Vulnerabilities in evershopcommerce

2 results

CVE-2026-28213CRITICALEverShop Vulnerable to Arbitrary Customer Account Takeover via Exposure of Password Reset Token in API ResponseEPSS 0.4%CVE-2026-25993CRITICALEverShop has a Second-Order SQL Injection in URL Rewrite Processing Derived from Category URL KeysEPSS 0.3%