📦 Evershop
by Evershop
🔍 What is Evershop?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
CVE-2026-25993 is a second-order SQL injection vulnerability in EverShop eCommerce platform that allows attackers to execute arbitrary SQL commands. Attackers can inject malicious SQL code into the ur...
This vulnerability allows attackers to forge valid JSON Web Tokens (JWTs) due to a hardcoded weak HMAC secret ('secret') in @evershop/evershop. Attackers can use these forged tokens to gain unauthoriz...
A critical vulnerability in EverShop NPM versions before 1.0.0-rc.8 allows remote attackers to access sensitive information and execute arbitrary code via the /deleteCustomer/route.json endpoint. This...
An unauthenticated Denial of Service vulnerability in evershop allows attackers to crash application servers by sending specially crafted SVG image requests. Attackers can exhaust server resources thr...
CVE-2025-65844 is an unauthenticated arbitrary file upload vulnerability in EverShop 2.0.1 that allows attackers to upload any file type and create directories via the /api/images endpoint. This can l...
A directory traversal vulnerability in EverShop NPM allows remote attackers to access sensitive files outside the intended directory via crafted DELETE requests to the api/files endpoint. This affects...
A Blind Server-Side Request Forgery vulnerability in evershop allows unauthenticated attackers to force the server to make HTTP requests to arbitrary internal or external systems. This affects eversho...
This vulnerability in EverShop allows attackers to manipulate order UUID parameters to access unauthorized order data. It affects EverShop installations up to version 2.0.1. The attack can be performe...