Lucene search
K

432 matches found

Cvelist
Cvelist
added 3 days ago37 views

CVE-2026-12738 WP Easy Pay <= 4.5.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Status Modification via wpep_draft_confirm AJAX Action

The WP Easy Pay – Payment and Donation form Builder for Square plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.5.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00213EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/05 7:45 p.m.23 views

CVE-2026-14767 CodeAstro Ecommerce Website POST Parameter confirm.php sql injection

A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. This affects an unknown part of the file /ecommerce-website-php/customer/confirm.php of the component POST Parameter Handler. The manipulation of the argument invoiceno results in sql injection. The attack can be executed...

6.5CVSS0.00204EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/05 7:45 p.m.7 views

EUVD-2026-41777

A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. This affects an unknown part of the file /ecommerce-website-php/customer/confirm.php of the component POST Parameter Handler. The manipulation of the argument invoiceno results in sql injection. The attack can be executed...

6.5CVSS6.5AI score0.00204EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/05 7:45 p.m.8 views

CVE-2026-14767

A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. This affects an unknown part of the file /ecommerce-website-php/customer/confirm.php of the component POST Parameter Handler. The manipulation of the argument invoiceno results in sql injection. The attack can be executed...

6.5CVSS6.5AI score0.00204EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/07/05 5:15 a.m.32 views

CVE-2026-14713 SourceCodester Pizzafy E-Commerce System ajax.php confirm_order sql injection

A security flaw has been discovered in SourceCodester Pizzafy E-Commerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=confirmorder. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been...

7.5CVSS0.00263EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/05 5:15 a.m.7 views

CVE-2026-14713

A security flaw has been discovered in SourceCodester Pizzafy E-Commerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=confirmorder. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been...

7.5CVSS6.8AI score0.00263EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/07/05 5:15 a.m.14 views

EUVD-2026-41728

A security flaw has been discovered in SourceCodester Pizzafy E-Commerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=confirmorder. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been...

7.5CVSS6.8AI score0.00263EPSS
Exploits0References6
CVE
CVE
added 2026/07/05 5:15 a.m.18 views

CVE-2026-14713

SourceCodester Pizzafy E-Commerce System 1.0 is affected by a remote SQL injection in /admin/ajax.php?action=confirm_order caused by manipulating the ID parameter. The vulnerability allows remote exploitation and has publicly released PoC code. Documented metrics indicate high severity (CVSS up t...

7.5CVSS6.8AI score0.00263EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.9 views

PT-2026-55819

Name of the Vulnerable Software and Affected Versions CodeAstro Ecommerce Website version 1.0 Description An SQL injection flaw exists in the POST Parameter Handler component within the file /ecommerce-website-php/customer/confirm.php. A remote attacker can exploit this by manipulating the invoic...

6.5CVSS6.7AI score0.00204EPSS
Exploits0References12
NVD
NVD
added 2026/06/26 9:16 a.m.10 views

CVE-2026-1869

The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing validation checks in the confirmpayment function in all...

6.5CVSS0.0018EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 7:54 a.m.8 views

EUVD-2026-39639

The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing validation checks in the confirmpayment function in all...

6.5CVSS5.8AI score0.0018EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 7:54 a.m.37 views

CVE-2026-1869

CVE-2026-1869 concerns the WordPress plugin “User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder.” The vulnerability is caused by missing validation checks in the confirm_payment() function across all...

6.5CVSS5.8AI score0.0018EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 10:13 p.m.11 views

EUVD-2026-31389

golang.org/x/crypto/ssh/agent doesn't enforce invoking key constraints...

9.1CVSS5.8AI score0.0036EPSS
Exploits0References7
OSV
OSV
added 2026/06/25 10:13 p.m.6 views

GHSA-JPPX-RXG9-JMRX golang.org/x/crypto doesn't enforce invoking key constraints

The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...

9.1CVSS6AI score0.0036EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/06/25 10:13 p.m.8 views

golang.org/x/crypto doesn't enforce invoking key constraints

The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...

9.1CVSS6AI score0.0036EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2026/06/24 4:30 p.m.28 views

CVE-2026-53072 Bluetooth: fix locking in hci_conn_request_evt() with HCI_PROTO_DEFER

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix locking in hciconnrequestevt with HCIPROTODEFER When protocol sets HCIPROTODEFER, hciconnrequestevt calls hciconnectcfmconn without hdev-lock. Generally hciconnectcfm assumes it is held, and if conn is deleted...

8.8CVSS0.00247EPSS
Exploits0References8
NVD
NVD
added 2026/06/20 4:17 p.m.13 views

CVE-2026-56332

Capgo before 12.128.2 contains an open redirect vulnerability in the confirm-signup endpoint that allows attackers to redirect users to arbitrary external websites. The confirmationurl parameter is not validated, enabling attackers to craft malicious links for phishing and credential harvesting...

5.1CVSS0.0018EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/20 3:24 p.m.12 views

EUVD-2026-38127

Capgo before 12.128.2 contains an open redirect vulnerability in the confirm-signup endpoint that allows attackers to redirect users to arbitrary external websites. The confirmationurl parameter is not validated, enabling attackers to craft malicious links for phishing and credential harvesting...

5.1CVSS6AI score0.0018EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/20 3:24 p.m.6 views

CVE-2026-56332

Capgo before 12.128.2 contains an open redirect vulnerability in the confirm-signup endpoint that allows attackers to redirect users to arbitrary external websites. The confirmationurl parameter is not validated, enabling attackers to craft malicious links for phishing and credential harvesting...

5.1CVSS6AI score0.0018EPSS
Exploits0References3
CVE
CVE
added 2026/06/20 3:24 p.m.24 views

CVE-2026-56332

Capgo

5.1CVSS6AI score0.0018EPSS
Exploits0References2
Rows per page
Query Builder