Lucene search
+L

1742 matches found

Vulnrichment
Vulnrichment
added 2026/03/17 5:2 p.m.3 views

CVE-2026-4319 code-projects Simple Food Order System add-item.php sql injection

A vulnerability was identified in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file /routers/add-item.php. Such manipulation of the argument price leads to sql injection. The attack can be launched remotely. The exploit is publicly...

7.5CVSS5.8AI score0.00326EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/17 5:2 p.m.3 views

CVE-2026-4319

A vulnerability was identified in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file /routers/add-item.php. Such manipulation of the argument price leads to sql injection. The attack can be launched remotely. The exploit is publicly...

7.5CVSS5.8AI score0.00326EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/03/17 5:2 p.m.16 views

CVE-2026-4319

CVE-2026-4319 affects code-projects Simple Food Order System 1.0. The vulnerability targets an unknown functionality in /routers/add-item.php where manipulating the price argument enables SQL injection. Exploitation can be performed remotely, and public exploits exist. The available data does not...

9.8CVSS7AI score0.00326EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2026/03/17 12:0 a.m.9 views

Code-Projects Simple Food Order System SQL注入漏洞

Code-Projects Simple Food Order System is a simple food ordering system developed by Code-Projects as open source. Version 1.0 of the code-projects Simple Food Order System has a SQL injection vulnerability. This vulnerability stems from incorrect handling of the price parameter in the...

9.8CVSS7.2AI score0.00326EPSS
Exploits1References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/13 3:47 p.m.3 views

Security Bulletin: Multiple Vulnerabilities in IBM Sterling Configure, Price, Quote (on-prem).

Summary Multiple vulnerabilities were addressed in IBM Sterling Configure, Price, Quote on-prem version 10.0.0.0-Sterling-VM-All-fp00027 Vulnerability Details CVEID:CVE-2022-40152 DESCRIPTION: Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks DOS if DTD support...

7.5CVSS7.2AI score0.19653EPSS
Exploits2Affected Software1
EUVD
EUVD
added 2026/03/11 12:13 a.m.6 views

EUVD-2026-10923

Sylius has a DQL Injection via API Order Filters...

5.3CVSS5.8AI score0.00197EPSS
Exploits0References1
NVD
NVD
added 2026/03/10 10:16 p.m.5 views

CVE-2026-31825

Sylius is an Open Source eCommerce Framework on Symfony. Sylius API filters ProductPriceOrderFilter and TranslationOrderNameAndLocaleFilter pass user-supplied order direction values directly to Doctrine's orderBy without validation. An attacker can inject arbitrary DQL. The issue is fixed in...

5.3CVSS0.00197EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/10 9:33 p.m.29 views

CVE-2026-31825 Sylius has a DQL Injection via API Order Filters

Sylius is an Open Source eCommerce Framework on Symfony. Sylius API filters ProductPriceOrderFilter and TranslationOrderNameAndLocaleFilter pass user-supplied order direction values directly to Doctrine's orderBy without validation. An attacker can inject arbitrary DQL. The issue is fixed in...

5.3CVSS0.00197EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/10 9:33 p.m.3 views

CVE-2026-31825 Sylius has a DQL Injection via API Order Filters

Sylius is an Open Source eCommerce Framework on Symfony. Sylius API filters ProductPriceOrderFilter and TranslationOrderNameAndLocaleFilter pass user-supplied order direction values directly to Doctrine's orderBy without validation. An attacker can inject arbitrary DQL. The issue is fixed in...

5.3CVSS5.9AI score0.00197EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/10 9:33 p.m.6 views

CVE-2026-31825

Sylius is an Open Source eCommerce Framework on Symfony. Sylius API filters ProductPriceOrderFilter and TranslationOrderNameAndLocaleFilter pass user-supplied order direction values directly to Doctrine's orderBy without validation. An attacker can inject arbitrary DQL. The issue is fixed in...

