Lucene search
K

129 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/17 6:14 p.m.6 views

CVE-2026-27890

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCTspecificdata segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class's grow...

8.2CVSS5.7AI score0.00465EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/04/14 9:16 a.m.5 views

CVE-2026-4109

The Eventin – Events Calendar, Event Booking, Ticket & Registration AI Powered plugin for WordPress is vulnerable to unauthorized access of data due to a improper capability check on the getitempermissionscheck function in all versions up to, and including, 4.1.8. This makes it possible for...

4.3CVSS0.00179EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/14 7:43 a.m.2 views

CVE-2026-4109 Eventin – Events Calendar, Event Booking, Ticket & Registration (AI Powered) <= 4.1.8 Missing Authorization to Authenticated (Subscriber+) Order Information Exposure

The Eventin – Events Calendar, Event Booking, Ticket & Registration AI Powered plugin for WordPress is vulnerable to unauthorized access of data due to a improper capability check on the getitempermissionscheck function in all versions up to, and including, 4.1.8. This makes it possible for...

4.3CVSS5.9AI score0.00179EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/14 7:43 a.m.27 views

CVE-2026-4109 Eventin – Events Calendar, Event Booking, Ticket & Registration (AI Powered) <= 4.1.8 Missing Authorization to Authenticated (Subscriber+) Order Information Exposure

The Eventin – Events Calendar, Event Booking, Ticket & Registration AI Powered plugin for WordPress is vulnerable to unauthorized access of data due to a improper capability check on the getitempermissionscheck function in all versions up to, and including, 4.1.8. This makes it possible for...

4.3CVSS0.00179EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/14 7:43 a.m.2 views

EUVD-2026-22231

The Eventin – Events Calendar, Event Booking, Ticket & Registration AI Powered plugin for WordPress is vulnerable to unauthorized access of data due to a improper capability check on the getitempermissionscheck function in all versions up to, and including, 4.1.8. This makes it possible for...

4.3CVSS5.9AI score0.00179EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/14 7:43 a.m.1 views

CVE-2026-4109

The Eventin – Events Calendar, Event Booking, Ticket & Registration AI Powered plugin for WordPress is vulnerable to unauthorized access of data due to a improper capability check on the getitempermissionscheck function in all versions up to, and including, 4.1.8. This makes it possible for...

4.3CVSS5.9AI score0.00179EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/14 1:1 a.m.4 views

EUVD-2026-22073

Craft Commerce has an unauthenticated information disclosure that can leak some customer order data on anonymous payments...

6.3CVSS5.8AI score0.00295EPSS
Exploits0References5
OSV
OSV
added 2026/04/14 1:1 a.m.3 views

GHSA-3VXG-X5F8-F5QF Craft Commerce has an unauthenticated information disclosure that can leak some customer order data on anonymous payments

Summary PaymentsController::actionPay discloses some order data to unauthenticated users when an order number is provided and the email check fails during an anonymous payment. The JSON error response includes the serialized order object order, which contains some sensitive fields such as custome...

6.3CVSS5.8AI score0.00295EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.6 views

PT-2026-32605

The Eventin – Events Calendar, Event Booking, Ticket & Registration AI Powered plugin for WordPress is vulnerable to unauthorized access of data due to a improper capability check on the get item permissions check function in all versions up to, and including, 4.1.8. This makes it possible for...

4.3CVSS5.9AI score0.00179EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.6 views

WordPress plugin Eventin – Events Calendar, Event Booking, Ticket & Registration 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.9AI score0.00179EPSS
Exploits0References2
NVD
NVD
added 2026/04/13 8:16 p.m.8 views

CVE-2026-32270

Craft Commerce is an ecommerce platform for Craft CMS. In versions 4.0.0 through 4.10.2 and 5.0.0 through 5.5.4, the PaymentsController::actionPay discloses some order data to unauthenticated users when an order number is provided and the email check fails during an anonymous payment. The JSON...

6.3CVSS0.00295EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/13 8:8 p.m.1 views

CVE-2026-32270

Craft Commerce is an ecommerce platform for Craft CMS. In versions 4.0.0 through 4.10.2 and 5.0.0 through 5.5.4, the PaymentsController::actionPay discloses some order data to unauthenticated users when an order number is provided and the email check fails during an anonymous payment. The JSON...

6.3CVSS5.8AI score0.00295EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/04/13 8:8 p.m.16 views

CVE-2026-32270 Craft Commerce: Unauthenticated information disclosure in `commerce/payments/pay` can leak some customer order data on anonymous payments

Craft Commerce is an ecommerce platform for Craft CMS. In versions 4.0.0 through 4.10.2 and 5.0.0 through 5.5.4, the PaymentsController::actionPay discloses some order data to unauthenticated users when an order number is provided and the email check fails during an anonymous payment. The JSON...

6.3CVSS0.00295EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/13 8:8 p.m.2 views

CVE-2026-32270 Craft Commerce: Unauthenticated information disclosure in `commerce/payments/pay` can leak some customer order data on anonymous payments

Craft Commerce is an ecommerce platform for Craft CMS. In versions 4.0.0 through 4.10.2 and 5.0.0 through 5.5.4, the PaymentsController::actionPay discloses some order data to unauthenticated users when an order number is provided and the email check fails during an anonymous payment. The JSON...

6.3CVSS5.8AI score0.00295EPSS
Exploits0References4
CVE
CVE
added 2026/04/13 8:8 p.m.11 views

CVE-2026-32270

The CVE affects Craft Commerce (Craft CMS) where PaymentsController::actionPay leaks order data to unauthenticated users when an order number is provided and the email check fails during an anonymous payment. In affected versions 4.0.0–4.10.2 and 5.0.0–5.5.4, the JSON error response includes the ...

6.3CVSS5.8AI score0.00295EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.8 views

Craft Commerce 安全漏洞

Craft Commerce is an e-commerce platform derived from the open-source Craft CMS. Vulnerabilities exist in versions 4.0.0 to 4.10.2, as well as 5.0.0 to 5.5.4 of Craft Commerce. These vulnerabilities stem from the PaymentsController::actionPay function, which allows order data to be disclosed to...

6.3CVSS5.7AI score0.00295EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.7 views

PT-2026-32511

Name of the Vulnerable Software and Affected Versions Craft Commerce versions prior to 4.11.0 Craft Commerce versions prior to 5.6.0 Description The actionPay function in the 'PaymentsController' discloses order data to unauthenticated users. This occurs when an order number is provided and the...

6.3CVSS5.1AI score0.00295EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/04/08 6:43 a.m.2 views

CVE-2026-3594 Riaxe Product Customizer <= 2.4 - Unauthenticated Sensitive Information Disclosure via '/orders' REST API Endpoint

The Riaxe Product Customizer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4 via the '/wp-json/InkXEProductDesignerLite/orders' REST API endpoint. The endpoint is registered with 'permissioncallback' set to 'returntrue', meaning no...

5.3CVSS5.9AI score0.00462EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/04/08 6:43 a.m.22 views

CVE-2026-3594 Riaxe Product Customizer <= 2.4 - Unauthenticated Sensitive Information Disclosure via '/orders' REST API Endpoint

The Riaxe Product Customizer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4 via the '/wp-json/InkXEProductDesignerLite/orders' REST API endpoint. The endpoint is registered with 'permissioncallback' set to 'returntrue', meaning no...

5.3CVSS0.00462EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.7 views

WordPress plugin Riaxe Product Customizer 信息泄露漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.3CVSS5.8AI score0.00462EPSS
Exploits0References9
Rows per page
Query Builder