127 matches found
CVE-2026-2658
A vulnerability was found in newbee-ltd newbee-mall up to a069069b07027613bf0e7f571736be86f431faee. Affected is an unknown function of the component Multiple Endpoints. Performing a manipulation results in cross-site request forgery. Remote exploitation of the attack is possible. The exploit has...
CVE-2026-2658
A vulnerability was found in newbee-ltd newbee-mall up to a069069b07027613bf0e7f571736be86f431faee. Affected is an unknown function of the component Multiple Endpoints. Performing a manipulation results in cross-site request forgery. Remote exploitation of the attack is possible. The exploit has...
CVE-2026-2658
A vulnerability was found in newbee-ltd newbee-mall up to a069069b07027613bf0e7f571736be86f431faee. Affected is an unknown function of the component Multiple Endpoints. Performing a manipulation results in cross-site request forgery. Remote exploitation of the attack is possible. The exploit has...
CVE-2026-2658 newbee-ltd newbee-mall Multiple Endpoints cross-site request forgery
A vulnerability was found in newbee-ltd newbee-mall up to a069069b07027613bf0e7f571736be86f431faee. Affected is an unknown function of the component Multiple Endpoints. Performing a manipulation results in cross-site request forgery. Remote exploitation of the attack is possible. The exploit has...
CVE-2026-2658
The CVE affects the newbee-ltd newbee-mall project (up to a069069b07027613bf0e7f571736be86f431faee) with an issue in the Unknown function of the Multiple Endpoints component. The described impact is cross-site request forgery (CSRF) arising from a manipulation of that function, with remote exploi...
CVE-2026-2658 newbee-ltd newbee-mall Multiple Endpoints cross-site request forgery
A vulnerability was found in newbee-ltd newbee-mall up to a069069b07027613bf0e7f571736be86f431faee. Affected is an unknown function of the component Multiple Endpoints. Performing a manipulation results in cross-site request forgery. Remote exploitation of the attack is possible. The exploit has...
PT-2026-20476
Name of the Vulnerable Software and Affected Versions newbee-ltd newbee-mall affected versions not specified Description A flaw exists in newbee-ltd newbee-mall. This issue involves a function within the Multiple Endpoints component that can be exploited to perform cross-site request forgery...
newbee-mall 安全漏洞
newbee-mall is an e-commerce system developed under open source by newbee. newbee-mall has security vulnerabilities, which stem from improper handling of multiple endpoints. These vulnerabilities may lead to cross-site request forgery attacks...
CVE-2026-26219
newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who obtain password hashes through database exposure, backup leakage, or other compromise vectors to...
CVE-2026-26218
newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provisioned with a predictable default password. Deployments that initialize or reset the database using the provided schema and fail to change the default administrative credentials m...
CVE-2026-26219
newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who obtain password hashes through database exposure, backup leakage, or other compromise vectors to...
CVE-2026-26219 newbee-mall Unsalted MD5 Password Hashing Enables Offline Credential Cracking
newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who obtain password hashes through database exposure, backup leakage, or other compromise vectors to...
CVE-2026-26219
CVE-2026-26219 affects newbee-mall stores that hash passwords using unsalted MD5 without per-user salts or computational cost controls. Root cause: MD5 hashing without salt enables offline credential cracking if password hashes are exposed. Impact: high confidentiality and integrity risk; plainte...
CVE-2026-26219 newbee-mall Unsalted MD5 Password Hashing Enables Offline Credential Cracking
newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who obtain password hashes through database exposure, backup leakage, or other compromise vectors to...
CVE-2026-26218
newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provisioned with a predictable default password. Deployments that initialize or reset the database using the provided schema and fail to change the default administrative credentials m...
CVE-2026-26218 newbee-mall Default Seeded Administrator Credentials Allow Account Takeover
newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provisioned with a predictable default password. Deployments that initialize or reset the database using the provided schema and fail to change the default administrative credentials m...
CVE-2026-26218
CVE-2026-26218 affects newbee-mall where the database initialization script seeds administrator accounts with a predictable default password. This enables unauthenticated attackers to log in as an administrator and gain full control of the application if the default credentials are not changed du...
newbee-mall 加密问题漏洞
newbee-mall is an e-commerce system developed by newbee with open source. newbee-mall has encryption-related vulnerabilities; these vulnerabilities stem from the use of the unsalted MD5 hash algorithm for storing and verifying user passwords. This allows attackers to quickly recover plaintext...
newbee-mall 信任管理问题漏洞
newbee-mall is an e-commerce system developed under open source by newbee. newbee-mall has a vulnerability related to trust management. This vulnerability stems from the database initialization script, which includes pre-set administrator accounts with predictable default passwords. This allows...
PT-2026-7887
Name of the Vulnerable Software and Affected Versions newbee-mall affected versions not specified Description The application includes pre-seeded administrator accounts in its database initialization script, which are provisioned with a predictable default password. Deployments that initialize or...