All CosmicBytez Labs articles tagged #E-Commerce, across news, security advisories, how-to guides, and projects.
CVSS 9.8 PHP object injection in Mirasvit Full Page Cache Warmer for Magento 2 lets unauthenticated attackers achieve RCE — patch to 1.11.12 now.
CVE-2026-39079 is a CVSS 7.5 (High) information disclosure vulnerability in the PrestaShop upsshipping module affecting all versions through 2.4.0. Remote...
A CVSS 9.8 blind SQL injection vulnerability in Akilli Commerce's e-commerce platform allows unauthenticated attackers to extract the entire database...
CVE-2026-2347 is a CVSS 9.8 authorization bypass in Akilli's e-commerce platform, allowing attackers to hijack authenticated sessions by manipulating...
A stored Cross-Site Scripting vulnerability (CVSS 9.3) in PrestaShop's back-office Customer Service view allows unauthenticated attackers to inject...
An authenticated Server-Side Template Injection vulnerability in CubeCart prior to 6.7.0 allows attackers with API key access to execute arbitrary code...
A critical arbitrary file upload vulnerability in CubeCart's REST API File Manager allows holders of a files:rw API key to upload PHP webshells to the web...
Škoda Auto, the Czech automaker wholly owned by Volkswagen Group, has disclosed a data breach after attackers compromised its official online shop and...
Hackers exploited a vulnerability in Skoda's online shop portal to access customer personal data including names, addresses, email addresses, and phone...
A massive campaign targeting nearly 100 Magento e-commerce stores embeds credit card-stealing JavaScript inside a pixel-sized SVG image, bypassing visual...
Mass exploitation is underway against Magento 2 and Adobe Commerce installations using the 'PolyShell' polyglot file upload vulnerability, with attackers...
Cybersecurity researchers have uncovered a sophisticated new payment skimmer that weaponises WebRTC data channels to exfiltrate stolen credit card data...