3007 matches found
EUVD-2026-20532
Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a malicious actor can include many GraphQL mutations or queries in a single API call using aliases or chaining multiple mutations, resulting in resource exhaustion. This vulnerability is fixed in...
Financial cyberthreats in 2025 and the outlook for 2026
In 2025, the financial cyberthreat landscape continued to evolve. While traditional PC banking malware declined in relative prevalence, this shift was offset by the rapid growth of credential theft by infostealers. Attackers increasingly relied on aggregation and reuse of stolen data, rather than...
CVE-2026-4613
A vulnerability was found in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown code of the file /products.php. The manipulation of the argument Search results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...
SourceCodester E-Commerce Site SQL注入漏洞
SourceCodester E-Commerce Site is an e-commerce website developed under open source by SourceCodester. Version 1.0 of SourceCodester E-Commerce Site has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter Search in the file /products.php, which may le...
CVE-2026-4613 SourceCodester E-Commerce Site products.php sql injection
A vulnerability was found in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown code of the file /products.php. The manipulation of the argument Search results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...
CVE-2026-4613
A vulnerability was found in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown code of the file /products.php. The manipulation of the argument Search results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...
CVE-2026-4613
SourceCodester E-Commerce Site 1.0 contains an SQL injection in the /products.php file triggered by the Search parameter. The vulnerability is exploitable remotely with a Proof-of-Concept exploit documented, affecting unknown code paths in the file. Reported CVSS metrics indicate high impact on c...
PT-2026-27258
A vulnerability was found in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown code of the file /products.php. The manipulation of the argument Search results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...
CVE-2025-14343
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Dokuzsoft Technology Ltd. E-Commerce Product allows Reflected XSS.This issue affects E-Commerce Product: through 10122025...
EUVD-2025-208137
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Dayneks Software Industry and Trade Inc. E-Commerce Platform allows SQL Injection.This issue affects E-Commerce Platform: through 27022026. NOTE: The vendor was contacted early about this disclosur...
CVE-2025-11251
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Dayneks Software Industry and Trade Inc. E-Commerce Platform allows SQL Injection. This issue affects E-Commerce Platform: through 27022026. NOTE: The vendor was contacted early about this disclosu...
CVE-2025-11251
CVE-2025-11251 concerns an SQL Injection vulnerability in Dayneks Software Industry and Trade Inc. E-Commerce Platform. The issue stems from improper neutralization of special elements in SQL commands, allowing potentially untrusted input to affect query logic. Affected vector is network-based, w...
CVE-2025-11251 SQLi in Dayneks Software's E-Commerce Platform
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Dayneks Software Industry and Trade Inc. E-Commerce Platform allows SQL Injection. This issue affects E-Commerce Platform: through 27022026. NOTE: The vendor was contacted early about this disclosu...
CVE-2025-11251 SQLi in Dayneks Software's E-Commerce Platform
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Dayneks Software Industry and Trade Inc. E-Commerce Platform allows SQL Injection. This issue affects E-Commerce Platform: through 27022026. NOTE: The vendor was contacted early about this disclosu...
Dayneks E-Commerce Platform SQL注入漏洞
Dayneks E-Commerce Platform is an e-commerce platform developed by the Turkish company Dayneks. Versions of Dayneks E-Commerce Platform dated back to February 27, 2026, and earlier contained a SQL injection vulnerability. This vulnerability stemmed from improper handling of special elements withi...
EUVD-2025-208120
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Dokuzsoft Technology Ltd. E-Commerce Product allows Reflected XSS.This issue affects E-Commerce Product: through 10122025...
CVE-2025-14343
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Dokuzsoft Technology Ltd. E-Commerce Product allows Reflected XSS. This issue affects E-Commerce Product: through 10122025...
CVE-2025-14343 Reflected XSS in Dokuzsoft Technology's E-Commerce Product
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Dokuzsoft Technology Ltd. E-Commerce Product allows Reflected XSS. This issue affects E-Commerce Product: through 10122025...
CVE-2025-14343 Reflected XSS in Dokuzsoft Technology's E-Commerce Product
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Dokuzsoft Technology Ltd. E-Commerce Product allows Reflected XSS. This issue affects E-Commerce Product: through 10122025...
CVE-2025-14343
CVE-2025-14343 is a Reflected XSS vulnerability in Dokuzsoft Technology Ltd. E-Commerce Product (affected through version 10122025) caused by improper neutralization of input during web page generation. The issue enables reflected XSS without authentication, with a CVSS 3.1 base score of 7.6 (AV:...