Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/05/13 8:42 p.m.10 views

CVE-2026-45054 CubeCart: Authenticated SQL Injection via `sort[]` Parameter in Admin Orders Transactions Listing

CubeCart is an ecommerce software solution. Prior to 6.7.0, the admin orders-transactions listing page admin.php?g=orders&node=transactions builds a raw ORDER BY SQL fragment from the attacker-controlled $GET'sort' array without column or direction validation. Both the column key and the directio...

4.9CVSS6.1AI score0.00239EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/13 8:3 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchKey function. An attacker can cause the server to make arbitrary HTTP requests to attacker-controlled destinations by crafting a JWT with malicious claim values that are interpolated into th...

9.3CVSS5.9AI score0.00258EPSS
Exploits1References2
CVE
CVE
added 2025/10/08 3:19 p.m.35 views

CVE-2025-36636

CVE-2025-36636 affects Tenable Security Center before version 6.7.0. The issue is an improper access control that allows an authenticated user to access areas outside their authorized scope, with impact described as none to confidentiality, and low integrity impact (CVSS 3.1: 4.3). Remediation is...

4.3CVSS6.3AI score0.00181EPSS
Exploits0References1
Tenable Product Security Advisories
Tenable Product Security Advisories
added 2025/10/08 2:29 p.m.8 views

[R1] Security Center Version 6.7.0 Fixes One Vulnerability

R1 Security Center Version 6.7.0 Fixes One Vulnerability Arnie Cabral Wed, 10/08/2025 - 10:29 In Tenable Security Center versions prior to 6.7.0, an improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope...

6.6AI score
Exploits0
Rows per page
Query Builder