8313 matches found
Cloudpanel 2 < 2.3.1 - Remote Code Execution
CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication. id: CVE-2023-35885 info: name: Cloudpanel 2 2.3.1 - Remote Code Execution author: DhiyaneshDk severity: critical description: | CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication. impact: | Successfu...
Sitecore - Remote Code Execution
Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3. id: CVE-2023-35813 info: name: Sitecore - Remote Code Execution author: DhiyaneshDk,iamnoooob severity: critical description: | Multiple Sitecore...
Sitecore Experience Platform <= 10.4 - Arbitrary File Read
An issue was discovered in Sitecore Experience Platform XP, Experience Manager XM, and Experience Commerce XC 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files. id: CVE-2024-46938 info: name: Sitecore Experience Platform = 10.4 - Arbitrary File...
Prodigy Commerce <= 3.3.0 - Local File Inclusion
Prodigy Commerce WordPress plugin = 3.2.9 contains a local file inclusion caused by improper sanitization of 'parameterstemplatename' parameter, letting unauthenticated attackers include and execute arbitrary files remotely. id: CVE-2026-0926 info: name: Prodigy Commerce = 3.3.0 - Local File...
EUVD-2026-43088
vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest registration versions:...
EUVD-2026-43062
Incorrect Authorization vulnerability in Drupal Commerce Realex / Global Payments allows Forceful Browsing. This issue affects Commerce Realex / Global Payments versions: from 0.0.0 to 3.0.2...
EUVD-2026-43115
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Commerce Core allows Stored XSS. This issue affects Commerce Core versions: from 3.3.0 to 3.3.6...
CVE-2026-15089
vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest registration versions:...
CVE-2026-13238
Incorrect Authorization vulnerability in Drupal Commerce Realex / Global Payments allows Forceful Browsing. This issue affects Commerce Realex / Global Payments versions: from 0.0.0 to 3.0.2...
CVE-2026-10769
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Commerce Core allows Stored XSS. This issue affects Commerce Core versions: from 3.3.0 to 3.3.6...
CVE-2026-15089 Commerce guest registration - Critical - Unsupported - SA-CONTRIB-2026-079
vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest registration versions:...
CVE-2026-15089
The CVE-2026-15089 entry concerns a vulnerability in Drupal Commerce guest registration. Affected component: Drupal Commerce guest registration feature; details on affected versions are not provided beyond “. ” in the documents. The CVSS 3.1 base score is listed as 9.1 (CRITICAL) with high confid...
CVE-2026-13238 Commerce Realex / Global Payments - Moderately critical - Access Bypass - SA-CONTRIB-2026-058
Incorrect Authorization vulnerability in Drupal Commerce Realex / Global Payments allows Forceful Browsing. This issue affects Commerce Realex / Global Payments versions: from 0.0.0 to 3.0.2...
CVE-2026-13238
CVE-2026-13238 describes an incorrect authorization flaw in Drupal Commerce Realex / Global Payments. The issue permits forceful browsing when the gateway is configured with the redirect payment method, due to insufficient verification of the payment response from Global Payments. Affected versio...
CVE-2026-10769
CVE-2026-10769 describes an Stored XSS in Drupal Commerce Core due to improper neutralization of input during web page generation. Affected versions are Commerce Core 3.3.0 through 3.3.6. Multiple connected sources (NVD/NVD entry, CVE listing, DRUPAL-SA-CONTRIB-2026-041 and OSV entry) corroborate...
CVE-2026-9726
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal AlternativeCommerce Basket allows Object Injection. This issue affects Drupal AlternativeCommerce Basket versions: from 0.0.0 to 2.1.17...
CVE-2026-14713
A security flaw has been discovered in SourceCodester Pizzafy E-Commerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=confirmorder. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been...
CVE-2026-14713 SourceCodester Pizzafy E-Commerce System ajax.php confirm_order sql injection
A security flaw has been discovered in SourceCodester Pizzafy E-Commerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=confirmorder. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been...
CVE-2026-14713
A security flaw has been discovered in SourceCodester Pizzafy E-Commerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=confirmorder. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been...
Adobe Commerce (Magento) - Remote Code Execution
Adobe Commerce versions 2.4.3-p1 and earlier and 2.3.7-p2 and earlier are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution. id: CVE-2022-24086 info: name:...