Lucene search
K

4946 matches found

NVD
NVD
added 2026/05/29 7:16 p.m.10 views

CVE-2026-47741

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, CreateOrderFromCartAction::execute previously created the Order row before checking and incrementing the discount's totaluse counter. Under concurrent checkout pressure Black Friday, flash sale, viral coupon, the global usagelimit was...

5.9CVSS0.00239EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/29 5:58 p.m.8 views

CVE-2026-47744

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct authorization defects in the team settings allowed any authenticated panel user to take over the RBAC system. Settings/Team/Index had no mount authorization. Any authenticated user could load the page and use its public...

9.9CVSS6AI score0.00321EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/29 5:55 p.m.25 views

CVE-2026-47745

CVE-2026-47745 affects Shopper: Headless e-commerce Admin Panel. Before 2.8.0, admin tables for PaymentMethods, Currencies and Carriers exposed inline toggles and per-record actions (enable/disable/edit/delete) without per-action permission checks, allowing a low-privilege authenticated user to d...

6.5CVSS5.9AI score0.00221EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/28 8:13 p.m.8 views

CVE-2026-9364

A flaw has been found in projectworlds Online Art Gallery Shop 1.0. Impacted is an unknown function of the file /admin/adminHome.php. Executing a manipulation of the argument sociallinked can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be use...

7.5CVSS6.9AI score0.00254EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.9 views

AdminPanel 安全漏洞

AdminPanel is a database management panel developed by Jason000. Version 4.0 of AdminPanel contains a security vulnerability, which stems from a cross-site request forgeing vulnerability in the delete.php endpoint...

6.3CVSS5.7AI score0.00097EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 12:0 a.m.7 views

CVE-2026-30498

A Cross-Site Request Forgery CSRF vulnerability was discovered in the delete.php endpoint of Jason2605 AdminPanel 4.0...

5.8AI score0.00097EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 12:0 a.m.12 views

CVE-2026-30498

A CSRF vulnerability (CVE-2026-30498) affects Jason2605 AdminPanel 4.0, located in the delete.php endpoint. The issue is described across multiple sources as CSRF; no explicit exploit details, mitigations, or patch information are provided in the connected documents. CVSS v3.1 metrics indicate a ...

6.3CVSS5.8AI score0.00097EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/26 10:0 p.m.14 views

EUVD-2026-32018

A security vulnerability has been detected in SourceCodester eDoc Doctor Appointment System 1.0. This affects an unknown part of the file /admin/delete-session.php. The manipulation of the argument ID leads to missing authorization. Remote exploitation of the attack is possible. The exploit has...

6.9CVSS6.3AI score0.00325EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/26 3:0 a.m.40 views

CVE-2026-9525 itsourcecode Electronic Judging System edit_judge.php sql injection

A vulnerability has been found in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /admin/editjudge.php. The manipulation of the argument judgeid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may ...

7.5CVSS0.00319EPSS
Exploits0References5
NVD
NVD
added 2026/05/20 11:16 a.m.16 views

CVE-2026-0856

Improper Access Control vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables a normal user gaining access to the admin panel. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+3230...

7.8CVSS0.00126EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/20 10:38 a.m.12 views

CVE-2026-0856

Improper Access Control vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables a normal user gaining access to the admin panel. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+3230...

7.8CVSS5.8AI score0.00126EPSS
Exploits0References2
CVE
CVE
added 2026/05/20 10:38 a.m.19 views

CVE-2026-0856

The CVE-2026-0856 entry concerns an Improper Access Control vulnerability in the Mesalvo Meona Client Launcher Component and the Mesalvo Meona Server Component. A normal user can gain access to the admin panel due to weaknesses in authorization guards affecting the Client Launcher (up to 19.06.20...

7.8CVSS5.8AI score0.00126EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/20 10:38 a.m.12 views

CVE-2026-0856

Improper Access Control vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables a normal user gaining access to the admin panel. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+3230...

7.8CVSS5.8AI score0.00126EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/20 10:38 a.m.11 views

EUVD-2026-31093

Improper Access Control vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables a normal user gaining access to the admin panel. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+3230...

7.8CVSS5.8AI score0.00126EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/20 10:38 a.m.41 views

CVE-2026-0856

Improper Access Control vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables a normal user gaining access to the admin panel. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+3230...

7.8CVSS0.00126EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.14 views

PT-2026-42139

Improper Access Control vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables a normal user gaining access to the admin panel. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+3230...

7.8CVSS5.8AI score0.00126EPSS
Exploits0References2
NVD
NVD
added 2026/05/16 4:16 p.m.12 views

CVE-2020-37236

NewsLister contains an authenticated persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the title parameter in the news addition interface. Attackers can inject JavaScript payloads via the title field in the admin panel that...

6.4CVSS0.00235EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/16 3:25 p.m.7 views

CVE-2020-37236

NewsLister contains an authenticated persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the title parameter in the news addition interface. Attackers can inject JavaScript payloads via the title field in the admin panel that...

6.4CVSS5.7AI score0.00235EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/16 3:25 p.m.9 views

CVE-2020-37236 NewsLister Authenticated Persistent Cross-Site Scripting via Admin Panel

NewsLister contains an authenticated persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the title parameter in the news addition interface. Attackers can inject JavaScript payloads via the title field in the admin panel that...

6.4CVSS5.7AI score0.00235EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/16 3:25 p.m.11 views

EUVD-2020-31236

NewsLister contains an authenticated persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the title parameter in the news addition interface. Attackers can inject JavaScript payloads via the title field in the admin panel that...

6.4CVSS5.7AI score0.00235EPSS
Exploits0References3
Rows per page
Query Builder