CVE-2025-65844

EverShop 2.0.1 allows a remote unauthenticated attacker to upload arbitrary files and create directories via the /api/images endpoint. The endpoint is accessible without authentication by default, and server-side validation of uploaded files is insufficient. This can be abused to upload arbitrary...

EUVD-2025-200288

EverShop 2.0.1 allows an unauthenticated user to upload files and create directories within the /api/images endpoint...

PT-2024-13390 · Npm · @Evershop/Evershop

Name of the Vulnerable Software and Affected Versions: @evershop/evershop versions prior to 1.0.0-rc.8 Description: The issue is related to a lack of authentication in the @evershop/evershop package, which allows remote attackers to obtain sensitive information via improper authorization in Graph...

evershop-app (=0.1.0) potentially affected by CVE-2023-46495 via @evershop/evershop (=1.0.0-rc.5)

@evershop/evershop NPM version =1.0.0-rc.5 is affected by a known vulnerability. The following packages have a transitive dependency on @evershop/evershop and may be impacted: - evershop-app =0.1.0 Source cves: CVE-2023-46495 Source advisory: OSV:GHSA-2XCJ-557C-HF8R...