Lucene search
K

82 matches found

EUVD
EUVD
added 2026/06/04 5:52 p.m.9 views

EUVD-2026-34315

Froxlor is open source server administration software. Version 2.3.6 contains a symlink-following flaw in the root-owned SSH key synchronization path used for customer FTP users. The provisioning code appends public keys to /.ssh/authorizedkeys under a customer-controlled home directory without...

8.8CVSS5.9AI score0.00366EPSS
Exploits0References2
CVE
CVE
added 2026/02/06 8:47 p.m.26 views

CVE-2026-25597

Summary (CVE-2026-25597): PrestaShop prior to 8.2.4 and 9.0.3 exposes a time-based user enumeration vulnerability in the login/authentication flow, allowing an attacker to deduce whether a customer account exists by measuring response times. The issue is fixed in versions 8.2.4 and 9.0.3. Impact ...

5.3CVSS5.5AI score0.00269EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/07 4:48 a.m.6 views

CVE-2025-11271

The Easy Digital Downloads plugin for WordPress is vulnerable to Order Manipulation in all versions up to, and including, 3.5.2 due to an order verification bypass. The verification is unconditionally skipped when the POST body includes verificationoverride=1. Because this value is...

5.3CVSS6.3AI score0.00269EPSS
Exploits0References1
OSV
OSV
added 2025/11/06 5:15 a.m.3 views

CVE-2025-11271

The Easy Digital Downloads plugin for WordPress is vulnerable to Order Manipulation in all versions up to, and including, 3.5.2 due to an order verification bypass. The verification is unconditionally skipped when the POST body includes verificationoverride=1. Because this value is...

5.3CVSS5.8AI score0.00269EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/06 4:36 a.m.4 views

CVE-2025-11271 Easy Digital Download <= 3.5.2 - Insufficient Verification to Order Manipulation

The Easy Digital Downloads plugin for WordPress is vulnerable to Order Manipulation in all versions up to, and including, 3.5.2 due to an order verification bypass. The verification is unconditionally skipped when the POST body includes verificationoverride=1. Because this value is...

5.3CVSS5.9AI score0.00269EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/06 4:36 a.m.6 views

CVE-2025-11271 Easy Digital Download <= 3.5.2 - Insufficient Verification to Order Manipulation

The Easy Digital Downloads plugin for WordPress is vulnerable to Order Manipulation in all versions up to, and including, 3.5.2 due to an order verification bypass. The verification is unconditionally skipped when the POST body includes verificationoverride=1. Because this value is...

5.3CVSS0.00269EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.10 views

EUVD-2019-2693

Malware in sbrugna...

9.8CVSS9.5AI score0.03378EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-16975

Malware in sbrugna...

9.8CVSS9.5AI score0.01402EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-4539

Malware in sbrugna...

8.1CVSS8.2AI score0.01201EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-26462

Malware in sbrugna...

7.6CVSS6.5AI score0.00851EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-24616

Malware in sbrugna...

6.1CVSS6.3AI score0.01353EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2025-20511

Malicious code in bioql PyPI...

9.8CVSS7.5AI score0.00399EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-18869

Malicious code in bioql PyPI...

6.4CVSS6.6AI score0.00265EPSS
Exploits0References2
NVD
NVD
added 2025/09/30 11:37 a.m.4 views

CVE-2025-7038

The LatePoint plugin for WordPress is vulnerable to Authentication Bypass due to insufficient identity verification within the stepsloadstep route of the latepointroutecall AJAX endpoint in all versions up to, and including, 5.1.94. The endpoint reads the client-supplied customer email and relate...

8.2CVSS0.00385EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/09/30 4:27 a.m.9 views

CVE-2025-7038 LatePoint <= 5.1.94 - Unauthenticated Authentication Bypass via load_step Function

The LatePoint plugin for WordPress is vulnerable to Authentication Bypass due to insufficient identity verification within the stepsloadstep route of the latepointroutecall AJAX endpoint in all versions up to, and including, 5.1.94. The endpoint reads the client-supplied customer email and relate...

8.2CVSS0.00385EPSS
Exploits0References5
OSV
OSV
added 2025/09/26 9:30 a.m.2 views

MAL-2025-47665 Malicious code in example-legacy-customer-account-flow (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2025/08/28 7:17 a.m.2 views

MAL-2025-41523 Malicious code in @twork-data-services/proxy-prime-api-v6-customer-account-lite-info (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
NVD
NVD
added 2025/08/20 6:15 p.m.5 views

CVE-2025-9237

A vulnerability was found in CodeAstro Ecommerce Website 1.0. This impacts an unknown function of the file /customer/myaccount.php?editaccount of the component Edit Your Account Page. Performing manipulation of the argument Username results in cross site scripting. It is possible to initiate the...

5.4CVSS0.00264EPSS
Exploits1References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.3 views

Malicious code in customer-account-ui-extensions (npm)

The package customer-account-ui-extensions was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.3 views

Malicious code in customer-account-ui-extensions-react (npm)

The package customer-account-ui-extensions-react was found to contain malicious code...

7AI score
Exploits0
Rows per page
Query Builder