Lucene search
K

638 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-2871

Malicious code in bioql PyPI...

7.5CVSS6.4AI score0.01367EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-3535

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.02308EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-6896

Malicious code in bioql PyPI...

5.4CVSS4.6AI score0.00538EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 3:34 a.m.16 views

CVE-2023-27919

Authentication bypass vulnerability in NEXT ENGINE Integration Plugin for EC-CUBE 2.0 series all versions allows a remote unauthenticated attacker to alter the information stored in the system...

5.3CVSS6.6AI score0.007EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:15 a.m.6 views

CVE-2023-22438

Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0, EC-CUBE 3 series EC-CUBE 3.0.0 to 3.0.18-p5, and EC-CUBE 2 series EC-CUBE 2.11.0 to 2.11.5, EC-CUBE 2.12.0 to 2.12.6, EC-CUBE 2.13.0 to 2.13.5, an...

5.4CVSS6.5AI score0.00692EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:5 a.m.5 views

CVE-2022-25355

EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE 4.0.0 to 4.1.1 improperly handle HTTP Host header values, which may lead a remote unauthenticated attacker to direct the vulnerable version of EC-CUBE to send an Email with some forged reissue-password URL to EC-CUBE users...

5.3CVSS7AI score0.01138EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:27 p.m.4 views

CVE-2022-40199

Directory traversal vulnerability in EC-CUBE 3 series EC-CUBE 3.0.0 to 3.0.18-p4 and EC-CUBE 4 series EC-CUBE 4.0.0 to 4.1.2 allows a remote authenticated attacker with an administrative privilege to obtain the product's directory structure information...

2.7CVSS4.2AI score0.01028EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:51 p.m.7 views

CVE-2022-21179

Cross-site request forgery CSRF vulnerability in EC-CUBE plugin 'Mail Magazine Management Plugin' ver4.0.0 to 4.1.1 for EC-CUBE 4 series and ver1.0.0 to 1.0.4 for EC-CUBE 3 series allows a remote unauthenticated attacker to hijack the authentication of an administrator via a specially crafted pag...

4.3CVSS7.2AI score0.00465EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:59 p.m.7 views

CVE-2021-20743

Cross-site scripting vulnerability in EC-CUBE Email newsletters management plugin for EC-CUBE 3.0 series versions prior to version 1.0.4 allows a remote attacker to inject an arbitrary script by leading a user to a specially crafted page and to perform a specific operation...

6.1CVSS6.6AI score0.00754EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:59 p.m.4 views

CVE-2021-20717

Cross-site scripting vulnerability in EC-CUBE 4.0.0 to 4.0.5 allows a remote attacker to inject a specially crafted script in the specific input field of the EC web site which is created using EC-CUBE. As a result, it may lead to an arbitrary script execution on the administrator's web browser...

6.1CVSS6.7AI score0.02308EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:59 p.m.7 views

CVE-2021-20744

Cross-site scripting vulnerability in EC-CUBE Category contents plugin for EC-CUBE 3.0 series versions prior to version 1.0.1 allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially crafted page and to perform a specific operation...

6.1CVSS6.6AI score0.00754EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:31 p.m.5 views

CVE-2021-20825

Cross-site scripting vulnerability in List order management item change plug-in for EC-CUBE 3.0 series Ver.1.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors...

6.1CVSS6.6AI score0.00733EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:30 p.m.5 views

CVE-2021-20750

Cross-site scripting vulnerability in EC-CUBE EC-CUBE 3.0.0 to 3.0.18-p2 EC-CUBE 3 series and EC-CUBE 4.0.0 to 4.0.5-p1 EC-CUBE 4 series allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially crafted page and to perform a specific operation...

6.1CVSS6.7AI score0.01557EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:8 p.m.6 views

CVE-2021-20751

Cross-site scripting vulnerability in EC-CUBE EC-CUBE 4.0.0 to 4.0.5-p1 EC-CUBE 4 series allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially crafted page and to perform a specific operation...

6.1CVSS6.5AI score0.01088EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:8 p.m.11 views

CVE-2021-20742

Cross-site scripting vulnerability in EC-CUBE Business form output plugin for EC-CUBE 3.0 series versions prior to version 1.0.1 allows a remote attacker to inject an arbitrary script via unspecified vector...

6.1CVSS6.5AI score0.00757EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:17 p.m.7 views

CVE-2021-20841

Improper access control in Management screen of EC-CUBE 2 series 2.11.2 to 2.17.1 allows a remote authenticated attacker to bypass access restriction and to alter System settings via unspecified vectors...

6.5CVSS6.6AI score0.01276EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:17 p.m.5 views

CVE-2021-20842

Cross-site request forgery CSRF vulnerability in EC-CUBE 2 series 2.11.0 to 2.17.1 allows a remote attacker to hijack the authentication of Administrator and delete Administrator via a specially crafted web page...

6.5CVSS7.2AI score0.00533EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:17 p.m.9 views

CVE-2021-20778

Improper access control vulnerability in EC-CUBE 4.0.6 EC-CUBE 4 series allows a remote attacker to bypass access restriction and obtain sensitive information via unspecified vectors...

7.5CVSS6.6AI score0.02071EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:17 p.m.6 views

CVE-2021-20828

Cross-site scripting vulnerability in Order Status Batch Change Plug-in for EC-CUBE 3.0 series all versions allows a remote attacker to inject an arbitrary script via unspecified vectors...

6.1CVSS6.6AI score0.00748EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:43 p.m.7 views

CVE-2020-5590

Directory traversal vulnerability in EC-CUBE 3.0.0 to 3.0.18 and 4.0.0 to 4.0.3 allows remote authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors...

8.1CVSS6.7AI score0.02059EPSS
Exploits0References1
Rows per page
Query Builder