Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Github Security Blog
Github Security Blogadded 2026/04/30 6:30 p.m.5 views

Shopizer is vulnerable to Cross-site Scripting

Multiple authenticated cross-site scripting XSS vulnerabilities in the XssHttpServletRequestWrapper class of shopizer through version 3.2.5 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the getInputStream or getReader functions...

5.4CVSS5.9AI score0.00034EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2026/04/30 6:30 p.m.0 views

GHSA-FQCW-2XHJ-P63G Shopizer is vulnerable to Cross-site Scripting

Multiple authenticated cross-site scripting XSS vulnerabilities in the XssHttpServletRequestWrapper class of shopizer through version 3.2.5 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the getInputStream or getReader functions...

5.4CVSS5.9AI score0.00034EPSS
Exploits0References3
CVE
CVEadded 2026/04/30 12:0 a.m.2 views

CVE-2026-36766

CVE-2026-36766 describes multiple authenticated XSS vulnerabilities in the XssHttpServletRequestWrapper class of Shopizer v3.2.5. The issue allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload through getInputStream() or getReader(). The CVE entry notes the att...

5.4CVSS5.3AI score0.00034EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/04/30 12:0 a.m.4 views

Shopizer 跨站脚本漏洞

Shopizer is an open-source e-commerce solution developed by the Shopizer team, based on Java. Version 3.2.5 of Shopizer contains a cross-site scripting vulnerability. This vulnerability stems from the XssHttpServletRequestWrapper class, which has multiple authenticated cross-site scripting...

5.4CVSS5.9AI score0.00034EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/12/02 4:27 a.m.4 views

CVE-2025-13805

A weakness has been identified in nutzam NutzBoot up to 2.6.0-SNAPSHOT. This affects the function getInputStream of the file nutzcloud/nutzcloud-literpc/src/main/java/org/nutz/boot/starter/literpc/impl/endpoint/http/HttpServletRpcEndpoint.java of the component LiteRpc-Serializer. Executing a...

6.3CVSS4.2AI score0.00046EPSS
Exploits0References1
CVE
CVEadded 2025/12/01 3:32 a.m.10 views

CVE-2025-13805

CVE-2025-13805 affects nutzam NutzBoot up to 2.6.0-SNAPSHOT via the LiteRpc-Serializer’s HttpServletRpcEndpoint.getInputStream, enabling deserialization of untrusted data. Described as remote and high-complexity, with exploit code publicly available. No fixed version is identified; monitoring for...

6.3CVSS4.2AI score0.00046EPSS
Exploits0References5
CNNVD
CNNVDadded 2025/12/01 12:0 a.m.2 views

NutzBoot 代码问题漏洞

NutzBoot is an enterprise microservices framework open-sourced by Nutz. A code issue vulnerability exists in NutzBoot 2.6.0-SNAPSHOT and earlier versions, which stems from a misbehavior of the function getInputStream in the file HttpServletRpcEndpoint.java, which could lead to deserialization...

6.3CVSS4.7AI score0.00046EPSS
Exploits0References5
Rows per page
Query Builder