Lucene search
+L

8 matches found

Cvelist
Cvelist
added 8 hours ago10 views

CVE-2026-12393 WPS Bookings for WooCommerce < 3.11.7 - Subscriber+ Arbitrary Booking Order Cancellation via IDOR

The WPS Bookings for WooCommerce WordPress plugin before 3.11.7 does not verify that a booking order belongs to the requesting user before cancelling it, allowing any authenticated user, such as a Subscriber or Customer, to cancel and void other customers' booking orders...

Exploits0References1
EUVD
EUVD
added 2026/07/02 8:33 a.m.7 views

EUVD-2026-41260

The Appointment Bookings for Zoom GoogleMeet and more – Wappointment plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to and including 2.7.6 via the appointmentkey parameter due to the appointment editkey — the sole authorization token consumed by tryCance...

5.3CVSS5.8AI score0.00297EPSS
Exploits0References10
EUVD
EUVD
added 2026/06/27 6:0 a.m.10 views

EUVD-2026-39946

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.16.17 does not verify that the user performing a subscription action owns the targeted subscription, allowing any authenticated user Subscriber+ to cancel other...

5.8AI score0.00222EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/13 12:0 a.m.6 views

mall-swarm 授权问题漏洞

mall-swarm is a microservice mall system. There is an authorization issue vulnerability in mall-swarm, which originates from the mishandling of the orderId parameter in the cancelOrder function in the file /order/cancelOrder, and no detailed vulnerability details are provided...

5.5CVSS6AI score0.00296EPSS
Exploits1References7
Code423n4
Code423n4
added 2024/01/08 12:0 a.m.18 views

Decisionmaking in the DAO is to slow which results in the DAO not been able to use the CANCELLER_ROLE properly

Lines of code Vulnerability details Impact The time that takes the DAO to vote on a proposal is to long for the DAO to be a proper address to cancel scheduled operations. That is why no scheduled operation will ever be cancelled and potentially malicious operations from security exploits will be...

7.3AI score
Exploits0
OSV
OSV
added 2023/11/03 11:6 a.m.10 views

OESA-2023-1777 nginx security update

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in...

7.5CVSS8.1AI score0.99999EPSS
Exploits19References2
OSV
OSV
added 2023/01/10 9:15 p.m.3 views

CVE-2022-45164

An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to cancel delete a booking, created by someone else - even if this basic user is not a member of the booking...

4.3CVSS5.8AI score0.00411EPSS
Exploits0References2
Code423n4
Code423n4
added 2022/11/14 12:0 a.m.10 views

Susceptible to reorg attack

Lines of code Vulnerability details Impact When reorg happens, it is possible that the cancelled order by the taker be executed by the maker. Proof of Concept Suppose userA is seller and userB is buyer, seller is maker, and buyer is taker. After some time, userB the buyer cancels the order by...

7AI score
Exploits0
Rows per page
Query Builder