CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

103 matches found

CVE-2026-21719

An OS command injection vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to execute an arbitrary OS command...

8.6CVSS7.4AI score0.00253EPSS

Exploits0References1

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в chromium

The use of “after free” in the Cart component in Google Chrome before version 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through database corruption and a crafted HTML page. Chromium security severity: Medium...

8.8CVSS7.3AI score0.00116EPSS

Exploits0References2

Cvelist•added 2026/05/17 12:11 p.m.•34 views

CVE-2018-25336 jCart for OpenCart 2.3.0.2 Cross-Site Request Forgery

jCart for OpenCart 2.3.0.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information without authentication. Attackers can craft malicious HTML forms targeting endpoints , and to change user credentials, passwords, and affiliate account details...

6.9CVSS0.0001EPSS

Exploits0References4

Github Security Blog•added 2026/03/10 6:24 p.m.•4 views

Craft Commerce: Potential IDOR in Commerce carts

An Insecure Direct Object Reference IDOR vulnerability exists in Craft Commerce’s cart functionality that allows users to hijack any shopping cart by knowing or guessing its 32-character number. This vulnerability enables the takeover of shopping sessions and potential exposure of PII...

6.3CVSS5.8AI score0.00072EPSS

Exploits1References4Affected Software1

Vulnrichment•added 2026/02/27 5:23 p.m.•4 views

CVE-2019-25497 osCommerce 2.3.4.1 SQL Injection via currency Parameter

osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the currency parameter. Attackers can send GET requests to shoppingcart.php with malicious currency values using boolean-based SQL injection...

8.8CVSS6AI score0.00104EPSS

Exploits1References3

Positive Technologies•added 2026/02/03 12:0 a.m.•4 views

PT-2026-5831

Fishing Reservation System 7.5 contains multiple remote SQL injection vulnerabilities in admin.php, cart.php, and calendar.php that allow attackers to inject malicious SQL commands. Attackers can exploit vulnerable parameters like uid, pid, type, m, y, and code to compromise the database manageme...

7.1CVSS6AI score0.00046EPSS

Exploits0References5

RedhatCVE•added 2026/01/09 12:46 p.m.•4 views

CVE-2005-1607

Cross-site scripting XSS vulnerability in shop.cgi in Remote Cart allows remote attackers to inject arbitrary web script or HTML via the 1 merchant or 2 demo parameters...

6.8CVSS6AI score0.01171EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 12:39 p.m.•7 views

CVE-2023-43149

SPA-Cart 1.9.0.3 is vulnerable to Cross Site Request Forgery CSRF that allows a remote attacker to add an admin user with role status...

8.8CVSS7.1AI score0.01109EPSS

Exploits1References1