-21T04:08:34.753` | - |
| CVE-2017-17058 | `high` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-20T01:37:25.860` | - |
| CVE-2016-10112 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2015-5065 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2015-2069 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2014-6313 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| CVE-2014-4549 | `medium` | `triage` | `triage-manual` | `synthetic` | `official` | `2025-04-12T10:46:40.837` | - |
| woocommerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Second parameter of woocommerce_get_breadcrumb may be null for Core Breadcrumbs block in WooCommerce 10.6 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| HPOS sync on read to be disabled by default in WooCommerce 10.7 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Join the Community Slack | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Booster for WooCommerce < 7.11.3 Broken Access Control vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| WooCommerce 10.6.1: Dot Release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Policy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Call for Testing: WooCommerce Order Fulfillments | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Join us for our “Building Ecommerce Community” Live Event | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Pull requests
369 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| See all Release Posts | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WooCommerce 10.6: What’s coming for developers | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Subscriptions for WooCommerce <= 1.9.2 Missing Authorization to Unauthenticated Arbitrary Subscription Cancellation vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| AI & Agentic Commerce in WooCommerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Actions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Contribute to WooCommerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| How AI and Automation are Improving the Woo Release Process | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Projects | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Blind SQL Injection possible via Authenticated Web-hook Search API Endpoint | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WooCommerce 10.4.3: Dot Release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Become a Woo agency partner | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WooCommerce 10.5: What’s coming for developers | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WooCommerce Meetups | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Events | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Skip to content | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Product images are now lazy-loaded by default in WooCommerce 10.6 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WowStore <= 4.4.3 WordPress WowStore - Store Builder & Product Blocks for WooCommerce plugin <= 4.4.3 - Unauthenticated SQL Injection via 'search' Parameter vulnerability | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| Sign up | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Release Calendar | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Improving WooCommerce Performance at Scale | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WooCommerce 10.5 Release is Delayed | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Star
10.2k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Newsletter | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| See all Roadmap Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Contact Us | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WooCommerce 10.6: Enhanced blocks and a faster dashboard | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Issues
2.6k | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| What we’re doing to get the Woo Block Theme ready for you | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Get started | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Call for testing: Experimental REST API Caching in WooCommerce 10.5 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Experimental Product Object Caching in WooCommerce 10.5 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Become a Marketplace partner | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Restricting per_page for Product and ProductReview Store API Requests in WooCommerce 10.6 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| March Office Hours: Testing, testing | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Wiki | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Sign in | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WooCommerce 10.5.3: Dot release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| woocommerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Insights | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Do not sell or share my personal information | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Mailchimp API Maintenance on February 28, 2026 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Community Forum | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| XSS Vulnerability in WooCommerce checkout & registration forms | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WooCommerce 10.5.1: Dot Release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Call for Testing: WooCommerce MCP Beta | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WooCommerce 10.5: Improving analytics and admin performance | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Security
2 | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Store API Vulnerability Patched in WooCommerce 5.4+ – What You Need To Know | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Release Posts | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| GitHub Discussions | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| About | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Status | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| See all Developer Advisories | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| See all posts | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WooCommerce 10.5.2: Dot Release | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Understanding the Interactivity API-driven future for WooCommerce Blocks | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| WooCommerce | `unknown` | `triage` | `triage-manual` | `synthetic` | `ecosystem-authority` | `` | - |
| WooCommerce Block Theme: An update on our strategy | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Join the Woo community on Slack | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| Release downloads | `unknown` | `triage` | `triage-manual` | `synthetic` | `official` | `` | - |
| No advisories yet | `n/a` | `empty` | `n/a` | `n/a` | `n/a` | `n/a` | - |