Evershop Security Vulnerabilities (CVEs)

Track 8 security vulnerabilities affecting Evershop products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

3 Critical

3 High

1 Medium

1 Low

Sort by:

🔔 Get Alerts for Evershop

CVE-2026-25993 9.8

CVE-2026-25993 is a second-order SQL injection vulnerability in EverShop eCommerce platform that allows attackers to execute arbitrary SQL commands. A...

Feb 10, 2026

CVE-2025-67419 7.5

An unauthenticated Denial of Service vulnerability in evershop allows attackers to crash application servers by sending specially crafted SVG image re...

Jan 5, 2026

CVE-2025-67427 6.5

A Blind Server-Side Request Forgery vulnerability in evershop allows unauthenticated attackers to force the server to make HTTP requests to arbitrary ...

Jan 5, 2026

CVE-2025-65844 7.5

CVE-2025-65844 is an unauthenticated arbitrary file upload vulnerability in EverShop 2.0.1 that allows attackers to upload any file type and create di...

Dec 2, 2025

CVE-2025-12919 3.7

This vulnerability in EverShop allows attackers to manipulate order UUID parameters to access unauthorized order data. It affects EverShop installatio...

Nov 9, 2025

CVE-2023-46943 9.1

This vulnerability allows attackers to forge valid JSON Web Tokens (JWTs) due to a hardcoded weak HMAC secret ('secret') in @evershop/evershop. Attack...

Jan 13, 2024

CVE-2023-46496 8.3

A directory traversal vulnerability in EverShop NPM allows remote attackers to access sensitive files outside the intended directory via crafted DELET...

Dec 8, 2023

CVE-2023-46498 9.8

A critical vulnerability in EverShop NPM versions before 1.0.0-rc.8 allows remote attackers to access sensitive information and execute arbitrary code...

Dec 8, 2023

Why Monitor Evershop Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 8+ known vulnerabilities affecting Evershop products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Evershop packages in under 60 seconds. No agents required - completely agentless scanning that works across Evershop deployments.

Free vulnerability database: Access detailed information about every Evershop CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

Register free account & add your servers
Run one-time scan or schedule automatic monitoring (every 1-24 hours)
Receive instant alerts when new Evershop CVEs affect your systems
Access dashboard with severity breakdown & fix instructions

Start Monitoring Evershop CVEs Free