Lucene search
K

76 matches found

ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-11783

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Product SKU in all versions up to, and including, 5.0.4 due to insufficient input sanitization and output escaping. This mak...

6.4CVSS5.8AI score0.0022EPSS
Exploits0References9
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-11783 Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.4 - Authenticated (Custom+) Stored Cross-Site Scripting via Product SKU

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Product SKU in all versions up to, and including, 5.0.4 due to insufficient input sanitization and output escaping. This mak...

6.4CVSS0.0022EPSS
Exploits0References8
OSV
OSV
added 2026/06/22 11:23 a.m.3 views

MINI-Q4PF-XF3R-292W

Bulletin has no description...

7.7CVSS5.7AI score0.00377EPSS
Exploits1
NVD
NVD
added 2026/06/19 4:16 p.m.13 views

CVE-2017-20260

Joomla! Component Price Alert 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the productid parameter. Attackers can send requests to the subscribeajax view with crafted SQL payloads in the...

8.8CVSS0.00334EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 3:47 p.m.8 views

EUVD-2017-18988

Joomla! Component Bargain Product VM3 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the productid parameter. Attackers can supply crafted SQL statements in GET requests to the brainy and alice...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References4
CVE
CVE
added 2026/06/19 3:47 p.m.15 views

CVE-2017-20261

CVE-2017-20261 affects Joomla! Component Bargain Product VM3 1.0. It is an SQL injection vulnerability in the product_id parameter that allows unauthenticated attackers to execute arbitrary SQL queries by injecting code via GET requests to the brainy and alice views, enabling extraction of sensit...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References4
OSV
OSV
added 2026/06/12 4:53 p.m.5 views

MINI-M3CX-WRF5-3WPV

Bulletin has no description...

8.7CVSS4.9AI score0.00255EPSS
Exploits0
OSV
OSV
added 2026/06/09 7:26 p.m.4 views

MINI-PM5C-2PM6-XPHG

Bulletin has no description...

10CVSS5.2AI score0.0044EPSS
Exploits0
OSV
OSV
added 2026/06/08 10:13 p.m.6 views

MINI-7G99-2HVP-CM4R

Bulletin has no description...

7.5CVSS5.1AI score0.00733EPSS
Exploits0
OSV
OSV
added 2026/06/06 10:35 a.m.7 views

MINI-34CH-GVRF-V4CM

Bulletin has no description...

7.5CVSS5.2AI score0.0056EPSS
Exploits0
OSV
OSV
added 2026/06/06 4:6 a.m.5 views

MINI-QPX4-CXXR-JM56

Bulletin has no description...

5.3CVSS5.2AI score0.0037EPSS
Exploits0
OSV
OSV
added 2026/06/05 4:52 p.m.5 views

MINI-GF98-8R69-8MRJ

Bulletin has no description...

3.3CVSS5.2AI score0.00114EPSS
Exploits0
OSV
OSV
added 2026/06/05 3:54 a.m.5 views

MINI-24M7-784P-GRF6

Bulletin has no description...

9.1CVSS5.7AI score0.00373EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.10 views

PT-2026-44943

Name of the Vulnerable Software and Affected Versions Shopper versions prior to 2.8.0 Description Sub-form Livewire components within the product editor—specifically those handling Edit, Inventory, Seo, Shipping, and Files—lack authorization on their store method. This allows any authenticated...

6.5CVSS5.6AI score0.00221EPSS
Exploits0References7
NVD
NVD
added 2026/05/15 5:16 p.m.13 views

CVE-2026-42207

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, MageProductAlertAddController::stockAction reads the uenc query parameter and passes...

6.1CVSS0.00149EPSS
Exploits0References1
OSV
OSV
added 2026/05/12 3:49 a.m.3 views

MINI-VXH9-8X4P-75CH

Bulletin has no description...

5.3CVSS5.7AI score0.00179EPSS
Exploits0
OSV
OSV
added 2026/05/11 7:33 p.m.3 views

MINI-H69R-HQ8H-GWJM

Bulletin has no description...

7.5CVSS5.7AI score0.00588EPSS
Exploits0
OSV
OSV
added 2026/05/11 12:21 a.m.13 views

MINI-R947-F84J-H9RG

Bulletin has no description...

5.3CVSS5.7AI score0.00421EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/05/10 12:43 p.m.14 views

CVE-2021-47928 Opencart TMD Vendor System 3.x Blind SQL Injection via product route

Opencart TMD Vendor System 3.x contains a blind SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the productid parameter. Attackers can craft malicious SQL queries using time-based or content-based blind injection...

8.8CVSS5.9AI score0.00276EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/10 12:0 a.m.21 views

PT-2026-39504

Opencart TMD Vendor System 3.x contains a blind SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the product id parameter. Attackers can craft malicious SQL queries using time-based or content-based blind injection...

8.8CVSS5.9AI score0.00276EPSS
Exploits0References5
Rows per page
Query Builder