51 matches found
EC-CUBE vulnerable to multi-factor authentication bypass
Overview EC-CUBE provided by EC-CUBE CO.,LTD. contains the following vulnerability. Authentication bypass using an alternate path or channel CWE-288 - CVE-2026-30777 EC-CUBE CO.,LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and EC-CUBE CO.,LT...
EC-CUBE 安全漏洞
EC-CUBE is an open-source e-commerce system developed by the Japanese company EC-CUBE. There is a security vulnerability in EC-CUBE, which stems from the possibility of bypassing multi-factor authentication. This vulnerability could allow attackers to access the management page without being...
CVE-2026-25958
Cube is a semantic layer for building data applications. From 0.27.19 to before 1.5.13, 1.4.2, and 1.0.14, it is possible to make a specially crafted request with a valid API token that leads to privilege escalation. This vulnerability is fixed in 1.5.13, 1.4.2, and 1.0.14...
CVE-2023-25077
Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script...
EUVD-2008-4516
Malware in sbrugna...
EUVD-2008-4517
Malware in sbrugna...
EUVD-2009-4205
Malware in sbrugna...
EUVD-2008-4518
Malware in sbrugna...
EUVD-2022-4536
Malicious code in bioql PyPI...
EUVD-2022-5245
Malicious code in bioql PyPI...
EUVD-2022-4259
Malicious code in bioql PyPI...
EUVD-2022-4235
Malicious code in bioql PyPI...
EUVD-2021-8157
Malicious code in bioql PyPI...
EUVD-2022-3535
Malicious code in bioql PyPI...
EUVD-2023-26600
Malicious code in bioql PyPI...
EUVD-2022-1137
Malicious code in bioql PyPI...
EUVD-2023-51011
Malicious code in bioql PyPI...
EUVD-2023-26949
Malicious code in bioql PyPI...
Prototype Pollution
Overview node-cube is an a new way to write js in browser Affected versions of this package are vulnerable to Prototype Pollution via the resource initialization process. An attacker can inject properties into the prototype of built-in objects by supplying crafted input, potentially leading to...
@orca-fe/datav-cli (>=2.8.3 <=2.9.4), @shuji-components/sjv-cli (=0.0.3) +4 more potentially affected by CVE-2025-57348 via node-cube (>=0.0.10 <=5.0.0-beta.28)
node-cube NPM version =0.0.10, =2.8.3, =0.0.1, =1.0.2, =1.0.0, =0.0.1, =1.0.9 Source cves: CVE-2025-57348 Source advisory: SNYK:JS-NODECUBE-13109830...