VYPR
Vendor

Newbee Ltd

Products
2
CVEs
15
Across products
16
Status
Private

Products

2

Recent CVEs

15
  • CVE-2025-15360MedDec 30, 2025
    risk 0.31cvss 4.7epss 0.00

    A vulnerability was determined in newbee-mall-plus 2.0.0. This impacts the function Upload of the file src/main/java/ltd/newbee/mall/controller/common/UploadController.java of the component Product Information Edit Page. This manipulation of the argument File causes unrestricted…

  • CVE-2026-2658MedFeb 18, 2026
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was found in newbee-ltd newbee-mall up to a069069b07027613bf0e7f571736be86f431faee. Affected is an unknown function of the component Multiple Endpoints. Performing a manipulation results in cross-site request forgery. Remote exploitation of the attack is…

  • CVE-2025-10422MedSep 15, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability has been found in newbee-mall up to 613a662adf1da7623ec34459bc83e3c1b12d8ce7. This issue affects the function paySuccess of the file /paySuccess of the component Order Status Handler. The manipulation of the argument orderNo leads to improper authorization.…

  • CVE-2025-12854LowNov 7, 2025
    risk 0.24cvss 3.7epss 0.00

    A vulnerability was identified in newbee-mall-plus up to 2.4.1. This vulnerability affects the function executeSeckill of the file /seckillExecution/. The manipulation of the argument userid leads to authorization bypass. It is possible to initiate the attack remotely. The…

  • CVE-2025-10423LowSep 15, 2025
    risk 0.24cvss 3.7epss 0.00

    A vulnerability was found in newbee-mall 1.0. Impacted is the function mallKaptcha of the file /common/mall/kaptcha. The manipulation results in guessable captcha. The attack can be executed remotely. A high complexity level is associated with this attack. The exploitability is…

  • CVE-2026-26219Feb 12, 2026
    risk 0.00cvss epss 0.00

    newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who obtain password hashes through database exposure, backup leakage, or other…

  • CVE-2026-26218Feb 12, 2026
    risk 0.00cvss epss 0.00

    newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provisioned with a predictable default password. Deployments that initialize or reset the database using the provided schema and fail to change the default…

  • CVE-2025-4259May 5, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been found in newbee-mall 1.0 and classified as critical. Affected by this vulnerability is the function Upload of the file ltd/newbee/mall/controller/common/UploadController.java. The manipulation of the argument File leads to unrestricted upload. The attack…

  • CVE-2025-1114Feb 7, 2025
    risk 0.00cvss epss 0.00

    A vulnerability classified as problematic has been found in newbee-mall 1.0. Affected is the function save of the file /admin/categories/save of the component Add Category Page. The manipulation of the argument categoryName leads to cross site scripting. It is possible to launch…

  • CVE-2024-48178Oct 28, 2024
    risk 0.00cvss epss 0.00

    newbee-mall v1.0.0 is vulnerable to Server-Side Request Forgery (SSRF) via the goodsCoverImg parameter.

  • CVE-2023-30216May 4, 2023
    risk 0.00cvss epss 0.00

    Insecure permissions in the updateUserInfo function of newbee-mall before commit 1f2c2dfy allows attackers to obtain user account information.

  • CVE-2022-27477Apr 10, 2022
    risk 0.00cvss epss 0.01

    Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /admin/goods/edit.

  • CVE-2022-27476Apr 10, 2022
    risk 0.00cvss epss 0.01

    A cross-site scripting (XSS) vulnerability at /admin/goods/update in Newbee-Mall v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the goodsName parameter.

  • CVE-2020-23447Jan 26, 2021
    risk 0.00cvss epss 0.01

    newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settle. Users only need to write xss payload in their address information when buying goods, which is triggered when viewing the "View Recipient Information" of this order in "Order Management Office".

  • CVE-2019-19113Nov 18, 2019
    risk 0.00cvss epss 0.02

    main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka New Bee) before 2019-10-23 allows search?goodsCategoryId=&keyword= SQL Injection.