Lucene search
+L

4845 matches found

EUVD
EUVD
added 2026/07/10 8:31 p.m.6 views

EUVD-2026-43025

The Eventin – Event Calendar, Event Registration, Tickets & Booking AI Powered plugin for WordPress is vulnerable to authorization bypass due to a regression in versions from 4.0.26 up to and including 4.1.15. This is due to the plugin not properly verifying that a user is authorized to perform a...

5.3CVSS6.1AI score0.00257EPSS
Exploits0References2
NVD
NVD
added 2026/07/09 5:16 p.m.10 views

CVE-2026-15190

A vulnerability was detected in SourceCodester Simple and Nice Shopping Cart Script 1.0. This affects an unknown part of the file /login.php. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and m...

7.5CVSS0.00328EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/09 3:45 p.m.7 views

EUVD-2026-42615

A vulnerability was detected in SourceCodester Simple and Nice Shopping Cart Script 1.0. This affects an unknown part of the file /login.php. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and m...

7.5CVSS6.8AI score0.00328EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/09 3:45 p.m.32 views

CVE-2026-15190 SourceCodester Simple and Nice Shopping Cart Script login.php sql injection

A vulnerability was detected in SourceCodester Simple and Nice Shopping Cart Script 1.0. This affects an unknown part of the file /login.php. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and m...

7.5CVSS0.00328EPSS
Exploits0References6
CVE
CVE
added 2026/07/09 3:45 p.m.10 views

CVE-2026-15190

CVE-2026-15190 affects SourceCodester Simple and Nice Shopping Cart Script 1.0. The vulnerability is a SQL injection in an unknown area of /login.php triggered by manipulating the Username parameter. Remote exploitation is possible, and publicly available exploits exist. The CVSS metrics indicate...

7.5CVSS6.9AI score0.00328EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/07/08 2:4 p.m.4 views

WordPress Abandoned Cart Recovery for WooCommerce plugin <= 1.1.12 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by she11f in WordPress Plugin Abandoned Cart Recovery for WooCommerce versions = 1.1.12...

6.5CVSS6.1AI score0.00252EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/08 1:23 p.m.6 views

WordPress Cart Lift plugin <= 3.1.57 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by dodoh4t in WordPress Plugin Cart Lift versions = 3.1.57...

7.1CVSS6.1AI score0.0018EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/07/06 9:49 p.m.14 views

CVE-2026-43927

FOSSBilling has a race-condition vulnerability in the cart checkout flow that, before version 0.8.0, lets an authenticated user apply promo codes beyond their maxuses by sending concurrent checkout requests before usage increments complete. This can enable unlimited discounts or free orders from ...

6.9CVSS6AI score0.0022EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/06 9:49 p.m.31 views

CVE-2026-43927 FOSSBilling has race condition in cart checkout that bypasses promo code usage limits

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, a race condition in the cart checkout flow allows an authenticated client to apply a promo code beyond its configured maximum uses. By sending concurrent checkout requests before any single request...

6.9CVSS0.0022EPSS
Exploits0References1
OSV
OSV
added 2026/07/06 9:49 p.m.4 views

CVE-2026-43927 FOSSBilling has race condition in cart checkout that bypasses promo code usage limits

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, a race condition in the cart checkout flow allows an authenticated client to apply a promo code beyond its configured maximum uses. By sending concurrent checkout requests before any single request...

6.9CVSS6AI score0.0022EPSS
Exploits0References3
NVD
NVD
added 2026/07/04 9:17 p.m.8 views

CVE-2026-14654

A vulnerability was identified in SourceCodester Simple and Nice Shopping Cart Script 1.0. Affected is an unknown function of the file /admin/girlsproductdeletequery.php. Such manipulation of the argument userid leads to sql injection. The attack can be executed remotely. The exploit is publicly...

7.5CVSS0.00412EPSS
Exploits0References6
NVD
NVD
added 2026/07/04 9:17 p.m.9 views

CVE-2026-14652

A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script 1.0. This affects an unknown function of the file /admin/login.php of the component Admin Login. The manipulation of the argument Username results in sql injection. The attack may be launched remotely. The exploit ha...

7.5CVSS0.00412EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/04 9:0 p.m.7 views

EUVD-2026-41698

A vulnerability was identified in SourceCodester Simple and Nice Shopping Cart Script 1.0. Affected is an unknown function of the file /admin/girlsproductdeletequery.php. Such manipulation of the argument userid leads to sql injection. The attack can be executed remotely. The exploit is publicly...

7.5CVSS6.9AI score0.00412EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/04 9:0 p.m.9 views

CVE-2026-14654

A vulnerability was identified in SourceCodester Simple and Nice Shopping Cart Script 1.0. Affected is an unknown function of the file /admin/girlsproductdeletequery.php. Such manipulation of the argument userid leads to sql injection. The attack can be executed remotely. The exploit is publicly...

7.5CVSS5.9AI score0.00412EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/07/04 9:0 p.m.33 views

CVE-2026-14654 SourceCodester Simple and Nice Shopping Cart Script girlsproductdeletequery.php sql injection

A vulnerability was identified in SourceCodester Simple and Nice Shopping Cart Script 1.0. Affected is an unknown function of the file /admin/girlsproductdeletequery.php. Such manipulation of the argument userid leads to sql injection. The attack can be executed remotely. The exploit is publicly...

7.5CVSS0.00412EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/04 8:45 p.m.8 views

EUVD-2026-41697

A vulnerability was determined in SourceCodester Simple and Nice Shopping Cart Script 1.0. This impacts an unknown function of the file /admin/mensproductdeletequery.php. This manipulation of the argument userid causes sql injection. Remote exploitation of the attack is possible. The exploit has...

7.5CVSS6.8AI score0.00412EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/04 8:45 p.m.31 views

CVE-2026-14653 SourceCodester Simple and Nice Shopping Cart Script mensproductdeletequery.php sql injection

A vulnerability was determined in SourceCodester Simple and Nice Shopping Cart Script 1.0. This impacts an unknown function of the file /admin/mensproductdeletequery.php. This manipulation of the argument userid causes sql injection. Remote exploitation of the attack is possible. The exploit has...

7.5CVSS0.00412EPSS
Exploits0References6
CVE
CVE
added 2026/07/04 8:45 p.m.22 views

CVE-2026-14653

SourceCodester Simple and Nice Shopping Cart Script 1.0 contains an SQL injection in /admin/mensproductdeletequery.php exposed by manipulating the user_id argument. The vulnerability is remotely exploitable (attack vector: NETWORK) with LOW to MEDIUM impacts per CVSS data: Confidentiality, Integr...

7.5CVSS6.8AI score0.00412EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/04 8:30 p.m.8 views

EUVD-2026-41696

A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script 1.0. This affects an unknown function of the file /admin/login.php of the component Admin Login. The manipulation of the argument Username results in sql injection. The attack may be launched remotely. The exploit ha...

7.5CVSS6.8AI score0.00412EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/04 8:30 p.m.34 views

CVE-2026-14652 SourceCodester Simple and Nice Shopping Cart Script Admin Login login.php sql injection

A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script 1.0. This affects an unknown function of the file /admin/login.php of the component Admin Login. The manipulation of the argument Username results in sql injection. The attack may be launched remotely. The exploit ha...

7.5CVSS0.00412EPSS
Exploits0References6
Rows per page
Query Builder