threat
engine
.sh
Back
·
··:··
Home
/
Product
/
newbee mall project newbee mall
Product
newbee mall project newbee mall
14 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-26219
<= 1.0.0
newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate pe
9.1
CRITICAL
CVE-2026-26218
<= 1.0.0
newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provisioned with
9.8
CRITICAL
CVE-2025-10423
all versions
A vulnerability was found in newbee-mall 1.0. Impacted is the function mallKaptcha of the file /common/mall/kaptcha. The manipulat
3.7
LOW
CVE-2025-10422
<= 2023-10-09
A vulnerability has been found in newbee-mall up to 613a662adf1da7623ec34459bc83e3c1b12d8ce7. This issue affects the function payS
4.3
MEDIUM
CVE-2025-4259
all versions
A vulnerability has been found in newbee-mall 1.0 and classified as critical. Affected by this vulnerability is the function Uploa
6.3
MEDIUM
CVE-2025-1114
all versions
A vulnerability classified as problematic has been found in newbee-mall 1.0. Affected is the function save of the file /admin/cate
3.5
LOW
CVE-2024-48178
all versions
newbee-mall v1.0.0 is vulnerable to Server-Side Request Forgery (SSRF) via the goodsCoverImg parameter.
8.1
HIGH
CVE-2023-30216
< 2022-10-27
Insecure permissions in the updateUserInfo function of newbee-mall before commit 1f2c2dfy allows attackers to obtain user account
5.4
MEDIUM
CVE-2022-27477
all versions
Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /admin/goods/edit.
9.8
CRITICAL
CVE-2022-27476
all versions
A cross-site scripting (XSS) vulnerability at /admin/goods/update in Newbee-Mall v1.0.0 allows attackers to execute arbitrary web
6.1
MEDIUM
CVE-2020-23449
all versions
newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigService
7.5
HIGH
CVE-2020-23448
all versions
newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLoginInterceptor.java.
9.8
CRITICAL
CVE-2020-23447
all versions
newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settle. Users only need to write xss payload in their address inf
6.1
MEDIUM
CVE-2019-19113
< 2019-10-23
main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka New Bee) before 2019-10-23 allows search?goodsCategoryId=&keyw
9.8
CRITICAL
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin