CVE-2026-44376

CubeCart is an ecommerce software solution. Prior to 6.7.0, an unauthenticated Reflected XSS vulnerability exists in the CubeCart v6.x search feature. Due to a logic flaw in classes/catalogue.class.php, user input is reflected without sanitization only when a search returns exactly one product...

EUVD-2016-4716

Malware in sbrugna...

EUVD-2025-30837

Malicious code in bioql PyPI...

CVE-2025-59335

CubeCart is an ecommerce software solution. Prior to version 6.5.11, there is an absence of automatic session expiration following a user's password change. This oversight poses a security risk, as if a user forgets to log out from a location where they accessed their account, an unauthorized use...

CVE-2025-59411

CVE-2025-59411 affects CubeCart versions prior to 6.5.11. The Enquiry field in the contact form accepts raw HTML, which is included verbatim in emails to the store admin, indicating a lack of escaping/sanitization before output in email (and possibly on re-render). This creates a Cross‑Site Scrip...

CVE-2025-49331

Deserialization of Untrusted Data vulnerability in impleCode eCommerce Product Catalog ecommerce-product-catalog allows Object Injection.This issue affects eCommerce Product Catalog: from n/a through = 3.4.3...

CVE-2023-4674

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Yaztek Software Technologies and Computer Systems E-Commerce Software allows SQL Injection. This issue affects E-Commerce Software: through 20231229. NOTE: The vendor was contacted early about this...

CVE-2023-4531

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Mestav Software E-commerce Software allows SQL Injection. This issue affects E-commerce Software: before 20230901...

Shopware 代码问题漏洞

Shopware is a suite of open source e-commerce software from the German company Shopware. A code issue exists in Shopware where a vulnerability exists because the administrative session expiration date is set to one week, which allows an attacker to use the session for a long period of time if the...

PT-2022-22633 · Unknown · Ecommerce-Codeigniter-Bootstrap

Name of the Vulnerable Software and Affected Versions: Ecommerce-CodeIgniter-Bootstrap versions before commit 56465f Description: A cross-site scripting XSS issue was found in the function base url at the /blog/blogpublish.php endpoint. This allows for potential exploitation. Recommendations: For...

Holiday Shopping Craze, COVID-19 Spur Retail Security Storm

As online retailers prepare for the upcoming holiday shopping season, security researchers are warning that cybercriminals will be on the prowl this year, with the added factor of the coronavirus pandemic pushing many Black Friday shoppers online. Chris Eng, chief research officer with Veracode,...

Travel Management System 1.0 Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: Travel Management System v1.0 - Unauthenticated Remote Code Execution Exploit Author: Adeeb Shah @hyd3sec & Bobby Cooke boku Vulnerability Discovery: Adeeb Shah @hyd3sec Date: August 10, 2020 Vendor Homepage:...

Kentico CMS 11.0 - Buffer Overflow Vulnerability

Exploit for windows platform in category dos / poc Document Title: =============== Kentico CMS v11.0 - Stack Buffer Overflow Vulnerability CVE-ID: ======= CVE-2018-5282 Vulnerability Class: ==================== Buffer Overflow Current Estimated Price: ======================== 2.000€ - 3.000€...

Arastta 1.1.5 - SQL Injection

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Arastta 1.1.5 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://arastta.org/ Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported to vendor: 11/21/2015 Disclosed to public: 12/21/2015 Releas...

Arastta 1.1.5 SQL Injection

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Arastta 1.1.5 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://arastta.org/ Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported to vendor: 11/21/2015 Disclosed to public: 12/21/2015 Releas...

Arastta 1.1.5 Cross Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Arastta 1.1.5 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://arastta.org/ Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 11/21/2015 Disclosed to public: 12/21/2015 Release mode: Fu...

OpenSolution QuickCart Index.PHP Local File Containment Vulnerability

OpenSolution Quick.Cart is a PHP-based open source e-commerce software from OpenSolution Poland. The software supports engine optimization , module extensions and so on. A local file inclusion vulnerability exists in OpenSolution Quick.Cart 2.2 and earlier versions, which stems from the program...

Prestashop 1.6.0.9 Cross Site Scripting

CVE-2015-1175-xss-prestashop Information ——————– Advisory by Octogence. Name: Reflected XSS Vulnerability in prestashop ecommerce software Affected Software : Prestashop Affected Versions: 1.6.0.9 and possibly below Vendor Homepage : https://www.prestashop.com/ Vulnerability Type : Cross-site...

Catalog Builder - Ecommerce Software - Blind SQL Injection

No description provided by source. +------------------------------------------------------------------------------------------+ |------- Catalog Builder - Ecommerce Software - Blind SQL Injection Vulnerability -------|...

CubeCart 4.4.6 Open URL Redirection

OVERVIEW CubeCart 4.4.6 and lower versions are vulnerable to Open URL Redirection. 2. BACKGROUND CubeCart is an "out of the box" ecommerce shopping cart software solution which has been written to run on servers that have PHP & MySQL support. With CubeCart you can quickly setup a powerful online...