Vulnerabilidades en Saleor
19 resultadosCVE-2019-1010304—Saleor Issue was introduced by merge commit: e1b01bad0703afd08d297ed3f1f472248312cc9c. This commit was released as part of 2.0.0 release is EPSS 1.2%CVE-2022-0932MEDIUMMissing Authorization in saleor/saleorEPSS 1.0%CVE-2023-26051MEDIUMSaleor is vulnerable to staff-authenticated error message information disclosure vulnerability via Python exceptionsEPSS 0.8%CVE-2023-26052LOWSaleor is vulnerable to unauthenticated information disclosure via Python exceptionsEPSS 0.8%CVE-2024-29036MEDIUMSaleor Storefront session leak in cacheEPSS 0.6%CVE-2024-29888MEDIUMSaleor vulnerable to customers addresses leak when using Warehouse as a `Pickup: Local stock only` delivery methodEPSS 0.5%CVE-2022-39275MEDIUMImproper object type validation in saleorEPSS 0.5%CVE-2023-3294HIGHCross-site Scripting (XSS) - DOM in saleor/react-storefrontEPSS 0.5%CVE-2026-33756HIGHSaleor Affected by Denial of Service via Unbounded GraphQL Query BatchingEPSS 0.4%CVE-2026-24136HIGHSaleor has an Insecure Direct Object Reference (IDOR) in GraphQL APIEPSS 0.4%CVE-2023-32694MEDIUMNon-constant time HMAC comparison in Adyen plugin in SaleorEPSS 0.3%CVE-2026-42175MEDIUMrequests-hardened: Server-Side Request Forgery (SSRF) in requests-hardened RFC 6598EPSS 0.3%CVE-2026-35407MEDIUMSaleor has Cross-Account Email Change via Unbound Confirmation TokenEPSS 0.3%CVE-2025-58442MEDIUMSaleor has user enumeration vulnerability due to different error messagesEPSS 0.3%CVE-2026-35401HIGHSaleor has a resource exhaustion vulnerability in GraphQL queriesEPSS 0.3%CVE-2026-39851MEDIUMSaleor has a user enumeration vulnerability due to different error messagesEPSS 0.2%CVE-2026-23499HIGHSaleor vulnerable to stored XSS via Unrestricted File UploadEPSS 0.2%CVE-2026-22849HIGHSaleor lacks proper HTML sanitization in rich text fieldsEPSS 0.2%CVE-2024-31205MEDIUMSaleor CSRF bypass in refreshToken mutationEPSS 0.2%