Lucene search
+L

10 matches found

osv
osv
added 2026/02/26 10:31 p.m.5 views

CVE-2026-28213 EverShop Vulnerable to Arbitrary Customer Account Takeover via Exposure of Password Reset Token in API Response

EverShop is a TypeScript-first eCommerce platform. Versions prior to 2.1.1 have a vulnerability in the "Forgot Password" functionality. When specifying a target email address, the API response returns the password reset token. This allows an attacker to take over the associated account. Version...

9.8CVSS6AI score0.00446EPSS
Exploits0References4
cve
cve
added 2026/02/10 5:43 p.m.16 views

CVE-2026-25993

EverShop (TypeScript-based eCommerce platform) is affected by a second-order SQL injection during category update/delete handling. The vulnerability stems from embedding path/request_path values, derived from the url_key stored in the database, into SQL statements via string concatenation that ar...

9.8CVSS5.8AI score0.0032EPSS
Exploits0References2Affected Software1
vulnersosv
vulnersosv
added 2026/01/05 9:30 p.m.4 views

@pakasa/duuka-airtel-money-pay (>=0.0.12 <=0.0.16), @pakasa/duuka-checkout (>=0.0.1 <=0.0.9) +9 more potentially affected by CVE-2025-67427 via @evershop/evershop (>=1.0.0-rc.5 <=1.2.2)

@evershop/evershop NPM version =1.0.0-rc.5, =0.0.12, =0.0.1, =0.0.5, =0.0.1, =1.0.0, =0.0.2, =0.0.2, =0.0.4, =0.1.2, =1.1.0 Source cves: CVE-2025-67427 Source advisory: OSV:GHSA-VP8W-WJ4M-3R7J...

6.5CVSS5.8AI score0.00175EPSS
Exploits0
euvd
euvd
added 2026/01/05 12:0 a.m.7 views

EUVD-2026-0799

A Denial of Service DoS vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to exhaust the application server's resources via the "GET /images" API. The application fails to limit the height of the use-element shadow tree or the dimensions of pattern tiles during the...

7.5CVSS6.4AI score0.00291EPSS
Exploits0References3
vulnersosv
vulnersosv
added 2025/11/09 9:30 p.m.6 views

@pakasa/duuka-airtel-money-pay (>=0.0.12 <=0.0.16), @pakasa/duuka-checkout (>=0.0.1 <=0.0.9) +9 more potentially affected by CVE-2025-12919 via @evershop/evershop (>=1.0.0-rc.5 <=1.2.2)

@evershop/evershop NPM version =1.0.0-rc.5, =0.0.12, =0.0.1, =0.0.5, =0.0.1, =1.0.0, =0.0.2, =0.0.2, =0.0.4, =0.1.2, =1.1.0 Source cves: CVE-2025-12919 Source advisory: OSV:GHSA-C73G-MX2W-CC93...

6.3CVSS5.8AI score0.00453EPSS
Exploits1
github
github
added 2025/11/09 9:30 p.m.9 views

EverShop is vulnerable to Unauthorized Order Information Access (IDOR)

A vulnerability was detected in EverShop up to 2.0.1. Affected is an unknown function of the file /src/modules/oms/graphql/types/Order/Order.resolvers.js of the component Order Handler. The manipulation of the argument uuid results in improper control of resource identifiers. The attack may be...

6.3CVSS4.5AI score0.00453EPSS
Exploits1References7Affected Software1
ptsecurity
ptsecurity
added 2025/11/09 12:0 a.m.7 views

PT-2025-45581

Name of the Vulnerable Software and Affected Versions EverShop versions up to 2.0.1 Description A flaw exists in EverShop related to improper control of resource identifiers. The issue is located in an unknown function within the /src/modules/oms/graphql/types/Order/Order.resolvers.js file of the...

6.3CVSS4.1AI score0.00453EPSS
Exploits1References13
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-3296

Malicious code in bioql PyPI...

8.3CVSS8.2AI score0.01186EPSS
Exploits0References7
redhatcve
redhatcve
added 2025/05/23 3:58 a.m.12 views

CVE-2023-46498

An issue in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information and execute arbitrary code via the /deleteCustomer/route.json file...

9.8CVSS7.5AI score0.01285EPSS
Exploits0
cnnvd
cnnvd
added 2023/12/08 12:0 a.m.6 views

EverShop Security Breach

EverShop is EverShop open source a NodeJS e-commerce platform. A security vulnerability exists in EverShop versions prior to v.1.0.0-rc.8. A remote attacker can exploit this vulnerability to obtain sensitive information via a specially crafted request to the mkdirSync function in the...

5.4CVSS6.4AI score0.00793EPSS
Exploits0References3
Rows per page
Query Builder