Lucene search
K

17 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-2296

Malicious code in bioql PyPI...

5.5CVSS6.3AI score0.00481EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-3123

Malicious code in bioql PyPI...

5.5CVSS6.4AI score0.00346EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-2124

Malicious code in bioql PyPI...

8.8CVSS6.4AI score0.0051EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-2159

Malicious code in bioql PyPI...

7.2CVSS6.3AI score0.00607EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 7:43 a.m.7 views

CVE-2024-37294

Aimeos is an Open Source e-commerce framework for online shops. All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack. Users should upgrade to versions 2022.10.17, 2023.10.17, or 2024.04 of the aimeos/aimeos-core package to...

5.5CVSS5.5AI score0.00435EPSS
Exploits0References1
NVD
NVD
added 2024/10/24 7:15 p.m.23 views

CVE-2024-47173

Aimeos is an e-commerce framework. All SaaS and marketplace setups using the Aimeos GraphQL API admin interface version from 2024.04 up to 2024.07.1 are affected by a potential denial of service attack. Version 2024.07.2 fixes the issue...

5.5CVSS0.00346EPSS
Exploits0References1
OSV
OSV
added 2024/09/26 4:7 p.m.13 views

CVE-2024-39319 aimeos/ai-controller-frontend has IDOR vulnerability in account profile page

aimeos/ai-controller-frontend is the Aimeos frontend controller package for e-commerce projects. Prior to versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, an insecure direct object reference allows an attacker to disable subscriptions and reviews of another customer. Versions...

5.3CVSS5.3AI score0.00473EPSS
Exploits0References13
NVD
NVD
added 2024/07/02 9:15 p.m.42 views

CVE-2024-39322

aimeos/ai-admin-jsonadm is the Aimeos e-commerce JSON API for administrative tasks. In versions prior to 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2, improper access control allows editors to remove admin group and locale configuration in the Aimeos backend. Versions 2020.10.13,...

5.5CVSS0.00481EPSS
Exploits0References6
CVE
CVE
added 2024/07/02 8:19 p.m.93 views

CVE-2024-39322

CVE-2024-39322 affects the aimes/ai-admin-jsonadm JSON API used for administrative tasks. In versions prior to 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2, improper access control allows editors to remove admin group and locale configuration in the Aimeos backend. A fix is present i...

5.5CVSS5.4AI score0.00481EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/07/02 8:19 p.m.28 views

CVE-2024-39322 aimeos/ai-admin-jsonadm improper access control vulnerability allows editors to remove required records

aimeos/ai-admin-jsonadm is the Aimeos e-commerce JSON API for administrative tasks. In versions prior to 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2, improper access control allows editors to remove admin group and locale configuration in the Aimeos backend. Versions 2020.10.13,...

5.5CVSS6.5AI score0.00481EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2024/06/25 8:8 p.m.18 views

CVE-2024-38516 Aimeos HTML client may potentially reveal sensitive information in error log

ai-client-html is an Aimeos e-commerce HTML client component. Debug information revealed sensitive information from environment variables in error log. This issue has been patched in versions 2024.04.7, 2023.10.15, 2022.10.13 and 2021.10.22...

8.8CVSS6.3AI score0.0051EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/06/25 8:8 p.m.43 views

CVE-2024-38516 Aimeos HTML client may potentially reveal sensitive information in error log

ai-client-html is an Aimeos e-commerce HTML client component. Debug information revealed sensitive information from environment variables in error log. This issue has been patched in versions 2024.04.7, 2023.10.15, 2022.10.13 and 2021.10.22...

8.8CVSS0.0051EPSS
Exploits0References2
CVE
CVE
added 2024/06/25 8:8 p.m.55 views

CVE-2024-38516

CVE-2024-38516 affects the ai-client-html component of the Aimeos e-commerce stack. The root cause, as described across sources, is a vulnerability where debug information can leak sensitive data from environment variables via error logs. The issue is categorized as information disclosure with hi...

8.8CVSS8.5AI score0.0051EPSS
Exploits0References2
OSV
OSV
added 2024/06/25 8:8 p.m.23 views

CVE-2024-38516 Aimeos HTML client may potentially reveal sensitive information in error log

ai-client-html is an Aimeos e-commerce HTML client component. Debug information revealed sensitive information from environment variables in error log. This issue has been patched in versions 2024.04.7, 2023.10.15, 2022.10.13 and 2021.10.22...

8.8CVSS6.3AI score0.0051EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2021/11/22 12:0 a.m.438 views

Aimeos Laravel Ecommerce Platform 2021.10 LTS SQL Injection

Exploit Title: Aimeos Laravel ecommerce platform 2021.10 LTS - 'sort' SQL injection Date: 20/11/2021 Exploit Author: Ilker Burak ADIYAMAN Vendor Homepage: https://aimeos.org Software Link: https://aimeos.org/laravel-ecommerce-package Version: Aimeos 2021.10 LTS Tested on: MacOSX Description: The...

7.1AI score
Exploits0
0day.today
0day.today
added 2021/11/22 12:0 a.m.355 views

Aimeos Laravel ecommerce platform 2021.10 LTS - (sort) SQL injection Vulnerability

Exploit Title: Aimeos Laravel ecommerce platform 2021.10 LTS - 'sort' SQL injection Exploit Author: Ilker Burak ADIYAMAN Vendor Homepage: https://aimeos.org Software Link: https://aimeos.org/laravel-ecommerce-package Version: Aimeos 2021.10 LTS Tested on: MacOSX Description: The Aimeos E-Commerce...

7.1AI score
Exploits0
Huntr
Huntr
added 2021/07/04 7:48 p.m.31 views

Cross-site Scripting (XSS) - Stored in aimeos/aimeos-laravel

✍️ Description Integrated online shop based on Laravel 6 LTS and the Aimeos e-commerce framework this webapp is vulnerabel for stored xss thru filename 🕵️‍♂️ Proof of Concept 💥 Impact This vulnerability is capable admin ac takeover , XSS...

1.4AI score
Exploits0References1
Rows per page
Query Builder