CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

EUVD-2026-33550

An incorrect handling of permissions in OTRS External Interface and the ConfigItem List module allows an authenticated customer to query the system for CI information. Please note that CMDB has to be anabled and CustomerGroupSupport has to be used to be affected. This issue affects OTRS: 7.0.X...

3.5CVSS5.8AI score0.00021EPSS

Exploits0References1

CVE•added 3 days ago•10 views

CVE-2026-48190

CVE-2026-48190 describes an incorrect permissions handling in OTRS External Interface and the ConfigItem List module that allows an authenticated customer to query CI information. Affected products/versions include OTRS 7.0.x, 8.0.x, 2023.x–2026.x prior to 2026.4.x, with CMDB enabled and Customer...

3.5CVSS5.8AI score0.00021EPSS

Exploits0References1

NVD•added 2026/01/02 9:15 p.m.•5 views

CVE-2026-21447

Bagisto is an open source laravel eCommerce platform. Prior to version 2.3.10, an Insecure Direct Object Reference vulnerability in the customer order reorder function allows any authenticated customer to add items from another customer's order to their own shopping cart by manipulating the order...

7.1CVSS0.00014EPSS

Exploits1References2

RedhatCVE•added 2025/05/23 7:32 a.m.•6 views

CVE-2024-25841

In the module "So Flexibilite" soflexibilite from Common-Services for PrestaShop 4.1.26, a guest authenticated customer can perform Cross Site Scripting XSS injection...

5.9CVSS5.4AI score0.00085EPSS

Exploits1References1

Prion•added 2022/06/27 11:15 p.m.•14 views

Sql injection

prestashop/blockwishlist is a prestashop extension which adds a block containing the customer's wishlists. In affected versions an authenticated customer can perform SQL injection. This issue is fixed in version 2.1.1. Users are advised to upgrade. There are no known workarounds for this issue...

6.5CVSS8.6AI score0.56987EPSS

Exploits6References3Affected Software1