CVE-2022-33077

An access control issue in nopcommerce v4.50.2 allows attackers to arbitrarily modify any customer's address via the addressedit endpoint...

CVE-2025-65591

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS via the Currencies functionality...

nopCommerce 安全漏洞

nopCommerce is a suite of open source, general purpose e-commerce platforms from nopCommerce, Inc. A security vulnerability exists in nopCommerce versions prior to 4.70 and 4.80.3, which stems from a failure to invalidate a session cookie after logout or session termination, which could lead to...

EUVD-2022-32895

Malicious code in bioql PyPI...

EUVD-2022-31964

Malicious code in bioql PyPI...

EUVD-2022-36134

Malicious code in bioql PyPI...

EUVD-2022-32894

Malicious code in bioql PyPI...

CVE-2022-28449

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting XSS. At Apply for vendor account feature, an attacker can upload an arbitrary file to the system...

CVE-2022-28450

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting XSS via the "Text" parameter forums when creating a new post, which allows a remote attacker to execute arbitrary JavaScript code at client browser...

CVE-2019-19683

RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to ../ path traversal via d or f to Admin/RoxyFileman/ProcessRequest because of Libraries/Nop.Services/Media/RoxyFileman/FileRoxyFilemanService.cs...

CVE-2022-33077

An access control issue in nopcommerce v4.50.2 allows attackers to arbitrarily modify any customer's address via the addressedit endpoint...