Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

CVE
CVEadded 2026/05/20 1:25 a.m.5 views

CVE-2026-3985

The Creative Mail – Easier WordPress & WooCommerce Email Marketing plugin for WordPress is vulnerable to a SQL Injection via the checkout_uuid parameter in all versions up to 1.6.9. Root cause: insufficient escaping of user input and lack of proper SQL preparation in the has_checkout_consent() qu...

7.5CVSS5.9AI score0.00093EPSS
Exploits0References4
NVD
NVDadded 2026/04/15 11:16 p.m.4 views

CVE-2026-4949

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.16.12. This is due to the 'processcheckout' function not properly enforcing...

4.3CVSS0.00041EPSS
Exploits0References7
ATTACKERKB
ATTACKERKBadded 2026/04/15 10:26 p.m.0 views

CVE-2026-4949

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.16.12. This is due to the 'processcheckout' function not properly enforcing...

4.3CVSS5.9AI score0.00041EPSS
Exploits0References8
Veracode
Veracodeadded 2022/06/09 4:56 a.m.19 views

Command Injection

cookiecutter is vulnerable to command injection. The vulnerability exists in the clone function in vcs.py due to a lack of sanitization in checkout parameter which allows an attacker to inject and execute arbitrary codes...

9.8CVSS9.4AI score0.02224EPSS
Exploits1References7Affected Software1
PyPA
PyPAadded 2022/06/08 8:15 a.m.5 views

PYSEC-2022-204

The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be...

9.8CVSS7.7AI score0.02224EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKBadded 2022/06/03 8:0 p.m.2 views

CVE-2022-24065

The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be...

9.8CVSS5.7AI score0.02224EPSS
Exploits1References8
Positive Technologies
Positive Technologiesadded 2022/06/03 12:0 a.m.2 views

PT-2022-16446 · Unknown +1 · Cookiecutter +1

Name of the Vulnerable Software and Affected Versions: cookiecutter versions prior to 2.1.1 Description: The issue concerns Command Injection via hg argument injection. When the cookiecutter function is called from Python code with the checkout parameter, it is passed to the hg checkout command i...

9.8CVSS9.8AI score0.02224EPSS
Exploits1References30
Rows per page
Query Builder