EUVD-2026-20105

The Riaxe Product Customizer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4 via the '/wp-json/InkXEProductDesignerLite/orders' REST API endpoint. The endpoint is registered with 'permissioncallback' set to 'returntrue', meaning no...

CVE-2026-1599

A vulnerability was determined in Bdtask Bhojon All-In-One Restaurant Management System up to 20260116. The affected element is an unknown function of the file /hungry/placeorder of the component Checkout. Executing a manipulation of the argument orggrandTotal/vat/servicecharge/grandtotal can lea...

PT-2026-5315

A vulnerability was determined in Bdtask Bhojon All-In-One Restaurant Management System up to 20260116. The affected element is an unknown function of the file /hungry/placeorder of the component Checkout. Executing a manipulation of the argument orggrandTotal/vat/service charge/grandtotal can le...

EUVD-2023-2918

Malicious code in bioql PyPI...

CVE-2023-32065

OroCommerce is an open-source Business to Business Commerce application built with flexibility in mind. Detailed Order totals information may be received by Order ID. This issue is patched in version 5.0.11 and 5.1.1...

CVE-2023-32065

OroCommerce is an open-source Business to Business Commerce application built with flexibility in mind. Detailed Order totals information may be received by Order ID. This issue is patched in version 5.0.11 and 5.1.1...

Design/Logic Flaw

OroCommerce is an open-source Business to Business Commerce application built with flexibility in mind. Detailed Order totals information may be received by Order ID. This issue is patched in version 5.0.11 and 5.1.1...

CVE-2023-32065 OroCommerce get-totals-for-checkout API endpoint returns unwanted data

OroCommerce is an open-source Business to Business Commerce application built with flexibility in mind. Detailed Order totals information may be received by Order ID. This issue is patched in version 5.0.11 and 5.1.1...

OroCommerce Access Control Error Vulnerability

OroCommerce is an open source business-to-business commerce application from Oro. An access control error vulnerability exists in OroCommerce that stems from allowing Order IDs to receive detailed order total information. Affected product versions: OroCommerce versions 4.2.0 through 4.2.10, 5.0.0...

PT-2023-23579 · Unknown · Orocommerce

Name of the Vulnerable Software and Affected Versions: OroCommerce versions prior to 5.0.11 OroCommerce versions prior to 5.1.1 Description: The issue allows detailed order totals information to be received by Order ID, and detailed checkout totals information may be received by Checkout ID...

CVE-2021-26631

Improper input validation vulnerability in Mangboard commerce package could lead to occur for abnormal request. A remote attacker can exploit this vulnerability to manipulate the total order amount into a negative number and then pay for the order...