Known Vulnerabilities for Commerce Core by Drupal
Listed below are 2 of the newest known vulnerabilities associated with "Commerce Core" by "Drupal".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-40887 json | Vendure is an open-source headless commerce platform. Starting in version 1.7.4 and prior to versions 2.3.4, 3.5.7, and 3.6.2... | Not Provided | 2026-04-21 | 2026-04-22 |
| CVE-2026-10769 json | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Commerce Core al... | Not Provided | 2026-07-10 | 2026-07-10 |