CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

78 matches found

Vulnrichment•added 2026/05/19 10:26 p.m.•4 views

CVE-2026-6095 Orejime - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-032

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Orejime allows Cross-Site Scripting XSS. This issue affects Orejime: from 0.0.0 before 2.0.16...

5.8AI score0.00033EPSS

Exploits0References1

Cvelist•added 2026/05/19 10:26 p.m.•27 views

CVE-2026-6095 Orejime - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-032

0.00033EPSS

Exploits0References1

CNNVD•added 2026/05/19 12:0 a.m.•4 views

Drupal Orejime 跨站脚本漏洞

Drupal Orejime is a Drupal privacy and cookie consent management module developed by the Drupal company. Versions of Drupal Orejime prior to 2.0.16 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper input during the web page generation process, which could le...

6.1CVSS5.6AI score0.00033EPSS

Exploits0References1

RedhatCVE•added 2026/03/26 3:10 p.m.•2 views

CVE-2026-32100

Shopware is an open commerce platform. /api/info/config route exposes information about active security fixes. This vulnerability is fixed in 2.0.16, 3.0.12, and 4.0.7...

5.3CVSS5.8AI score0.00041EPSS

Exploits0References1

RedhatCVE•added 2026/03/26 3:7 p.m.•3 views

CVE-2026-31822

Sylius is an Open Source eCommerce Framework on Symfony. A cross-site scripting XSS vulnerability exists in the shop checkout login form handled by the ApiLoginController Stimulus controller. When a login attempt fails, AuthenticationFailureHandler returns a JSON response whose message field is...

6.1CVSS5.6AI score0.00051EPSS

Exploits0References1

OSV•added 2026/03/11 12:12 a.m.•1 views

GHSA-WJMG-4CQ5-M8HG Sylius is Missing Authorization in API v2 Add Item Endpoint

Impact The POST /api/v2/shop/orders/tokenValue/items endpoint does not verify cart ownership. An unauthenticated attacker can add items to other registered customers' carts by knowing the cart tokenValue. POST /api/v2/shop/orders/tokenValue/items Other mutation endpoints PUT, PATCH, DELETE are no...

6.9CVSS6AI score0.00112EPSS

Exploits0References3

Snyk•added 2026/03/11 12:12 a.m.•1 views

Authorization Bypass Through User-Controlled Key

Overview sylius/sylius is a platform for PHP, based on Symfony framework. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via unvalidated resource IDs accepted through LiveArg parameters in multiple LiveComponents. An attacker can access...

7.1CVSS5.9AI score0.00021EPSS

Exploits0References2

OSV•added 2026/03/11 12:12 a.m.•0 views

GHSA-2XC6-348P-C2X6 Sylius affected by IDOR in Cart and Checkout LiveComponents

Impact An authenticated Insecure Direct Object Reference IDOR vulnerability exists in multiple shop LiveComponents due to unvalidated resource IDs accepted via LiveArg parameters. Unlike props, which are protected by LiveComponent's @checksum, args are fully user-controlled - any action that...

7.1CVSS5.9AI score0.00021EPSS

Exploits0References3

NVD•added 2026/03/10 10:16 p.m.•5 views

CVE-2026-31821

Sylius is an Open Source eCommerce Framework on Symfony. The POST /api/v2/shop/orders/tokenValue/items endpoint does not verify cart ownership. An unauthenticated attacker can add items to other registered customers' carts by knowing the cart tokenValue. An attacker who obtains a cart tokenValue...

6.9CVSS0.00112EPSS

Exploits0References1

ATTACKERKB•added 2026/03/10 9:27 p.m.•3 views

CVE-2026-31822

5.3CVSS5.7AI score0.00051EPSS

Exploits0References2Affected Software1

OSV•added 2026/03/10 9:27 p.m.•1 views

CVE-2026-31822 Sylius has a XSS vulnerability in checkout login form

5.3CVSS5.6AI score0.00051EPSS

Exploits0References3

CNNVD•added 2026/03/10 12:0 a.m.•3 views

Sylius 跨站脚本漏洞

Sylius is an open-source e-commerce platform developed by the Polish company Sylius, based on the Symfony framework. Sylius has a cross-site scripting vulnerability. This vulnerability arises from the use of the innerHTML method to render the message field in the login form during checkout, which...

6.1CVSS5.6AI score0.00051EPSS

Exploits0References1

CNNVD•added 2026/03/10 12:0 a.m.•3 views

Sylius 安全漏洞

Sylius is an open-source e-commerce platform developed by the Polish company Sylius, based on the Symfony framework. There is a security vulnerability in Sylius, which stems from unvalidated resource IDs in multiple stores using LiveComponents. This vulnerability may lead to insecure direct objec...

7.1CVSS5.8AI score0.00021EPSS

Exploits0References1

Vulnrichment•added 2026/01/18 10:10 p.m.•3 views

CVE-2026-23525 1panel App Store vulnerable to Cross-site Scripting

1Panel is an open-source, web-based control panel for Linux server management. A stored Cross-Site Scripting XSS vulnerability exists in the 1Panel App Store when viewing application details. Malicious scripts can execute in the context of the user’s browser, potentially compromising session data...

6.4CVSS6AI score0.00113EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:34 a.m.•3 views

CVE-2024-41381

microweber 2.0.16 was discovered to contain a Cross Site Scripting XSS vulnerability via userfiles\modules\settings\admin.php...

6.1CVSS6.3AI score0.0119EPSS

Exploits1References1