CVE-2026-47745

CVE-2026-47745 affects Shopper: Headless e-commerce Admin Panel. Before 2.8.0, admin tables for PaymentMethods, Currencies and Carriers exposed inline toggles and per-record actions (enable/disable/edit/delete) without per-action permission checks, allowing a low-privilege authenticated user to d...

CVE-2026-47745 Shopper: Missing per-action authorization on PaymentMethods, Currencies and Carriers admin tables

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, the admin tables for PaymentMethods, Currencies and Carriers exposed inline toggles and per-record actions enable, disable, edit, delete that were rendered for any authenticated panel user without checking the corresponding per-action...

SUSE CVE-2026-32102

OliveTin gives access to predefined shell commands from a web interface. In 3000.10.2 and earlier, OliveTin's live EventStream broadcasts execution events and action output to authenticated dashboard subscribers without enforcing per-action authorization. A low-privileged authenticated user can...

EUVD-2026-11369

OliveTin Vulnerable to Unauthorized Action Output Disclosure via EventStream...

GHSA-228V-WC5R-J8M7 OliveTin Vulnerable to Unauthorized Action Output Disclosure via EventStream

Summary OliveTin’s live EventStream broadcasts execution events and action output to authenticated dashboard subscribers without enforcing per-action authorization. A low-privileged authenticated user can receive output from actions they are not allowed to view, resulting in broken access control...

CVE-2026-32102

OliveTin gives access to predefined shell commands from a web interface. In 3000.10.2 and earlier, OliveTin’s live EventStream broadcasts execution events and action output to authenticated dashboard subscribers without enforcing per-action authorization. A low-privileged authenticated user can...

CVE-2026-32102 OliveTin Unauthorized Action Output Disclosure via EventStream

OliveTin gives access to predefined shell commands from a web interface. In 3000.10.2 and earlier, OliveTin’s live EventStream broadcasts execution events and action output to authenticated dashboard subscribers without enforcing per-action authorization. A low-privileged authenticated user can...

CVE-2026-32102

OliveTin gives access to predefined shell commands from a web interface. In 3000.10.2 and earlier, OliveTin’s live EventStream broadcasts execution events and action output to authenticated dashboard subscribers without enforcing per-action authorization. A low-privileged authenticated user can...

CVE-2026-32102

OliveTin's 3000.10.2 and earlier versions expose action output via the live EventStream to authenticated dashboard subscribers without per-action authorization, enabling a low-privileged user to view restricted outputs. Affected component: EventStream/broadcast of execution events and action outp...

CVE-2026-32102 OliveTin Unauthorized Action Output Disclosure via EventStream

OliveTin gives access to predefined shell commands from a web interface. In 3000.10.2 and earlier, OliveTin’s live EventStream broadcasts execution events and action output to authenticated dashboard subscribers without enforcing per-action authorization. A low-privileged authenticated user can...

PT-2026-24819

Name of the Vulnerable Software and Affected Versions OliveTin versions 3000.10.2 and earlier Description OliveTin allows access to predefined shell commands through a web interface. In versions 3000.10.2 and earlier, the live EventStream broadcasts execution events and action output to...

PT-2025-29763 · WordPress · Wp Hide Post

Name of the Vulnerable Software and Affected Versions: xfinitysoft WP Post Hide versions n/a through 1.0.9 Description: A Cross-Site Request Forgery CSRF issue exists in xfinitysoft WP Post Hide, allowing attackers to perform actions on behalf of an authenticated user. Recommendations: Update...

PT-2025-24170 · Unknown · Michael Cannon Custom Bulk/Quick Edit

Name of the Vulnerable Software and Affected Versions: Michael Cannon Custom Bulk/Quick Edit versions 1.6.10 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows an attacker to perform unauthorized actions on a user's account. This can be achieved by...