CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

59 matches found

CNNVD•added 2026/05/15 12:0 a.m.•6 views

Vvveb 安全漏洞

Vvveb is a powerful and easy-to-use CMS developed by Givan’s individual developers. It is used to build websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.3 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the checkout endpoint accepted...

7.6CVSS5.8AI score0.002EPSS

Exploits0References1

NVD•added 2026/01/16 5:16 a.m.•7 views

CVE-2026-1000

The MailerLite - WooCommerce integration plugin for WordPress is vulnerable to unauthorized data modification and deletion in all versions up to, and including, 3.1.3. This is due to missing capability checks on the resetIntegration function. This makes it possible for authenticated attackers, wi...

6.5CVSS0.00282EPSS

Exploits0References5

Vulnrichment•added 2026/01/16 4:44 a.m.•4 views

CVE-2026-1000 MailerLite - WooCommerce integration <= 3.1.3 - Missing Authorization to Data Deletion

6.5CVSS4.9AI score0.00282EPSS

Exploits0References5

RedhatCVE•added 2026/01/07 9:27 a.m.•4 views

CVE-2019-12241

The Carts Guru plugin 1.4.5 for WordPress allows Insecure Deserialization via a cartsguru-source cookie to classes/wc-cartsguru-event-handler.php...

9.8CVSS6.9AI score0.02347EPSS

Exploits1References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2019-3886

Malware in sbrugna...

9.8CVSS9.5AI score0.02347EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2002-2280

Malware in sbrugna...

6.4CVSS6.4AI score0.01222EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2005-1224

Malware in sbrugna...

7.5CVSS6.4AI score0.01316EPSS

Exploits1References4

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2025-15024

Malicious code in bioql PyPI...

6.5CVSS7.3AI score0.00326EPSS

Exploits0References9

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-42559

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00186EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-43349

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00666EPSS

Exploits1References2

OSV•added 2025/08/14 6:52 p.m.•2 views

MAL-2025-8640 Malicious code in @malware-test-films-norks-carts-ranks/test-mlw3-films-norks-carts-ranks (npm)

The package @malware-test-films-norks-carts-ranks/test-mlw3-films-norks-carts-ranks was found to contain malicious code...

7.2AI score

Exploits0

RedhatCVE•added 2025/05/23 8:57 a.m.•4 views

CVE-2024-47634

Cross-Site Request Forgery CSRF vulnerability in Streamline CartBounty – Save and recover abandoned carts for WooCommerce woo-save-abandoned-carts allows Cross Site Request Forgery.This issue affects CartBounty – Save and recover abandoned carts for WooCommerce: from n/a through = 8.2...

9.8CVSS5.9AI score0.00186EPSS

Exploits0References1

RedhatCVE•added 2025/05/03 11:59 a.m.•13 views

CVE-2025-3874

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.3 due to lack of randomization of a user controlled key. This makes it possible for unauthenticated attackers to access customer shopping carts and...

6.5CVSS6.9AI score0.00326EPSS

Exploits0References1

NVD•added 2025/05/01 12:15 p.m.•13 views

CVE-2025-3874

6.5CVSS0.00326EPSS

Exploits0References9

CVE•added 2025/05/01 11:11 a.m.•64 views

CVE-2025-3874

CVE-2025-3874 affects the WordPress plugin “WordPress Simple Shopping Cart.” The issue is an Insecure Direct Object Reference caused by lack of randomization of a user-controlled key, enabling unauthenticated users to access customer carts, edit product links, add/delete products, and discover co...

6.5CVSS6.3AI score0.00326EPSS

Exploits0References9Affected Software1

OSV•added 2024/10/20 11:15 a.m.•0 views

CVE-2024-47634

Cross-Site Request Forgery CSRF vulnerability in Streamline.Lv CartBounty – Save and recover abandoned carts for WooCommerce allows Cross Site Request Forgery.This issue affects CartBounty – Save and recover abandoned carts for WooCommerce: from n/a through 8.2...

9.8CVSS5.8AI score0.00186EPSS

Exploits0References1

Patchstack•added 2024/09/30 11:42 a.m.•2 views

WordPress CartBounty plugin <= 8.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin CartBounty – Save and recover abandoned carts for WooCommerce versions = 8.2...

9.8CVSS7AI score0.00186EPSS

Exploits0Affected Software1

Veracode•added 2024/05/16 8:8 a.m.•18 views

Unauthorized Data Access

Klaviyo Magento 2 is vulnerable to Unauthorized Data Access. The vulnerability is due to insufficient access controls in an endpoint, allowing attackers to read private customer data from stores by reclaiming guest-carts and accessing order details via the Magento API...

6.9AI score

Exploits0

Positive Technologies•added 2024/05/15 12:0 a.m.•2 views

PT-2024-40329 · Klaviyo · Klaviyo Magento 2

Name of the Vulnerable Software and Affected Versions: Klaviyo Magento 2 affected versions not specified Description: A researcher discovered an issue in a third-party module that allows reading private customer data from stores. This is achieved by reclaiming any guest-cart as one's own and then...

6.9AI score

Exploits0References5

ATTACKERKB•added 2023/11/22 7:15 a.m.•3 views

CVE-2023-47392

An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the carts of other users via sending a crafted add order request...

5.3CVSS6AI score0.005EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by