| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2019-25541 | Netartmedia PHP Mall 4.1 Multiple SQL Injection | Netartmedia | Netartmedia PHP Mall | High | 8.2 | 2026-03-12 15:37:12 | Deep Dive |
| CVE-2019-25540 | Netartmedia PHP Mall 4.1 Multiple SQL Injection | Netartmedia | Netartmedia PHP Mall | High | 8.2 | 2026-03-12 15:37:11 | Deep Dive |
| CVE-2026-3287 | youlaitech youlai-mall App-side Product Pagination Endpoint SpuController.java listPagedSpuForApp sql injection | youlaitech | youlai-mall | Medium | 6.3 | 2026-02-27 04:02:43 | Deep Dive |
| CVE-2026-2658 | newbee-ltd newbee-mall Multiple Endpoints cross-site request forgery | newbee-ltd | newbee-mall | Medium | 4.3 | 2026-02-18 17:02:07 | Deep Dive |
| CVE-2026-26219 | newbee-mall Unsalted MD5 Password Hashing Enables Offline Credential Cracking | newbee-ltd | newbee-mall | Critical | 9.1 | 2026-02-12 18:39:50 | Deep Dive |
| CVE-2026-26218 | newbee-mall Default Seeded Administrator Credentials Allow Account Takeover | newbee-ltd | newbee-mall | Critical | 9.8 | 2026-02-12 18:38:40 | Deep Dive |
| CVE-2026-25858 | macrozheng mall <= 1.0.3 Unauthenticated Password Reset via OTP Disclosure | macrozheng | mall | Critical | 9.1 | 2026-02-07 21:45:41 | Deep Dive |
| CVE-2025-15360 | newbee-mall-plus Product Information Edit UploadController.java upload unrestricted upload | - | newbee-mall-plus | Medium | 4.7 | 2025-12-30 21:32:07 | Deep Dive |
| CVE-2025-15152 | h-moses moga-mall PmsProductController.java addProduct unrestricted upload | h-moses | moga-mall | Medium | 6.3 | 2025-12-28 20:02:08 | Deep Dive |
| CVE-2025-15118 | macrozheng mall Member Endpoint update improper authorization | macrozheng | mall | Medium | 4.3 | 2025-12-28 03:02:06 | Deep Dive |
| CVE-2025-15087 | youlaitech youlai-mall OrderController.java submitOrderPayment improper authorization | youlaitech | youlai-mall | Medium | 4.3 | 2025-12-25 21:02:08 | Deep Dive |
| CVE-2025-15086 | youlaitech youlai-mall MemberController.java getMemberByMobile access control | youlaitech | youlai-mall | Medium | 4.3 | 2025-12-25 20:32:06 | Deep Dive |
| CVE-2025-15085 | youlaitech youlai-mall Balance MemberController.java deductBalance improper authorization | youlaitech | youlai-mall | Medium | 4.3 | 2025-12-25 19:32:08 | Deep Dive |
| CVE-2025-15084 | youlaitech youlai-mall Order Payment OrderController.java orderService.payOrder access control | youlaitech | youlai-mall | Low | 3.1 | 2025-12-25 18:32:06 | Deep Dive |
| CVE-2025-14965 | 1541492390c yougou-mall ResourceController.java delete path traversal | 1541492390c | yougou-mall | Medium | 5.5 | 2025-12-19 19:02:09 | Deep Dive |
| CVE-2025-14259 | Jihai Jshop MiniProgram Mall System api.html sql injection | Jihai | Jshop MiniProgram Mall System | Medium | 6.3 | 2025-12-08 18:02:06 | Deep Dive |
| CVE-2025-14086 | youlaitech youlai-mall openid access control | youlaitech | youlai-mall | Medium | 6.3 | 2025-12-05 14:02:08 | Deep Dive |
| CVE-2025-14085 | youlaitech youlai-mall orders improper control of dynamically-identified variables | youlaitech | youlai-mall | Medium | 6.3 | 2025-12-05 14:02:06 | Deep Dive |
| CVE-2025-14052 | youlaitech youlai-mall members getMemberById access control | youlaitech | youlai-mall | Medium | 6.3 | 2025-12-05 00:02:06 | Deep Dive |
| CVE-2025-14051 | youlaitech youlai-mall addresses deleteAddress improper control of dynamically-identified variables | youlaitech | youlai-mall | Medium | 6.3 | 2025-12-04 22:32:06 | Deep Dive |