Lucene search
K

10 matches found

EUVD
EUVD
added 2026/04/23 3:54 a.m.6 views

EUVD-2026-25186

Froxlor is open source server administration software. Prior to version 2.3.6, in EmailSender::add, the domain ownership validation for full email sender aliases uses the wrong array index when splitting the email address, passing the local part instead of the domain to...

5CVSS5.8AI score0.00231EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/11 7:23 p.m.8 views

EUVD-2026-11296

Shopware: Unauthenticated data extraction possible through store-api.order endpoint...

8.9CVSS5.8AI score0.00237EPSS
Exploits0References1
NVD
NVD
added 2026/03/11 7:16 p.m.14 views

CVE-2026-31887

Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, an insufficient check on the filter types for unauthenticated customers allows access to orders of other customers. This is part of the deepLinkCode support on the store-api.order endpoint. This vulnerability is fixed in 6.7.8...

8.9CVSS0.00237EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/11 6:49 p.m.2 views

CVE-2026-31887

Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, an insufficient check on the filter types for unauthenticated customers allows access to orders of other customers. This is part of the deepLinkCode support on the store-api.order endpoint. This vulnerability is fixed in 6.7.8...

8.9CVSS5.8AI score0.00237EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.3 views

PT-2026-24793

Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, an insufficient check on the filter types for unauthenticated customers allows access to orders of other customers. This is part of the deepLinkCode support on the store-api.order endpoint. This vulnerability is fixed in 6.7.8...

8.9CVSS5.8AI score0.00237EPSS
Exploits0References4
EUVD
EUVD
added 2026/01/02 8:15 p.m.4 views

EUVD-2026-0748

Bagisto is an open source laravel eCommerce platform. Prior to version 2.3.10, an Insecure Direct Object Reference vulnerability in the customer order reorder function allows any authenticated customer to add items from another customer's order to their own shopping cart by manipulating the order...

7.1CVSS6AI score0.00274EPSS
Exploits1References2
NVD
NVD
added 2025/08/25 7:15 a.m.4 views

CVE-2025-9118

A path traversal vulnerability in the NPM package installation process of Google Cloud Dataform allows a remote attacker to read and write files in other customers' repositories via a maliciously crafted package.json file...

10CVSS0.00625EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/08 12:0 a.m.4 views

PT-2025-15898 · Packagist · Shopware/Core +1

Impact It's possible to guess the deepLinkCode of an Document to open documents of other customers Patches Update to Shopware 6.6.10.3 or 6.5.8.17 Workarounds For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend...

4CVSS7.2AI score
Exploits0References6
CNNVD
CNNVD
added 2024/07/15 12:0 a.m.3 views

OTRS Security Vulnerabilities

OTRS is a software application from the German company OTRS. A service management software. A security vulnerability exists in OTRS that stems from improper field filtering, which could allow an authorized user to download work order lists that contain information about other customers' work orde...

5.7CVSS6.4AI score0.00385EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/07/05 3:15 a.m.3 views

CVE-2022-42175

Insecure Direct Object Reference vulnerability in WHMCS module SolusVM 1 4.1.2 allows an attacker to change the password and hostname of other customer servers without authorization...

8.8CVSS5.8AI score0.00622EPSS
Exploits0References4
Rows per page
Query Builder