Lucene search
+L

1757 matches found

EUVD
EUVD
added 2026/06/20 4:43 p.m.14 views

EUVD-2026-38128

Prefect version 3.6.23 is vulnerable to remote code execution due to improper handling of user-controlled input in the GitRepository storage class. The commitsha parameter, which is passed to git commands, lacks validation and does not include a -- separator to distinguish user input from git...

9.9CVSS8.2AI score0.00874EPSS
Exploits3References1
Cvelist
Cvelist
added 2026/06/20 4:43 p.m.38 views

CVE-2026-5366 Git Argument Injection in prefecthq/prefect

Prefect version 3.6.23 is vulnerable to remote code execution due to improper handling of user-controlled input in the GitRepository storage class. The commitsha parameter, which is passed to git commands, lacks validation and does not include a -- separator to distinguish user input from git...

9.9CVSS0.00874EPSS
Exploits3References1
OSV
OSV
added 2026/06/20 4:43 p.m.5 views

CVE-2026-5366 Git Argument Injection in prefecthq/prefect

Prefect version 3.6.23 is vulnerable to remote code execution due to improper handling of user-controlled input in the GitRepository storage class. The commitsha parameter, which is passed to git commands, lacks validation and does not include a -- separator to distinguish user input from git...

9.9CVSS8AI score0.00874EPSS
Exploits3References3
NVD
NVD
added 2026/06/20 4:17 p.m.15 views

CVE-2026-56330

Capgo before 12.128.2 contains an open redirect vulnerability in stripeportal and stripecheckout endpoints that accept unvalidated callbackUrl, successUrl, and cancelUrl parameters. Authenticated attackers can craft malicious billing URLs to redirect users to attacker-controlled domains for...

4.8CVSS0.00152EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/20 3:24 p.m.11 views

EUVD-2026-38126

Capgo before 12.128.2 contains an open redirect vulnerability in stripeportal and stripecheckout endpoints that accept unvalidated callbackUrl, successUrl, and cancelUrl parameters. Authenticated attackers can craft malicious billing URLs to redirect users to attacker-controlled domains for...

4.8CVSS5.9AI score0.00152EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/20 3:24 p.m.30 views

CVE-2026-56330 Capgo - Open Redirect via Unvalidated Stripe Billing URLs

Capgo before 12.128.2 contains an open redirect vulnerability in stripeportal and stripecheckout endpoints that accept unvalidated callbackUrl, successUrl, and cancelUrl parameters. Authenticated attackers can craft malicious billing URLs to redirect users to attacker-controlled domains for...

4.8CVSS0.00152EPSS
Exploits0References2
OSV
OSV
added 2026/06/20 3:24 p.m.5 views

CVE-2026-56330 Capgo - Open Redirect via Unvalidated Stripe Billing URLs

Capgo before 12.128.2 contains an open redirect vulnerability in stripeportal and stripecheckout endpoints that accept unvalidated callbackUrl, successUrl, and cancelUrl parameters. Authenticated attackers can craft malicious billing URLs to redirect users to attacker-controlled domains for...

4.8CVSS6AI score0.00152EPSS
Exploits0References4
CVE
CVE
added 2026/06/20 3:24 p.m.38 views

CVE-2026-56330

Capgo prior to 12.128.2 has an open redirect in the stripe_portal and stripe_checkout endpoints that accept unvalidated callbackUrl, successUrl, and cancelUrl parameters. Authenticated attackers can craft malicious billing URLs to redirect users to attacker-controlled domains for phishing and cre...

4.8CVSS5.9AI score0.00152EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.20 views

PT-2026-51158

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An open redirect issue exists in the 'stripe portal' and 'stripe checkout' endpoints. These endpoints accept unvalidated callbackUrl, successUrl, and cancelUrl parameters. Authenticated attackers ca...

4.8CVSS5.9AI score0.00152EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/06/19 6:51 a.m.38 views

CVE-2026-6798 2Download Connector for 2DL Hosted Checkout <= 0.1.5 - Missing Authorization to Unauthenticated Sensitive Customer Subscription Data Exposure via 'ToDownload_email' Parameter

The 2Download Connector for 2DL Hosted Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 0.1.5. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS0.00299EPSS
Exploits0References8
CVE
CVE
added 2026/06/19 6:51 a.m.21 views

CVE-2026-6798

The CVE-2026-6798 entry concerns the WordPress plugin “2Download Connector for 2DL Hosted Checkout.” According to connected sources, all versions up to and including 0.1.5 are vulnerable to unauthorized access due to insufficient authorization checks, enabling unauthenticated attackers to view se...

5.3CVSS6AI score0.00299EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/19 6:51 a.m.13 views

EUVD-2026-37996

The 2Download Connector for 2DL Hosted Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 0.1.5. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS6AI score0.00299EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.29 views

PT-2026-50849

Name of the Vulnerable Software and Affected Versions STRABL – A checkout solution plugin for WordPress versions prior to 4.6 Description The plugin contains a missing authentication flaw in the REST API webhook endpoint "/wp-json/strabl/webhook/order". The endpoint uses a permission callback set...

5.3CVSS5.9AI score0.00382EPSS
Exploits0References20
Patchstack
Patchstack
added 2026/06/18 5:50 p.m.10 views

WordPress STRABL – A checkout solution plugin <= 4.5 - Unauthenticated Arbitrary Webhook Creation vulnerability

Unauthenticated Arbitrary Webhook Creation vulnerability discovered by Teerachai Somprasong in WordPress Plugin STRABL – A checkout solution versions = 4.5...

5.3CVSS5.3AI score0.00382EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/18 5:37 p.m.8 views

WordPress 2Download Connector for 2DL Hosted Checkout plugin <= 0.1.5 - Missing Authorization to Unauthenticated Sensitive Customer Subscription Data Exposure vulnerability

Missing Authorization to Unauthenticated Sensitive Customer Subscription Data Exposure vulnerability discovered by Mohamed Haidar in WordPress Plugin 2Download Connector for 2DL Hosted Checkout versions = 0.1.5...

5.3CVSS5.3AI score0.00299EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/18 10:21 a.m.32 views

CVE-2026-54419

PIAF-HMS (PBX-In-A-Flash Hotel Management System) contains multiple unauthenticated SQL injection vulnerabilities. The app has no authentication and passes user-supplied HTTP parameters directly into deprecated mysql_query() calls via string concatenation, without sanitization, escaping, or param...

9.8CVSS5.8AI score0.00587EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/18 10:21 a.m.30 views

CVE-2026-54419 PIAF-HMS multiple unauthenticated SQL injection vulnerabilities via mysql_query

claudiopizzillo PIAF-HMS PBX-In-A-Flash Hotel Management System; no released versions, latest commit 389d2633441b65ced1c104212cd62be2bfca21e5 contains multiple unauthenticated SQL injection vulnerabilities. The application has no authentication mechanism and passes user-supplied HTTP parameters...

9.8CVSS0.00587EPSS
Exploits0References3
NVD
NVD
added 2026/06/15 9:17 p.m.14 views

CVE-2026-52695

Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout = 1.8.2 versions...

7.5CVSS0.00243EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:19 p.m.23 views

CVE-2026-52695

CVE-2026-52695 affects the WordPress plugin ABC Crypto Checkout (versions

7.5CVSS5.2AI score0.00243EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 8:19 p.m.10 views

CVE-2026-52695 WordPress ABC Crypto Checkout plugin <= 1.8.2 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout = 1.8.2 versions...

7.5CVSS5.2AI score0.00243EPSS
Exploits0References1
Rows per page
Query Builder