Lucene search
K

10 matches found

Vulnrichment
Vulnrichment
added 2026/03/10 7:54 p.m.6 views

CVE-2026-29173 Craft Commerce has Stored XSS while updating Order Status from Orders Table

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.10.2 and 5.5.3, a stored XSS vulnerability exists when a user tries to update the Order Status from the Commerce Orders Table. The Order Status Name is rendered without proper escaping, allowing script execution to occur. This...

4.8CVSS5.9AI score0.00318EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/10 7:52 p.m.4 views

CVE-2026-29172 Craft Commerce has a SQL Injection in Commerce Purchasables Table Sorting

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.10.2 and 5.5.3, Craft Commerce is vulnerable to SQL Injection in the purchasables table endpoint. The sort parameter is split by | and the first part column name is passed directly as an array key to orderBy without whitelist...

8.7CVSS5.9AI score0.00421EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/10 12:0 a.m.6 views

PT-2026-2215

Name of the Vulnerable Software and Affected Versions Spree versions prior to 4.10.2 Spree versions prior to 5.0.7 Spree versions prior to 5.1.9 Spree versions prior to 5.2.5 Description Spree is an open source e-commerce solution built with Ruby on Rails. An Unauthenticated Insecure Direct Objec...

7.5CVSS6.5AI score0.00383EPSS
Exploits1References14
OSV
OSV
added 2025/12/15 12:30 a.m.3 views

GHSA-X37W-7P52-8F49 Mayan EDMS has an Open Redirect through the /authentication/ file

A flaw has been found in Mayan EDMS up to 4.10.1. The impacted element is an unknown function of the file /authentication/. This manipulation causes open redirect. It is possible to initiate the attack remotely. The exploit has been published and may be used. Upgrading to version 4.10.2 is...

5.3CVSS4.8AI score0.00401EPSS
Exploits1References12
Vulnrichment
Vulnrichment
added 2025/12/14 11:32 p.m.4 views

CVE-2025-14692 Mayan EDMS authentication redirect

A flaw has been found in Mayan EDMS up to 4.10.1. The impacted element is an unknown function of the file /authentication/. This manipulation causes open redirect. It is possible to initiate the attack remotely. The exploit has been published and may be used. Upgrading to version 4.10.2 is...

5.3CVSS6.3AI score0.00401EPSS
Exploits1References6
Cvelist
Cvelist
added 2025/12/14 11:2 p.m.22 views

CVE-2025-14691 Mayan EDMS authentication cross site scripting

A vulnerability was detected in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit is now public and may be used. Upgrading to version 4.10.2 is...

5.3CVSS0.00392EPSS
Exploits1References6
CVE
CVE
added 2025/10/29 4:30 p.m.19 views

CVE-2025-62787

Wazuh prior to version 4.10.2 is affected by a buffer over-read in DecodeWinevt() caused by an incorrect index when accessing child_attr[p]->attributes[j]. A compromised agent can cause a read past the end of the allocated buffer, potentially exposing sensitive data, particularly when analysis...

7.5CVSS6.4AI score0.00362EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/10/29 3:52 p.m.6 views

CVE-2025-62786 Wazuh Vulnerable to Heap-based Buffer Out-Of-Bounds WRITE in decode_win_permissions

Wazuh is a free and open source platform used for threat prevention, detection, and response. A heap-based out-of-bounds WRITE occurs in decodewinpermissions, resulting in writing a NULL byte 2 bytes before the start of the buffer allocated to decodedit. A compromised agent can potentially levera...

6.3CVSS8.2AI score0.00662EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/10/22 12:0 a.m.7 views

PT-2025-43405

Name of the Vulnerable Software and Affected Versions Hono versions 1.1.0 through 4.10.1 Description Hono’s JWT authentication middleware lacked built-in verification of the aud Audience claim. This could lead to confused-deputy or token-mix-up issues, where an API might accept a valid token...

8.1CVSS5.4AI score0.0035EPSS
Exploits1References16
CNVD
CNVD
added 2018/05/18 12:0 a.m.2 views

Linux kernel 'etm_setup_aux' function denial-of-service vulnerability

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in the 'etmsetupaux' function in the drivers/hwtracing/coresight/coresight-etm-perf.c file in versions of the Linux kernel prior to...

5.5CVSS6.2AI score0.00396EPSS
Exploits0References1
Rows per page
Query Builder