Lucene search
K

25 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/10 9:32 p.m.3 views

CVE-2026-31824

Sylius is an Open Source eCommerce Framework on Symfony. A Time-of-Check To Time-of-Use TOCTOU race condition was discovered in the promotion usage limit enforcement. The same class of vulnerability affects the promotion usage limit the global used counter on Promotion entities, coupon usage limi...

8.2CVSS5.8AI score0.00179EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.5 views

PT-2026-24478

Name of the Vulnerable Software and Affected Versions Sylius versions 1.9.12, 1.10.16, 1.11.17, 1.12.23, 1.13.15, 1.14.18, 2.0.16, 2.1.12, and 2.2.3 and above Description Sylius, an Open Source eCommerce Framework on Symfony, contains a Time-of-Check To Time-of-Use TOCTOU race condition in the...

8.2CVSS5.8AI score0.00179EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/12/12 3:20 a.m.25 views

CVE-2025-12883 Campay Woocommerce Payment Gateway <= 1.2.2 - Unauthenticated Payment Bypass

The Campay Woocommerce Payment Gateway plugin for WordPress is vulnerable to Unauthenticated Payment Bypass in all versions up to, and including, 1.2.2. This is due to the plugin not properly validating that a transaction has occurred through the payment gateway. This makes it possible for...

5.3CVSS0.00314EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/09/18 1:33 p.m.20 views

CVE-2023-53398 mlx5: fix possible ptp queue fifo use-after-free

In the Linux kernel, the following vulnerability has been resolved: mlx5: fix possible ptp queue fifo use-after-free Fifo indexes are not checked during pop operations and it leads to potential use-after-free when poping from empty queue. Such case was possible during re-sync action. WARNONONCE...

0.00137EPSS
Exploits0References3
OSV
OSV
added 2025/05/21 5:28 p.m.5 views

DRUPAL-CONTRIB-2025-067

This module enables you to pay for Commerce order to an environment provided and secured by the bank The module doesn't sufficiently verify the payment status on canceled orders. An attacker can issue a specially crafted request to update the order status to completed...

8.8CVSS6.8AI score0.00271EPSS
Exploits0References1
Rows per page
Query Builder