Lucene search
K

56 matches found

EUVD
EUVD
added 2026/06/05 8:35 p.m.13 views

EUVD-2026-33407

Shopper: Authorization bypass and RBAC privilege escalation in team settings...

9.9CVSS5.4AI score0.00321EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/05 8:35 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the admin Livewire components, where improper handling of model identifiers, hidden form fields, and barcode rendering occurs. An attacker can access sensitive information, manipulate...

8.7CVSS6AI score0.00029EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/05 8:33 p.m.4 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the store method of sub-form Livewire components used in the product editor. An attacker can modify product pricing, stock, SEO metadata, shipping dimensions, and attached media for any product by tampering with...

7.1CVSS5.8AI score0.00221EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.16 views

CVE-2026-47741

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, CreateOrderFromCartAction::execute previously created the Order row before checking and incrementing the discount's totaluse counter. Under concurrent checkout pressure Black Friday, flash sale, viral coupon, the global usagelimit was...

5.9CVSS5.5AI score0.00239EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/02 4:3 a.m.20 views

CVE-2026-47740

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple Filament actions on the admin Order detail and Order shipments table were callable by an authenticated low-privilege user without the permission required to mutate orders. The order detail actions cancel, mark paid, mark...

8.1CVSS5.8AI score0.00258EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/29 7:17 p.m.3 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization in the capturePayment, cancel, mark paid, mark complete, archive, start processing, mark delivered, and edit tracking actions within the admin panel components. An attacker can perform unauthorized modifications t...

8.6CVSS5.8AI score0.00258EPSS
Exploits0References2
NVD
NVD
added 2026/05/29 7:16 p.m.17 views

CVE-2026-47744

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct authorization defects in the team settings allowed any authenticated panel user to take over the RBAC system. Settings/Team/Index had no mount authorization. Any authenticated user could load the page and use its public...

9.9CVSS0.00321EPSS
Exploits0References1
NVD
NVD
added 2026/05/29 7:16 p.m.13 views

CVE-2026-47741

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, CreateOrderFromCartAction::execute previously created the Order row before checking and incrementing the discount's totaluse counter. Under concurrent checkout pressure Black Friday, flash sale, viral coupon, the global usagelimit was...

5.9CVSS0.00239EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/29 6:3 p.m.9 views

CVE-2026-47740

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple Filament actions on the admin Order detail and Order shipments table were callable by an authenticated low-privilege user without the permission required to mutate orders. The order detail actions cancel, mark paid, mark...

8.1CVSS5.8AI score0.00258EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/29 6:0 p.m.35 views

CVE-2026-47742 Shopper: Missing authorization on Product admin Livewire sub-form components

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Sub-form Livewire components used in the product editor Edit, Inventory, Seo, Shipping, Files had no authorization on their store method. Any authenticated panel user, regardless of role, could mutate any product's pricing, stock, SEO...

6.5CVSS0.00221EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/29 5:58 p.m.35 views

CVE-2026-47744 Shopper: Authorization bypass and RBAC privilege escalation in team settings

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct authorization defects in the team settings allowed any authenticated panel user to take over the RBAC system. Settings/Team/Index had no mount authorization. Any authenticated user could load the page and use its public...

9.9CVSS0.00321EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 5:58 p.m.25 views

CVE-2026-47744

CVE-2026-47744 affects Shopper: a Headless e-commerce Admin Panel. Two authorization flaws in Settings/Team enable RBAC takeover prior to version 2.8.0. First, Settings/Team/Index had no mount() authorization, allowing any authenticated panel user to load the page and perform public actions to cr...

9.9CVSS6AI score0.00321EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

shopper 安全漏洞

Shopper is an open-source e-commerce management backend developed by Shopper Labs. Versions of Shopper prior to 2.8.0 contained a security vulnerability. This vulnerability stemmed from the CreateOrderFromCartAction::execute function, which created order lines before checking and increasing the...

5.9CVSS5.8AI score0.00239EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.8 views

shopper 安全漏洞

Shopper is an open-source e-commerce management backend developed by Shopper Labs. Versions of Shopper prior to 2.8.0 contained security vulnerabilities. These vulnerabilities stemmed from the fact that multiple Filament operations listed in administrator order details and order shipping tables...

8.1CVSS5.8AI score0.00258EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/03/11 5:37 p.m.2 views

SUSE CVE-2025-3063

The Shopper Approved Reviews plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajaxcallbackupdatesaoption function in versions 2.0 to 2.1. This makes it possible for authenticated attackers, with...

8.8CVSS5.9AI score0.00383EPSS
Exploits0References2
Akamai Blog
Akamai Blog
added 2025/12/08 2:0 p.m.5 views

AI Pulse: The First Agentic Cyber Week

In 2025, AI bots officially entered Cyber Week. Learn how agents shaped traffic and shopper intent — and why retailers must optimize for AI-driven commerce...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/11/27 1:18 p.m.14 views

Holiday shoppers targeted as Amazon and FBI warn of surge in account takeover attacks

The FBI has issued a public service announcement warning about a surge in account takeover ATO fraud, and the timing lines up with a major alert Amazon has just sent to its 300 million customers about brand impersonation scams. How ATO fraud works Account takeover fraud is just what it says:...

6.7AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2000-0909

Malware in sbrugna...

5CVSS6.4AI score0.03657EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-9448

Malicious code in bioql PyPI...

9.3CVSS9.1AI score0.00464EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2025/06/21 12:0 a.m.6 views

Efficient Retail Video Annotation: a Robust Key Frame Generation Approach for Product and Customer Interaction Analysis

Accurate video annotation plays a vital role in modern retail applications, including customer behavior analysis, product interaction detection, and in-store activity recognition. However, conventional annotation methods heavily rely on time-consuming manual labeling by human annotators,...

6.9AI score
Exploits0
Rows per page
Query Builder