Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2023-2593

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00273EPSS
Exploits1References6
Cvelist
Cvelistadded 2025/02/28 1:43 p.m.16 views

CVE-2025-1748 HTML injection vulnerability in OpenCart

HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. These vulnerabilities could allow an attacker to modify the HTML of the victim's browser by sending a malicious URL and modifying the parameter name in /account/register...

4.7CVSS0.00121EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/02/03 1:0 a.m.3 views

CVE-2025-0974 MaxD Lightning Module deserialization

A vulnerability was determined in MaxD Lightning Module 4.43/4.44 on OpenCart. This issue affects some unknown processing. Executing a manipulation of the argument liop/md can lead to deserialization. The attack may be launched remotely. The attack requires a high level of complexity. The...

5CVSS5.4AI score0.00036EPSS
Exploits0References5
Github Security Blog
Github Security Blogadded 2024/06/22 6:30 a.m.15 views

Cross site scripting in opencart

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted to login a...

4.7CVSS6.3AI score0.00305EPSS
Exploits1References4Affected Software1
NVD
NVDadded 2020/12/29 5:15 p.m.9 views

CVE-2020-29470

OpenCart 3.0.3.6 is affected by cross-site scripting XSS in the Subject field of mail. This vulnerability can allow an attacker to inject the XSS payload in the Subject field of the mail and each time any user will open that mail of the website, the XSS triggers and the attacker can able to steal...

4.8CVSS4.8AI score0.00475EPSS
Exploits2References1
Cvelist
Cvelistadded 2020/12/29 4:21 p.m.15 views

CVE-2020-29471

OpenCart 3.0.3.6 is affected by cross-site scripting XSS in the Profile Image. An admin can upload a profile image as a malicious code using JavaScript. Whenever anyone will see the profile picture, the code will execute and XSS will trigger...

4.9AI score0.00475EPSS
Exploits2References1
NVD
NVDadded 2020/03/17 3:15 p.m.13 views

CVE-2020-10596

OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section...

5.4CVSS4.6AI score0.01247EPSS
Exploits4References2
Prion
Prionadded 2011/09/24 12:55 a.m.8 views

Information disclosure

OpenCart 1.4.9.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/startup.php and certain other files...

5CVSS6.7AI score0.01117EPSS
Exploits1References4Affected Software1
Prion
Prionadded 2009/05/12 4:30 p.m.12 views

Directory traversal

Directory traversal vulnerability in index.php in OpenCart 1.1.8 allows remote attackers to read arbitrary files via a .. dot dot in the route parameter...

5CVSS7.1AI score0.02622EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder