CVE-2026-47742 Shopper: Missing authorization on Product admin Livewire sub-form components

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Sub-form Livewire components used in the product editor Edit, Inventory, Seo, Shipping, Files had no authorization on their store method. Any authenticated panel user, regardless of role, could mutate any product's pricing, stock, SEO...

IBM Engineering Requirements Management DOORS Next 安全漏洞

IBM Engineering Requirements Management DOORS Next is a scalable solution provided by the American company International Business Machines IBM. This solution can help you capture, track, analyze, and manage systems as well as advanced IT application development. Versions 7.1 and 7.2 of IBM...

CVE-2023-43610

SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor without setting authority or higher privilege to perform unintended database operations...

MAL-2025-110047 Malicious code in unchanged_snail-appteadev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52b0a8c378d7a80e6a95bc3486c2447561207fefebc87475e6785d5a6d90dbca This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2023-48016

Malicious code in bioql PyPI...

Code-Projects Laundry System 代码注入漏洞

Laundry System is a laundry system. Laundry System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter Type in the file /data/edittype.php, which can be exploited by an attacker to execute arbitrary...

CVE-2023-43614

Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script...

CVE-2023-43614

Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script...

CVE-2023-43610

SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor without setting authority or higher privilege to perform unintended database operations...

Cross site scripting

Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script...

CVE-2023-43614

Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script...

CVE-2023-43614

Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script...

CVE-2023-43610

CVE-2023-43610 is a SQL injection vulnerability in Welcart e-Commerce (WordPress plugin) affecting versions 2.7–2.8.21. The issue exists in the Order Data Edit page, allowing a user with editor-level privileges or higher to perform unintended database operations. Red Hat and JVN entries corrobora...

CVE-2023-43610

SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor without setting authority or higher privilege to perform unintended database operations...

Multiple cross-site scripting vulnerabilities in Movable Type

Overview Movable Type provided by Six Apart Ltd. contains multiple cross-site scripting vulnerabilities listed below. Cross-site scripting vulnerability in Search screen CWE-79 - CVE-2021-20808 Cross-site scripting vulnerability in Create screens of Entry, Page, and Content Type CWE-79 -...

CVE-2020-24673

In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data from the database, modify database data Insert/Update/Delete, execute administration operations on the database such as shutdown the DBMS, recover the content of a given file present on the DBMS file...

CVE-2019-19491

TestLink 1.9.19 has XSS via the lib/testcases/archiveData.php edit parameter, the index.php reqURI parameter, or the URI in a lib/testcases/tcEdit.php?doAction=doDeleteStep request...

TestLink Cross-Site Scripting Vulnerability

TestLink is a WEB-based test case management system. A cross-site scripting vulnerability exists in TestLink 1.9.19. The vulnerability can be exploited by an attacker via the lib/testcases/archiveData.php edit parameter, the index.php reqURI parameter, or the URI in the...

CVE-2015-8815

Multiple cross-site scripting XSS vulnerabilities in Umbraco before 7.4.0 allow remote attackers to inject arbitrary web script or HTML via the name parameter to 1 the media page, 2 the developer data edit page, or 3 the form page...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Umbraco before 7.4.0 allow remote attackers to inject arbitrary web script or HTML via the name parameter to 1 the media page, 2 the developer data edit page, or 3 the form page...