CVE-2026-6937 Appointment Booking Calendar <= 1.6.11.8 - Missing Authorization to Unauthenticated Arbitrary Modification via Bulk Appointments REST API Endpoint

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.6.11.8 due to the plugin not properly verifying that a user is authorized to perform an action via the bulk appointmen...

PT-2026-44216

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.6.11.8 due to the plugin not properly verifying that a user is authorized to perform an action via the bulk appointmen...

EUVD-2023-58461

Malicious code in bioql PyPI...

PT-2025-26591 · Innoshop · Innoshop

Name of the Vulnerable Software and Affected Versions: Innoshop versions 0.4.1 and earlier Description: The issue allows for Insecure Direct Object Reference IDOR at multiple places within the frontend shop. This can be exploited by creating a customer account, allowing an attacker to disclose th...

CVE-2024-21514

This affects versions of the package opencart/opencart from 0.0.0. An SQL Injection issue was identified in the Divido payment extension for OpenCart, which is included by default in version 3.0.3.9. As an anonymous unauthenticated user, if the Divido payment module is installed it does not have ...

SQL injection in opencart

This affects versions of the package opencart/opencart from 0.0.0. An SQL Injection issue was identified in the Divido payment extension for OpenCart, which is included by default in version 3.0.3.9. As an anonymous unauthenticated user, if the Divido payment module is installed it does not have ...

HT Mega < 2.4.7 - Unauthenticated Order Data Disclosure

Description The plugin is vulnerable to Sensitive Information Exposure via the purchasedproducts function, allowing unauthenticatied attackers to extract sensitive data including the previous 7 days of order data including products and customer PII...

Massive data leakage in Vodafone Australia !

Australian media giant Fairfax leads today with dramatic claims that customer data from mobile phone company Vodafone Australia is routinely falling into the wrong hands, thanks to lax database security. According to Fairfax, Vodafone's customer database is accessible to all its dealers over the...