CVE-2026-10857 Reflected XSS in Akinsoft's e-Commerce

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in AKIN Software Computer Import Export Industry and Trade Ltd. E-Commerce allows Reflected XSS. This issue affects e-Commerce: before 1.25.01.06...

CVE-2025-11251 SQLi in Dayneks Software's E-Commerce Platform

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Dayneks Software Industry and Trade Inc. E-Commerce Platform allows SQL Injection. This issue affects E-Commerce Platform: through 27022026. NOTE: The vendor was contacted early about this disclosu...

CVE-2025-11251 SQLi in Dayneks Software's E-Commerce Platform

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Dayneks Software Industry and Trade Inc. E-Commerce Platform allows SQL Injection. This issue affects E-Commerce Platform: through 27022026. NOTE: The vendor was contacted early about this disclosu...

CVE-2025-11251

CVE-2025-11251 concerns an SQL Injection vulnerability in Dayneks Software Industry and Trade Inc. E-Commerce Platform. The issue stems from improper neutralization of special elements in SQL commands, allowing potentially untrusted input to affect query logic. Affected vector is network-based, w...

Dayneks E-Commerce Platform SQL注入漏洞

Dayneks E-Commerce Platform is an e-commerce platform developed by the Turkish company Dayneks. Versions of Dayneks E-Commerce Platform dated back to February 27, 2026, and earlier contained a SQL injection vulnerability. This vulnerability stemmed from improper handling of special elements withi...

PT-2026-5987

Name of the Vulnerable Software and Affected Versions Dokans Multi-Tenancy Based eCommerce Platform version 3.9.2 Description The platform allows unauthenticated remote attackers to obtain sensitive application configuration data by directly requesting the '/script/.env' file. This file contains...

EUVD-2018-10667

Malware in sbrugna...

EUVD-2023-34177

Malicious code in bioql PyPI...

EUVD-2024-0970

Malicious code in bioql PyPI...

EUVD-2023-0442

Malicious code in bioql PyPI...

EUVD-2023-0340

Malicious code in bioql PyPI...

PT-2025-39756

Name of the Vulnerable Software and Affected Versions code-projects E-Commerce Website version 1.0 Description A security issue exists in code-projects E-Commerce Website 1.0. The issue involves SQL injection within the file /pages/admin product details.php. Manipulation of the prod id argument c...

CVE-2024-21628

PrestaShop is an open-source e-commerce platform. Prior to version 8.1.3, the isCleanHtml method is not used on this this form, which makes it possible to store a cross-site scripting payload in the database. The impact is low because the HTML is not interpreted in BO, thanks to twig's escape...

Gosoft Proticaret E-Commerce 跨站请求伪造漏洞

Gosoft Proticaret E-Commerce is an e-commerce platform solution from Gosoft Turkey. A cross-site request forgery vulnerability exists in Gosoft Proticaret E-Commerce versions prior to v6.0, which stems from unvalidated input leading to a cross-site request forgery attack...

PHPSHE 注入漏洞

PHPSHE is a set of online shopping mall system of China Lingbao Jane Hao Network Technology PHPSHE company. The system supports express tracking, online chat, order evaluation and statistics and other functions. PHPSHE 1.8 version of the existence of injection vulnerability, the vulnerability ste...

CVE-2025-32378

Shopware is an open source e-commerce software platform. Prior to 6.6.10.3 or 6.5.8.17, the default settings for double-opt-in allow for mass unsolicited newsletter sign-ups without confirmation. Default settings are Newsletter: Double Opt-in set to active, Newsletter: Double opt-in for registere...

CVE-2025-32378 Shopware's default newsletter opt-in settings allow for mass sign-up abuse

Shopware is an open source e-commerce software platform. Prior to 6.6.10.3 or 6.5.8.17, the default settings for double-opt-in allow for mass unsolicited newsletter sign-ups without confirmation. Default settings are Newsletter: Double Opt-in set to active, Newsletter: Double opt-in for registere...

zz 安全漏洞

zz is an e-commerce platform for zj1983 individual developers. A security vulnerability exists in zz 2024-8 and prior versions that stems from improper authorization...

zz 注入漏洞

zz is an e-commerce platform for zj1983 individual developers. An injection vulnerability exists in zz 2024-8 and prior versions, which stems from SQL injection and could lead to remote code execution...

zz 注入漏洞

zz is an e-commerce platform for zj1983 individual developers. An injection vulnerability exists in zz 2024-8 and prior versions, which stems from SQL injection and could lead to remote code execution...