9 matches found
EUVD-2025-4263
Malicious code in bioql PyPI...
CVE-2024-6730
A vulnerability was found in Nanjing Xingyuantu Technology SparkShop up to 1.1.6. It has been rated as critical. This issue affects some unknown processing of the file /api/Common/uploadFile. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely...
CVE-2024-46307
A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of products...
CVE-2024-48107
SparkShop =1.1.7 is vulnerable to server-side request forgery SSRF. This vulnerability allows attacks to scan ports on the Intranet or local network where the server resides, attack applications running on the Intranet or local network, or read metadata on the cloud server...
CVE-2024-57685
An issue in sparkshop v.1.1.7 and before allows a remote attacker to execute arbitrary code via a crafted phar file...
CVE-2024-57685
An issue in sparkshop v.1.1.7 and before allows a remote attacker to execute arbitrary code via a crafted phar file...
CVE-2024-57685
An issue in sparkshop v.1.1.7 and before allows a remote attacker to execute arbitrary code via a crafted phar file...
CVE-2024-48107
SparkShop =1.1.7 is vulnerable to server-side request forgery SSRF. This vulnerability allows attacks to scan ports on the Intranet or local network where the server resides, attack applications running on the Intranet or local network, or read metadata on the cloud server...
CVE-2024-48107
SparkShop =1.1.7 is vulnerable to server-side request forgery SSRF. This vulnerability allows attacks to scan ports on the Intranet or local network where the server resides, attack applications running on the Intranet or local network, or read metadata on the cloud server...