82 matches found
EUVD-2026-34315
Froxlor is open source server administration software. Version 2.3.6 contains a symlink-following flaw in the root-owned SSH key synchronization path used for customer FTP users. The provisioning code appends public keys to /.ssh/authorizedkeys under a customer-controlled home directory without...
CVE-2026-25597
Summary (CVE-2026-25597): PrestaShop prior to 8.2.4 and 9.0.3 exposes a time-based user enumeration vulnerability in the login/authentication flow, allowing an attacker to deduce whether a customer account exists by measuring response times. The issue is fixed in versions 8.2.4 and 9.0.3. Impact ...
CVE-2025-11271
The Easy Digital Downloads plugin for WordPress is vulnerable to Order Manipulation in all versions up to, and including, 3.5.2 due to an order verification bypass. The verification is unconditionally skipped when the POST body includes verificationoverride=1. Because this value is...
CVE-2025-11271
The Easy Digital Downloads plugin for WordPress is vulnerable to Order Manipulation in all versions up to, and including, 3.5.2 due to an order verification bypass. The verification is unconditionally skipped when the POST body includes verificationoverride=1. Because this value is...
CVE-2025-11271 Easy Digital Download <= 3.5.2 - Insufficient Verification to Order Manipulation
The Easy Digital Downloads plugin for WordPress is vulnerable to Order Manipulation in all versions up to, and including, 3.5.2 due to an order verification bypass. The verification is unconditionally skipped when the POST body includes verificationoverride=1. Because this value is...
CVE-2025-11271 Easy Digital Download <= 3.5.2 - Insufficient Verification to Order Manipulation
The Easy Digital Downloads plugin for WordPress is vulnerable to Order Manipulation in all versions up to, and including, 3.5.2 due to an order verification bypass. The verification is unconditionally skipped when the POST body includes verificationoverride=1. Because this value is...
EUVD-2019-2693
Malware in sbrugna...
EUVD-2018-16975
Malware in sbrugna...
EUVD-2018-4539
Malware in sbrugna...
EUVD-2020-26462
Malware in sbrugna...
EUVD-2021-24616
Malware in sbrugna...
EUVD-2025-20511
Malicious code in bioql PyPI...
EUVD-2025-18869
Malicious code in bioql PyPI...
CVE-2025-7038
The LatePoint plugin for WordPress is vulnerable to Authentication Bypass due to insufficient identity verification within the stepsloadstep route of the latepointroutecall AJAX endpoint in all versions up to, and including, 5.1.94. The endpoint reads the client-supplied customer email and relate...
CVE-2025-7038 LatePoint <= 5.1.94 - Unauthenticated Authentication Bypass via load_step Function
The LatePoint plugin for WordPress is vulnerable to Authentication Bypass due to insufficient identity verification within the stepsloadstep route of the latepointroutecall AJAX endpoint in all versions up to, and including, 5.1.94. The endpoint reads the client-supplied customer email and relate...
MAL-2025-47665 Malicious code in example-legacy-customer-account-flow (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-41523 Malicious code in @twork-data-services/proxy-prime-api-v6-customer-account-lite-info (npm)
--- -= Per source details. Do not edit below this line.=-...
CVE-2025-9237
A vulnerability was found in CodeAstro Ecommerce Website 1.0. This impacts an unknown function of the file /customer/myaccount.php?editaccount of the component Edit Your Account Page. Performing manipulation of the argument Username results in cross site scripting. It is possible to initiate the...
Malicious code in customer-account-ui-extensions (npm)
The package customer-account-ui-extensions was found to contain malicious code...
Malicious code in customer-account-ui-extensions-react (npm)
The package customer-account-ui-extensions-react was found to contain malicious code...