CVE-2026-38939

Cross Site Scripting vulnerability in andrewtch88 mvc-ecommerce v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the productcatalogue.php component...

CVE-2026-7297

A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects the function saveuser of the file /admin/ajax.php?action=saveuser. Executing a manipulation of the argument Name can lead to cross site scripting. The attack can be executed remotely. The...

PT-2026-7487

The WP eCommerce WordPress plugin through 3.15.1 unserializes user input via ajax actions, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

E-commerce 访问控制错误漏洞

E-commerce is a dynamic e-commerce website developed by Bhabishya Ghimire as an individual developer. Version 1.0.0 of E-commerce contains a security vulnerability related to access control. This vulnerability arises from incorrect handling of the parameter email in the file...

CVE-2024-44651

Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the recoveremail parameter in userpasswordrecover.php...

CVE-2025-63883

CVE-2025-63883 affects electic-shop v1.0. The vulnerability is a DOM-based XSS in client-side code that reads attacker-controlled input (e.g., URL parameters or fragment) and writes it into the DOM using unsafe sinks such as innerHTML, insertAdjacentHTML, or document.write without proper sanitiza...

CVE-2025-61456

A Cross-Site Scripting XSS vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the index endpoint. Unsanitized input in the /index parameter is directly reflected back into the response HTML, allowing attackers to execute arbitrary JavaScript in the browser of a user who...

EUVD-2021-1570

Malware in sbrugna...

EUVD-2006-6571

Malware in sbrugna...

EUVD-2017-9102

Malware in sbrugna...

EUVD-2015-0907

Malware in sbrugna...

EUVD-2012-4180

Malware in sbrugna...

EUVD-2024-17262

Malicious code in bioql PyPI...

EUVD-2022-52362

Malicious code in bioql PyPI...

EUVD-2025-10876

Malicious code in bioql PyPI...

EUVD-2024-51163

Malicious code in bioql PyPI...

CVE-2021-32720

Sylius is an Open Source eCommerce platform on top of Symfony. In versions of Sylius prior to 1.9.5 and 1.10.0-RC.1, part of the details order ID, order number, items total, and token value of all placed orders were exposed to unauthorized users. If exploited properly, a few additional informatio...

WordPress Real WP Shop Lite Ajax eCommerce Shopping Cart plugin <= 2.0.8 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Real WP Shop Lite Ajax eCommerce Shopping Cart versions = 2.0.8...

CVE-2025-3975

Consolidated note: ScriptAndTools eCommerce-website-in-PHP version 3.0 contains a vulnerability in the admin/subscriber-csv.php processing. The issue allows information disclosure and can be exploited remotely (network vector). The PT-2025-18002 entry provides these concrete details; other connec...

CVE-2025-3556

A vulnerability classified as problematic was found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected by this vulnerability is an unknown functionality of the file /admin/login.php. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be...