cubecart

Top products

The 15 most recently published vulnerabilities affecting cubecart.

• CVE-2026-45708CubeCart: Authenticated RCE via Invoice Template → Order Print7.2May 13, 2026
• CVE-2026-45055CubeCart: Pre-Authenticated Password Reset Link Poisoning via HTTP Host Header8.1May 13, 2026
• CVE-2026-45714CubeCart: Server-Side Template Injection (SSTI) in Smarty Templates leading to RCE9.1May 13, 2026
• CVE-2026-45054CubeCart: Authenticated SQL Injection via `sort[]` Parameter in Admin Orders Transactions Listing4.9May 13, 2026
• CVE-2026-45053CubeCart: Authenticated Arbitrary File Upload to RCE in REST Files API9.1May 13, 2026
• CVE-2026-44376CubeCart: Reflected XSS in Store Search Bar6.1May 13, 2026
• CVE-2026-39428CubeCart: Stored Cross-Site Scripting (XSS)4.8May 13, 2026
• CVE-2026-39358CubeCart: Time-based Blind SQL Injection7.2May 13, 2026
• CVE-2026-44377CubeCart: Server-Side Template Injection (SSTI) in Smarty Templates leading to RCE9.1May 13, 2026
• CVE-2026-35496A path traversal vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to access higher-level directories that should not be accessible.2.7Apr 17, 2026
• CVE-2026-34018An SQL injection vulnerability exists in CubeCart prior to 6.6.0, which may allow an attacker to execute an arbitrary SQL statement on the product.9.8Apr 17, 2026
• CVE-2026-21719An OS command injection vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to execute an arbitrary OS command.7.2Apr 17, 2026
• CVE-2025-59413CubeCart Unauthorized Newsletter Unsubscription via force_unsubscribe Parameter6.5Sep 22, 2025
• CVE-2025-59412CubeCart Vulnerable to HTML Injection in Product Reviews Allows Malicious Links and Defacement5.4Sep 22, 2025
• CVE-2025-59411CubeCart Stored/Reflected HTML Injection Vulnerability in Contact Enquiry5.4Sep 22, 2025