Lucene search
K

677 matches found

Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.20 views

PT-2026-45640

A vulnerability was identified in itsourcecode Fees Management System 1.0. This affects an unknown part of the file /manage course.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...

6.5CVSS5.7AI score0.002EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.10 views

itsourcecode Fees Management System SQL注入漏洞

itsourcecode Fees Management System is an open-source charging management system developed by itsourcecode. Version 1.0 of the itsourcecode Fees Management System has a SQL injection vulnerability. This vulnerability arises from incorrect operations with the parameter ID in the unknown portion of...

6.5CVSS6.6AI score0.002EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.8 views

itsourcecode Fees Management System SQL注入漏洞

itsourcecode Fees Management System is an open-source charging management system developed by itsourcecode. Version 1.0 of the itsourcecode Fees Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter “Username” by an unknown functio...

6.5CVSS6.6AI score0.0025EPSS
Exploits0References6
Malwarebytes
Malwarebytes
added 2026/04/28 10:46 a.m.17 views

Fake CAPTCHA scam turns a quick click into a costly phone bill

Researchers have documented a long‑running campaign that uses fake CAPTCHA pages to trick mobile users into sending dozens of international SMS messages in the background. If you’ve spent any time on today’s web, CAPTCHAs may seem like background noise: click a few traffic lights, prove you’re...

5.5AI score
Exploits0
Hacker One
Hacker One
added 2026/04/15 9:11 p.m.27 views

CoinMate.io: POST /api/bitcoinWithdrawalFees returns financial data without authentication despite being documented as a USER OPERATION (private endpoint)

A vulnerability was discovered in the CoinMate API where the POST /api/bitcoinWithdrawalFees endpoint was accessible without authentication, despite being documented as a private endpoint. The endpoint returned real-time Bitcoin withdrawal fee data without requiring any authentication, unlike oth...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/14 1:22 a.m.4 views

CVE-2026-39671

Cross-Site Request Forgery CSRF vulnerability in Dotstore Extra Fees Plugin for WooCommerce woo-conditional-product-fees-for-checkout allows Cross Site Request Forgery.This issue affects Extra Fees Plugin for WooCommerce: from n/a through = 4.3.3...

7.1CVSS5.8AI score0.00102EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 9:31 a.m.6 views

EUVD-2026-20349

Cross-Site Request Forgery CSRF vulnerability in Dotstore Extra Fees Plugin for WooCommerce woo-conditional-product-fees-for-checkout allows Cross Site Request Forgery.This issue affects Extra Fees Plugin for WooCommerce: from n/a through = 4.3.3...

5.9AI score0.00102EPSS
Exploits0References2
NVD
NVD
added 2026/04/08 9:16 a.m.4 views

CVE-2026-39671

Cross-Site Request Forgery CSRF vulnerability in Dotstore Extra Fees Plugin for WooCommerce woo-conditional-product-fees-for-checkout allows Cross Site Request Forgery.This issue affects Extra Fees Plugin for WooCommerce: from n/a through = 4.3.3...

7.1CVSS0.00102EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/08 8:30 a.m.2 views

CVE-2026-39671

Cross-Site Request Forgery CSRF vulnerability in Dotstore Extra Fees Plugin for WooCommerce woo-conditional-product-fees-for-checkout allows Cross Site Request Forgery.This issue affects Extra Fees Plugin for WooCommerce: from n/a through = 4.3.3...

5.9AI score0.00102EPSS
Exploits0References2
CVE
CVE
added 2026/04/08 8:30 a.m.8 views

CVE-2026-39671

CVE-2026-39671 describes a Cross-Site Request Forgery (CSRF) vulnerability in the Dotstore Extra Fees Plugin for WooCommerce (woo-conditional-product-fees-for-checkout), affecting versions from n/a through 4.3.3. The connected sources consistently identify CSRF as the issue, with no additional te...

7.1CVSS5.9AI score0.00102EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 8:30 a.m.25 views

CVE-2026-39671 WordPress Extra Fees Plugin for WooCommerce plugin <= 4.3.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Dotstore Extra Fees Plugin for WooCommerce woo-conditional-product-fees-for-checkout allows Cross Site Request Forgery.This issue affects Extra Fees Plugin for WooCommerce: from n/a through = 4.3.3...

7.1CVSS0.00102EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/08 8:30 a.m.1 views

CVE-2026-39671 WordPress Extra Fees Plugin for WooCommerce plugin <= 4.3.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Dotstore Extra Fees Plugin for WooCommerce woo-conditional-product-fees-for-checkout allows Cross Site Request Forgery.This issue affects Extra Fees Plugin for WooCommerce: from n/a through = 4.3.3...

5.8AI score0.00102EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.10 views

WordPress plugin Extra Fees Plugin for WooCommerce 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

7.1CVSS5.7AI score0.00102EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.5 views

PT-2026-31233

Cross-Site Request Forgery CSRF vulnerability in Dotstore Extra Fees Plugin for WooCommerce woo-conditional-product-fees-for-checkout allows Cross Site Request Forgery.This issue affects Extra Fees Plugin for WooCommerce: from n/a through = 4.3.3...

5.9AI score0.00102EPSS
Exploits0References4
HackRead
HackRead
added 2026/03/16 2:17 p.m.4 views

Adobe to Pay $150 Million Over Hidden Fees and Hard-to-Cancel Subscriptions

The Justice Department says Adobe buried the real cost of cancelling a subscription where most customers would never think to look...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/03/03 9:2 p.m.6 views

EUVD-2026-9323

A vulnerability has been found in itsourcecode College Management System 1.0. This vulnerability affects unknown code of the file /admin/student-fee.php. Such manipulation of the argument rollno leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed t...

5.8CVSS5.8AI score0.00318EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/01/09 12:37 p.m.3 views

CVE-2023-49986

A cross-site scripting XSS vulnerability in the component /admin/parent of School Fees Management System 1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter...

4.7CVSS5.8AI score0.00471EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:36 p.m.4 views

CVE-2023-49984

A cross-site scripting XSS vulnerability in the component /management/settings of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter...

6.1CVSS5.8AI score0.00483EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:36 p.m.8 views

CVE-2023-49981

A directory listing vulnerability in School Fees Management System v1.0 allows attackers to list directories and sensitive files within the application without requiring authorization...

7.5CVSS6.7AI score0.00745EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:35 p.m.7 views

CVE-2023-49985

A cross-site scripting XSS vulnerability in the component /management/class of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cname parameter...

6.5CVSS5.8AI score0.00468EPSS
Exploits1References1
Rows per page
Query Builder