GHSA-46WH-PXPV-Q5GQ express-rate-limit: IPv4-mapped IPv6 addresses bypass per-client rate limiting on servers with dual-stack network

Summary The default keyGenerator in express-rate-limit applies IPv6 subnet masking /56 by default to all addresses that net.isIPv6 returns true for. This includes IPv4-mapped IPv6 addresses ::ffff:x.x.x.x, which Node.js returns as request.ip on dual-stack servers. Because the first 80 bits of all...

CVE-2026-25993 EverShop has a Second-Order SQL Injection in URL Rewrite Processing Derived from Category URL Keys

EverShop is a TypeScript-first eCommerce platform. During category update and deletion event handling, the application embeds path / requestpath values—derived from the urlkey stored in the database—into SQL statements via string concatenation and passes them to execute. As a result, if a malicio...

CVE-2026-25993

EverShop is a TypeScript-first eCommerce platform. During category update and deletion event handling, the application embeds path / requestpath values—derived from the urlkey stored in the database—into SQL statements via string concatenation and passes them to execute. As a result, if a malicio...

PT-2026-7418

Name of the Vulnerable Software and Affected Versions EverShop versions prior to 2.1.1 Description EverShop is a TypeScript-first eCommerce platform susceptible to a second-order SQL injection. During category update and deletion event handling, the application incorporates values from the url...

EUVD-2019-4681

Malware in sbrugna...