This is a list of officially reported information-security vulnerabilities and exposures with high or critical security impact (CVSS score 7 or higher) which were published in the CVE list in the last seven days. The data is downloaded from the National Vulnerability Database. Important notice: the allocation or reservation of a CVE ID does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.

This information was last updated on Wednesday, July 8, 05:00 AM GMT.
Thursday, July 2
7.5
In PrestaShop from version 1.6.0.1 and before version 1.7.6.6, the dashboard allows rewriting all configuration variables. The problem is fixed in 1.7.6.6
10
In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, the authentication system is malformed and an attacker is able to forge requests and execute admin commands. The problem is fixed in 1.7.6.6.