Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

10 matches found

CVE
CVEadded 2026/05/17 12:11 p.m.11 views

CVE-2018-25336

Joomla jCart for OpenCart 2.3.0.2 has a cross-site request forgery (CSRF) vulnerability. The issue allows an attacker to modify user account information without authentication by crafting malicious HTML forms targeting endpoints, resulting in changes to user credentials, passwords, and affiliate ...

6.9CVSS5.7AI score0.0001EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/04/02 12:0 a.m.0 views

PT-2026-29734

A vulnerability was determined in OpenCart 4.1.0.3. This affects an unknown part of the file installer.php of the component Extension Installer Page. Executing a manipulation can lead to path traversal. The attack may be launched remotely. The exploit has been publicly disclosed and may be...

5.8CVSS5.5AI score0.00154EPSS
Exploits0References5
EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2020-13278

Malware in sbrugna...

7.2CVSS6.9AI score0.00758EPSS
Exploits1References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2025-5960

Malicious code in bioql PyPI...

4.7CVSS6.4AI score0.00121EPSS
Exploits0References2
NVD
NVDadded 2025/07/25 5:15 p.m.6 views

CVE-2025-45892

OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting XSS attack via the blog editor. The vulnerability arises because input in the blog's editor is not properly sanitized or escaped before being rendered. This allows attackers to inject malicious JavaScript code...

6.1CVSS0.00167EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2025/05/22 12:56 a.m.5 views

CVE-2016-10509

SQL injection vulnerability in the updateAmazonOrderTracking function in upload/admin/model/openbay/amazon.php in OpenCart before version 2.3.0.0 allows remote authenticated administrators to execute arbitrary SQL commands via a carrier aka courierid parameter to openbay.php...

7.2CVSS8.3AI score0.00506EPSS
Exploits1References1
CVE
CVEadded 2025/02/28 1:43 p.m.84 views

CVE-2025-1748

CVE-2025-1748 affects OpenCart versions prior to 4.1.0. The flaw is an HTML injection in the /account/register flow that lets an attacker modify the HTML rendered in a victim’s browser via a malicious URL (by altering the parameter name). Reported across multiple feeds, the vulnerability is categ...

4.7CVSS5.1AI score0.00121EPSS
Exploits0References1Affected Software1
OSV
OSVadded 2024/06/25 11:58 a.m.11 views

BIT-OPENCART-2024-21515

This affects versions of the package opencart/opencart from 4.0.0-0. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted to login a...

4.7CVSS4.8AI score0.00305EPSS
Exploits1References3
CVE
CVEadded 2024/06/22 5:0 a.m.57 views

CVE-2024-21516

Summary: CVE-2024-21516 affects opencart/opencart versions 4.0.0.0 through before 4.1.0.0. A reflected XSS exists in the directory parameter of the admin common/filemanager.list route. By tricking a user into clicking a malicious URL, an attacker can obtain the user’s token through login prompts,...

4.7CVSS4.8AI score0.00305EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2023/06/20 12:0 a.m.8 views

CVE-2020-20491

SQL injection vulnerability in OpenCart v.2.2.00 thru 3.0.3.2 allows a remote attacker to execute arbitrary code via the Fba plugin function in upload/admin/index.php...

8.9AI score0.00758EPSS
Exploits1References1
Rows per page
Query Builder