Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
CubeCart is an ecommerce software solution. Prior to 6.7.3, an admin with documents edit permission can save raw into the Invoice Editor. The next time any admin clicks Print on any order,
CVE-2026-45053
CRITICAL CVSS 9.1
Find Similar
CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Arbitrary File Upload vulnerability exists in the REST API File Manager endpoint (POST /api/v1/files) of CubeCart. The endp
CVE-2026-44377
CRITICAL CVSS 9.1
Find Similar
CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection (SSTI) vulnerability exists in multiple modules of CubeCart (including Email Templates and D
CubeCart is an ecommerce software solution. Prior to 6.6.0, a Stored Cross-Site Scripting (XSS) vulnerability exists in CubeCart v6.x. An attacker with administrative privileges can inject malicious J
CubeCart is an ecommerce software solution. Prior to version 6.5.11, a vulnerability exists in the product reviews feature where user-supplied input is not properly sanitized before being displayed. A
CVE-2026-45714
CRITICAL CVSS 9.1
Find Similar
CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection (SSTI) vulnerability exists in multiple modules of CubeCart (including Email Templates, Invo
CubeCart is an ecommerce software solution. Prior to 6.7.0, an unauthenticated Reflected XSS vulnerability exists in the CubeCart v6.x search feature. Due to a logic flaw in classes/catalogue.class.ph
CubeCart is an ecommerce software solution. Prior to 6.7.2, CubeCart 6.6.x – 6.7.1 builds CC_STORE_URL directly from the Host request header at bootstrap, with no allowlist. The constant is embedded v
A path traversal vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to access higher-level directories that should not be accessible.
CVE-2025-47641
CRITICAL CVSS 10.0
Find Similar
Unrestricted Upload of File with Dangerous Type vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce printcart-integration allows Upload a Web Shell to a Web Server.This
The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.4.1 via the 'wcdn/invoice' directory. Th
CVE-2025-12493
CRITICAL CVSS 9.8
Find Similar
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to,
OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting (XSS) attack via SVG file uploads used in blog posts. The vulnerability arises because SVG files uploaded through the media mana
A vulnerability has been found in OpenCart 4.0.2.3. Affected by this issue is the function Save of the file admin/controller/design/template.php of the component Incomplete Fix CVE-2024-36694. Such ma
The Woocommerce Blocks – Woolook plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.0 via the via the 'tab' parameter. This makes it possible for auth
The Woocommerce Automatic Order Printing | ( Formerly WooCommerce Google Cloud Print) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1 v
Directory traversal vulnerability in AbanteCart version 1.4.2 allows unauthenticated attackers to gain access to sensitive system files via the template parameter to index.php.
A vulnerability was found in InvoicePlane up to 1.6.1. It has been declared as critical. This vulnerability affects the function upload_file of the file /index.php/upload/upload_file/1/1. The manipula
webTareas 2.0.p8 contains a file deletion vulnerability in the print_layout.php administration component that allows authenticated attackers to delete arbitrary files. Attackers can exploit the vulner
A vulnerability was found in code-projects Online Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/edit_product.php. The manipulation o
Page 1+ Next →