Citrix StoreFront Server - XML External Entity

Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 3.12.4000, and 7.6 LTSR before CU8 3.0.8000 allows XXE attacks. id: CVE-2019-13608 info: name: Citrix StoreFront Server - XML External Entity author: daffainfo severity: high description: | Citrix StoreFront Server before 1903, 7.15 LTSR...

Citrix StoreFront - Cross-Site Scripting

Reflected Cross-Site Scripting issue which is exploitable without authentication. This vulnerability was exploitable through coercing an error message during an XML parsing procedure in the SSO flow. id: CVE-2023-5914 info: name: Citrix StoreFront - Cross-Site Scripting author: DhiyaneshDK...

EUVD-2026-20104

The DSGVO Google Web Fonts GDPR plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the DSGVOGWPdownloadGoogleFonts function in all versions up to, and including, 1.1. The function is exposed via a wpajaxnopriv hook, requiring no authentication. It...

CVE-2026-3535

The DSGVO Google Web Fonts GDPR plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the DSGVOGWPdownloadGoogleFonts function in all versions up to, and including, 1.1. The function is exposed via a wpajaxnopriv hook, requiring no authentication. It...

CVE-2026-3535

The CVE concerns the DSGVO Google Web Fonts GDPR WordPress plugin. All versions up to 1.1 are vulnerable due to missing file type validation in the DSGVOGWPdownloadGoogleFonts() function. The function, exposed via a wp_ajax_nopriv_ hook (no authentication), fetches a user-supplied URL as a CSS fi...

PT-2026-31095

Name of the Vulnerable Software and Affected Versions DSGVO Google Web Fonts GDPR plugin for WordPress versions up to and including 1.1 Description The DSGVO Google Web Fonts GDPR plugin for WordPress is susceptible to arbitrary file upload due to the absence of file type validation in the...

MAL-2026-2102 Malicious code in storefront-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f98f783cc760be758abd241914b7bb745e69248c87c20f1b84d14a522676413a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview storefront-logger is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in storefront-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f98f783cc760be758abd241914b7bb745e69248c87c20f1b84d14a522676413a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@cloudcommerce/storefront (>=0.10.0 <=0.11.0), @gspenst/next (>=0.0.1 <=0.1.2) +6 more potentially affected by CVE-2026-29066 via @tinacms/cli (>=0.60.28 <=1.12.6)

@tinacms/cli NPM version =0.60.28, =0.10.0, =0.0.1, =0.1.0, =0.0.2, =0.0.3, =0.0.1, =0.1.3 - next-tina-github-starter =0.1.0 - ramidus =1.2.1 Source cves: CVE-2026-29066 Source advisory: OSV:GHSA-M48G-4WR2-J2H6...

@cloudcommerce/storefront (>=0.10.0 <=0.11.0), @gspenst/next (>=0.0.1 <=0.1.2) +6 more potentially affected by CVE-2026-28793 via @tinacms/cli (>=0.60.28 <=1.12.6)

@tinacms/cli NPM version =0.60.28, =0.10.0, =0.0.1, =0.1.0, =0.0.2, =0.0.3, =0.0.1, =0.1.3 - next-tina-github-starter =0.1.0 - ramidus =1.2.1 Source cves: CVE-2026-28793 Source advisory: OSV:GHSA-2F24-MG4X-534Q...

CVE-2026-31888

Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, the Store API login endpoint POST /store-api/account/login returns different error codes depending on whether the submitted email address belongs to a registered customer CHECKOUTCUSTOMERAUTHBADCREDENTIALS or is unknown...

EUVD-2026-10919

Sylius Vulnerable to Authenticated Stored XSS...

EUVD-2026-10918

Sylius Vulnerable to Authenticated Stored XSS...

CVE-2026-31823 Sylius has Authenticated Stored XSS

Sylius is an Open Source eCommerce Framework on Symfony. An authenticated stored cross-site scripting XSS vulnerability exists in multiple places across the shop frontend and admin panel due to unsanitized entity names being rendered as raw HTML. Shop breadcrumbs shared/breadcrumbs.html.twig: The...

PT-2026-24477

Name of the Vulnerable Software and Affected Versions Sylius versions 1.9.12 through 2.2.3 Description Sylius, an Open Source eCommerce Framework on Symfony, contains an authenticated stored cross-site scripting XSS issue in multiple areas of the shop frontend and admin panel. This is due to...

EUVD-2020-30944

Infor Storefront B2B 1.0 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'usrname' parameter in login requests. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'usrname' parameter to potentially extract or...

CVE-2020-37033

Infor Storefront B2B 1.0 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'usrname' parameter in login requests. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'usrname' parameter to potentially extract or...

CVE-2020-37033 Infor Storefront B2B 1.0 - 'usr_name' SQL Injection

Infor Storefront B2B 1.0 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'usrname' parameter in login requests. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'usrname' parameter to potentially extract or...

CVE-2020-37033

CVE-2020-37033 is corroborated by PT-2026-5474, which documents an SQL injection in Infor Storefront B2B 1.0 through the login endpoint via the usr name parameter. The root cause is unsafely constructed SQL in the login flow which can lead to arbitrary query manipulation and potential data exposu...