CVE-2026-32270 Craft Commerce: Unauthenticated information disclosure in `commerce/payments/pay` can leak some customer order data on anonymous payments

Craft Commerce is an ecommerce platform for Craft CMS. In versions 4.0.0 through 4.10.2 and 5.0.0 through 5.5.4, the PaymentsController::actionPay discloses some order data to unauthenticated users when an order number is provided and the email check fails during an anonymous payment. The JSON...

CVE-2026-32270 Craft Commerce: Unauthenticated information disclosure in `commerce/payments/pay` can leak some customer order data on anonymous payments

Craft Commerce is an ecommerce platform for Craft CMS. In versions 4.0.0 through 4.10.2 and 5.0.0 through 5.5.4, the PaymentsController::actionPay discloses some order data to unauthenticated users when an order number is provided and the email check fails during an anonymous payment. The JSON...

CVE-2023-32270

Access of memory location after end of buffer issue exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution...

CVE-2022-32270

In Real Player 20.0.7.309 and 20.0.8.310, external::Import allows download of arbitrary file types and Directory Traversal, leading to Remote Code Execution. This occurs because it is possible to plant executables in the startup folder DLL planting could also occur...

CVE-2021-32270

An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function vwidboxdel located in boxcodebase.c. It allows an attacker to cause Denial of Service...

CVE-2025-32270 WordPress Broadstreet plugin <= 1.52.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery CSRF vulnerability in Broadstreet Broadstreet Ads broadstreet allows Cross Site Request Forgery.This issue affects Broadstreet Ads: from n/a through = 1.52.1...

CVE-2025-32270

Technical details for CVE-2025-32270 are not provided in the connected documents. The briefing notes a CSRF vulnerability in Broadstreet Broadstreet Ads plugin

CVE-2025-32270 WordPress Broadstreet Plugin <= 1.51.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery CSRF vulnerability in Broadstreet Broadstreet allows Cross Site Request Forgery. This issue affects Broadstreet: from n/a through 1.51.1...

WordPress Broadstreet plugin <= 1.52.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross Site Request Forgery CSRF to Settings Change vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Broadstreet Ads versions = 1.52.1...

CVE-2023-32270

Access of memory location after end of buffer issue exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution...

CVE-2023-32270

CVE-2023-32270 affects Fuji Electric TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. The issue is an Access of memory location after end of buffer (out-of-bounds read) when opening a specially crafted V8 file, with potential for information disclosure and arbitrary code execution. Public sources in t...

CVE-2023-32270

Access of memory location after end of buffer issue exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution...

PT-2022-4062 · Dd-Wrt · Dd-Wrt

Name of the Vulnerable Software and Affected Versions: DD-WRT versions Revision 32270 through Revision 48599 Description: The issue is related to insufficient input validation in the httpd module of DD-WRT, which can be exploited by sending a specially-crafted HTTP request to execute arbitrary...

DD-WRT 缓冲区错误漏洞

DD-WRT is a Linux-based alternative open source firmware to DD-WRT Open Source. It is suitable for use in a variety of WLAN routers and embedded systems. A buffer error vulnerability exists in DD-WRT revisions 32270 through 48599 that stems from a specially crafted HTTP request that could result ...

CVE-2022-32270

creationtimestamp| type| source ---|---|--- 2022-06-03 12:26:23+00:00| seen| https://t.me/cibsecurity/43795...

CVE-2022-32270

In Real Player 20.0.7.309 and 20.0.8.310, external::Import allows download of arbitrary file types and Directory Traversal, leading to Remote Code Execution. This occurs because it is possible to plant executables in the startup folder DLL planting could also occur...

CVE-2022-32270

CVE-2022-32270 affects RealNetworks RealPlayer versions 20.0.7.309 and 20.0.8.310. The flaw arises in external::Import(), which permits downloading arbitrary file types and directory traversal, enabling remote code execution. Root cause is facilitate­ment of DLL planting or executables in the sta...

CVE-2021-32270

CVE-2021-32270 affects the gpac multimedia framework (up to 20200801). The vulnerability is a NULL pointer dereference in the function vwid_box_del located in box_code_base.c , which can be exploited to cause a Denial of Service . The provided documents confirm the vulnerable component and root c...