5.3CVSS5.9AI score0.00197EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/10 9:33 p.m.20 views

CVE-2026-31825

Sylius (Open Source eCommerce framework on Symfony) has a vulnerability in API filters ProductPriceOrderFilter and TranslationOrderNameAndLocaleFilter, where user-supplied order direction values are passed directly to Doctrine’s orderBy() without validation. This allows injection of arbitrary DQL...

5.3CVSS5.9AI score0.00197EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/10 9:33 p.m.4 views

CVE-2026-31825 Sylius has a DQL Injection via API Order Filters

Sylius is an Open Source eCommerce Framework on Symfony. Sylius API filters ProductPriceOrderFilter and TranslationOrderNameAndLocaleFilter pass user-supplied order direction values directly to Doctrine's orderBy without validation. An attacker can inject arbitrary DQL. The issue is fixed in...

5.3CVSS5.9AI score0.00197EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.8 views

PT-2026-24479

Name of the Vulnerable Software and Affected Versions Sylius versions 1.9.12 through 1.11.17 Sylius versions 1.12.23 through 1.13.15 Sylius versions 1.14.18 through 2.0.16 Sylius versions 2.1.12 through 2.2.3 Description Sylius is an Open Source eCommerce Framework on Symfony. The...

5.3CVSS5.9AI score0.00197EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/02/19 7:28 a.m.9 views

CVE-2026-1714

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin for WordPress is vulnerable to Email Relay Abuse in all versions up to, and including, 3.3.2. This is due to the lack of validation on the 'sendto', 'producttitle', 'wlmessage', and 'wlemail'...

8.6CVSS5.8AI score0.00507EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/18 4:35 a.m.4 views

CVE-2026-1714 ShopLentor <= 3.3.2 - Unauthenticated Email Relay Abuse via 'woolentor_suggest_price_action' AJAX Action

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin for WordPress is vulnerable to Email Relay Abuse in all versions up to, and including, 3.3.2. This is due to the lack of validation on the 'sendto', 'producttitle', 'wlmessage', and 'wlemail'...

8.6CVSS5.8AI score0.00507EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/02/18 4:35 a.m.5 views

CVE-2026-1714

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin for WordPress is vulnerable to Email Relay Abuse in all versions up to, and including, 3.3.2. This is due to the lack of validation on the 'sendto', 'producttitle', 'wlmessage', and 'wlemail'...

8.6CVSS5.8AI score0.00507EPSS
Exploits0References9
HackRead
HackRead
added 2026/02/07 8:8 p.m.7 views

Bithumb Mistakenly Sends 620,000 Bitcoin ($40B) to Customer Accounts

A system error at Bithumb sent 620,000 Bitcoin worth about $40B to hundreds of users during a promotion, briefly disrupting prices and drawing scrutiny...

5.4AI score
Exploits0
Patchstack
Patchstack
added 2026/02/02 8:42 p.m.7 views

WordPress Element Pack Elementor Addons plugin <= 5.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Price List Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Price List Widget vulnerability discovered by wesley wcraft in WordPress Plugin Element Pack Elementor Addons versions = 5.6.0...

6.4CVSS5.2AI score0.00323EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/30 9:23 p.m.16 views

CVE-2026-1600

A vulnerability was identified in Bdtask Bhojon All-In-One Restaurant Management System up to 20260116. The impacted element is an unknown function of the file /hungry/addtocart of the component Add-to-Cart Submission Endpoint. The manipulation of the argument price/allprice leads to business log...

5.3CVSS5.5AI score0.0025EPSS
Exploits1References1
OSV
OSV
added 2026/01/29 6:16 p.m.5 views

CVE-2026-1600

A vulnerability was identified in Bdtask Bhojon All-In-One Restaurant Management System up to 20260116. The impacted element is an unknown function of the file /hungry/addtocart of the component Add-to-Cart Submission Endpoint. The manipulation of the argument price/allprice leads to business log...

4.3CVSS5.4AI score0.0025EPSS
Exploits1References5
Rows per page
Query Builder