Lucene search
K

8313 matches found

Nuclei
Nuclei
added yesterday105 views

Cloudpanel 2 < 2.3.1 - Remote Code Execution

CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication. id: CVE-2023-35885 info: name: Cloudpanel 2 2.3.1 - Remote Code Execution author: DhiyaneshDk severity: critical description: | CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication. impact: | Successfu...

9.8CVSS7AI score0.75315EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday325 views

Sitecore - Remote Code Execution

Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3. id: CVE-2023-35813 info: name: Sitecore - Remote Code Execution author: DhiyaneshDk,iamnoooob severity: critical description: | Multiple Sitecore...

9.8CVSS7.2AI score0.86685EPSS
Exploits7References5
Nuclei
Nuclei
added yesterday245 views

Sitecore Experience Platform <= 10.4 - Arbitrary File Read

An issue was discovered in Sitecore Experience Platform XP, Experience Manager XM, and Experience Commerce XC 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files. id: CVE-2024-46938 info: name: Sitecore Experience Platform = 10.4 - Arbitrary File...

7.5CVSS6.2AI score0.46077EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday60 views

Prodigy Commerce <= 3.3.0 - Local File Inclusion

Prodigy Commerce WordPress plugin = 3.2.9 contains a local file inclusion caused by improper sanitization of 'parameterstemplatename' parameter, letting unauthenticated attackers include and execute arbitrary files remotely. id: CVE-2026-0926 info: name: Prodigy Commerce = 3.3.0 - Local File...

9.8CVSS6.3AI score0.09396EPSS
Exploits5References2
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43088

vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest registration versions:...

6.1AI score0.00236EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43062

Incorrect Authorization vulnerability in Drupal Commerce Realex / Global Payments allows Forceful Browsing. This issue affects Commerce Realex / Global Payments versions: from 0.0.0 to 3.0.2...

6.1AI score0.0018EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43115

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Commerce Core allows Stored XSS. This issue affects Commerce Core versions: from 3.3.0 to 3.3.6...

6.1AI score0.00161EPSS
Exploits0References2
NVD
NVD
added 4 days ago5 views

CVE-2026-15089

vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest registration versions:...

9.1CVSS0.00236EPSS
Exploits0References1
NVD
NVD
added 4 days ago3 views

CVE-2026-13238

Incorrect Authorization vulnerability in Drupal Commerce Realex / Global Payments allows Forceful Browsing. This issue affects Commerce Realex / Global Payments versions: from 0.0.0 to 3.0.2...

4.8CVSS0.0018EPSS
Exploits0References1
NVD
NVD
added 4 days ago3 views

CVE-2026-10769

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Commerce Core allows Stored XSS. This issue affects Commerce Core versions: from 3.3.0 to 3.3.6...

0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-15089 Commerce guest registration - Critical - Unsupported - SA-CONTRIB-2026-079

vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest registration versions:...

0.00236EPSS
Exploits0References1
CVE
CVE
added 4 days ago8 views

CVE-2026-15089

The CVE-2026-15089 entry concerns a vulnerability in Drupal Commerce guest registration. Affected component: Drupal Commerce guest registration feature; details on affected versions are not provided beyond “. ” in the documents. The CVSS 3.1 base score is listed as 9.1 (CRITICAL) with high confid...

9.1CVSS6.1AI score0.00236EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-13238 Commerce Realex / Global Payments - Moderately critical - Access Bypass - SA-CONTRIB-2026-058

Incorrect Authorization vulnerability in Drupal Commerce Realex / Global Payments allows Forceful Browsing. This issue affects Commerce Realex / Global Payments versions: from 0.0.0 to 3.0.2...

0.0018EPSS
Exploits0References1
CVE
CVE
added 4 days ago14 views

CVE-2026-13238

CVE-2026-13238 describes an incorrect authorization flaw in Drupal Commerce Realex / Global Payments. The issue permits forceful browsing when the gateway is configured with the redirect payment method, due to insufficient verification of the payment response from Global Payments. Affected versio...

4.8CVSS6.1AI score0.0018EPSS
Exploits0References1
CVE
CVE
added 4 days ago26 views

CVE-2026-10769

CVE-2026-10769 describes an Stored XSS in Drupal Commerce Core due to improper neutralization of input during web page generation. Affected versions are Commerce Core 3.3.0 through 3.3.6. Multiple connected sources (NVD/NVD entry, CVE listing, DRUPAL-SA-CONTRIB-2026-041 and OSV entry) corroborate...

6.1AI score0.00161EPSS
Exploits0References1
NVD
NVD
added 4 days ago6 views

CVE-2026-9726

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal AlternativeCommerce Basket allows Object Injection. This issue affects Drupal AlternativeCommerce Basket versions: from 0.0.0 to 2.1.17...

0.00161EPSS
Exploits0References1
NVD
NVD
added 2026/07/05 6:16 a.m.10 views

CVE-2026-14713

A security flaw has been discovered in SourceCodester Pizzafy E-Commerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=confirmorder. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been...

7.5CVSS0.00263EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/05 5:15 a.m.32 views

CVE-2026-14713 SourceCodester Pizzafy E-Commerce System ajax.php confirm_order sql injection

A security flaw has been discovered in SourceCodester Pizzafy E-Commerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=confirmorder. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been...

7.5CVSS0.00263EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/05 5:15 a.m.7 views

CVE-2026-14713

A security flaw has been discovered in SourceCodester Pizzafy E-Commerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=confirmorder. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been...

7.5CVSS6.8AI score0.00263EPSS
Exploits0References6Affected Software1
Nuclei
Nuclei
added 2026/06/26 6:13 p.m.25 views

Adobe Commerce (Magento) - Remote Code Execution

Adobe Commerce versions 2.4.3-p1 and earlier and 2.3.7-p2 and earlier are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution. id: CVE-2022-24086 info: name:...

10CVSS7.8AI score0.99199EPSS
Exploits5References4
Rows per page
Query Builder