EUVD-2018-14318

Malware in sbrugna...

EUVD-2016-7743

Malware in sbrugna...

EUVD-2014-8701

Malware in sbrugna...

EUVD-2016-7741

Malware in sbrugna...

EUVD-2016-7742

Malware in sbrugna...

EUVD-2016-7744

Malware in sbrugna...

com.adobe.cq.commerce:cq-commerce-hybris-impl (>=5.6.100 <=6.4.4), com.adobe.cq.media:cq-media-publishing-dps-integration (=5.6.16) +119 more potentially affected by CVE-2025-58782 via org.apache.jackrabbit:jackrabbit-core (>=1.2.1 <=2.22.1)

org.apache.jackrabbit:jackrabbit-core MAVEN version =1.2.1, =5.6.100, =2.0.6, =1.0.10, =1.0.8, =2.0.5, =2.0.0, =0.0.1, =2.1.1, =2.5.0, =2.1.1, =2.5.0, =2.1.1, =4.3.5 and more Source cves: CVE-2025-58782 Source advisory: OSV:GHSA-CXVC-G8F2-4GMM...

The vulnerability of the Omni Commerce Connect (OCC) application interface in the SAP Commerce Cloud and SAP Hybris Commerce e-commerce platforms allows a hacker to influence the confidentiality of protected information.

The vulnerability of the Omni Commerce Connect OCC application interface in the SAP Commerce Cloud and SAP Hybris Commerce platforms is related to insufficient protection of sensitive data. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality of the...

PT-2023-4247 · Sap · Sap Hybris Commerce +1

Name of the Vulnerable Software and Affected Versions: SAP Commerce Cloud versions HY COM 2105, HY COM 2205, COM CLOUD 2211 SAP Hybris Commerce versions HY COM 2105, HY COM 2205 Description: The issue is related to the implementation of the Omni Commerce Connect OCC API in SAP Commerce Cloud and...

com.activecq.tools.quickimage:core (=1.0.0), com.adobe.cq.commerce:cq-commerce-hybris-impl (>=5.5.0 <=6.4.4) +19 more potentially affected by CVE-2012-2138 via org.apache.sling:org.apache.sling.servlets.post (>=2.0.4-incubator <=2.1.0)

org.apache.sling:org.apache.sling.servlets.post MAVEN version =2.0.4-incubator, =5.5.0, =5.5.0, =5.3.0, =5.3.0, =5.4.0, =1.0.8, =1.0.12, =1.0.6, =5.5.0, =5.6.2, =5.4.0, =5.6.8 and more Source cves: CVE-2012-2138 Source advisory: OSV:GHSA-342C-F869-5M44...

com.activecq.tools.quickimage:core (=1.0.0), com.adobe.cq.commerce:cq-commerce-hybris-impl (>=5.5.0 <=6.4.4) +19 more potentially affected by CVE-2015-2944 via org.apache.sling:org.apache.sling.servlets.post (>=2.0.4-incubator <=2.1.0)

org.apache.sling:org.apache.sling.servlets.post MAVEN version =2.0.4-incubator, =5.5.0, =5.5.0, =5.3.0, =5.3.0, =5.4.0, =1.0.8, =1.0.12, =1.0.6, =5.5.0, =5.6.2, =5.4.0, =5.6.8 and more Source cves: CVE-2015-2944 Source advisory: OSV:GHSA-RXVX-44W5-44R7...

The vulnerability of the SAP Hybris Commerce e-commerce platform, related to the lack of measures for cleaning incoming data, allows a perpetrator to carry out cross-site scripting attacks.

The vulnerability of the SAP Hybris Commerce e-commerce platform is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

CVE-2019-0344

Due to unsafe deserialization used in SAP Commerce Cloud virtualjdbc extension, versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection...

Code injection

Due to unsafe deserialization used in SAP Commerce Cloud virtualjdbc extension, versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection...

CVE-2019-0344

Due to unsafe deserialization used in SAP Commerce Cloud virtualjdbc extension, versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with ‘Hybris’ user rights, resulting in Code Injection. Recent assessments: Assessed Attacker Value: 0 Assess...

CVE-2019-0238

SAP Commerce previously known as SAP Hybris Commerce, before version 6.7, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

CVE-2019-0238

Summary: SAP Commerce (formerly SAP Hybris Commerce) before version 6.7 contains an XSS vulnerability caused by insufficient encoding of user-controlled inputs. This is documented in multiple sources (NVD CVE-2019-0238 and CNVD entry). Affected scope: pre-6.7 versions; no exact exploitation detai...

CVE-2018-2505

SAP Commerce (Hybris) storefronts are affected by an input validation issue that can lead to Cross-Site Scripting (XSS). The vulnerability arises from insufficient validation of user-controlled inputs. Fixed in SAP Hybris Commerce versions 6.2, 6.3, 6.4, 6.5, 6.6, and 6.7. The CVE describes a cli...

CVE-2018-2505

SAP Commerce does not sufficiently validate user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability in storefronts that are based on the product. Fixed in versions SAP Hybris Commerce, versions 6.2, 6.3, 6.4, 6.5, 6.6, 6.7...

biz.netcentric.cq.tools.accesscontroltool:sling-minimum-version-environment (>=4.2.0 <=4.2.1), com.adobe.cq.commerce:cq-commerce-hybris-impl (>=5.6.100 <=6.4.4) +632 more potentially affected by CVE-2016-4434 via org.apache.tika:tika-core (>=0.4 <=1.12)

org.apache.tika:tika-core MAVEN version =0.4, =4.2.0, =5.6.100, =2.0.6, =1.0.10, =1.0.12, =1.0.8, =0.6, =1.0.8, =1.0.12 and more Source cves: CVE-2016-4434 Source advisory: OSV:GHSA-4XR4-4C65-HJ7F...