CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

339 matches found

Cost Calculator Builder <= 3.2.15 - SQL Injection

The Cost Calculator Builder plugin for WordPress is vulnerable to SQL Injection via discount codes in versions up to, and including, 3.2.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

9.8CVSS5.7AI score0.23153EPSS

Exploits0References3

NVD•added last week•7 views

CVE-2026-47741

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, CreateOrderFromCartAction::execute previously created the Order row before checking and incrementing the discount's totaluse counter. Under concurrent checkout pressure Black Friday, flash sale, viral coupon, the global usagelimit was...

5.9CVSS0.00032EPSS

Exploits0References3

Cvelist•added last week•27 views

CVE-2026-47741 Shopper: Race condition on Discount.usage_limit allows silent over-redemption

5.9CVSS0.00032EPSS

Exploits0References3

Vulnrichment•added last week•9 views

CVE-2026-47741 Shopper: Race condition on Discount.usage_limit allows silent over-redemption

5.9CVSS5.8AI score0.00032EPSS

Exploits0References3

ATTACKERKB•added last week•6 views

CVE-2026-47741

5.9CVSS5.8AI score0.00032EPSS

Exploits0References4Affected Software1

EUVD•added last week•6 views

EUVD-2026-33409

5.9CVSS5.8AI score0.00032EPSS

Exploits0References3

CVE•added last week•9 views

CVE-2026-47741

CVE-2026-47741 affects Shopper, a Headless e-commerce Admin Panel. Before 2.8.0, CreateOrderFromCartAction::execute created the Order row before incrementing the discount’s total_use, allowing a race condition under concurrent checkout that silently exceeded the global usage_limit and applied the...

5.9CVSS5.8AI score0.00032EPSS

Exploits0References3

Positive Technologies•added 2026/05/29 12:0 a.m.•6 views

PT-2026-44942

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, CreateOrderFromCartAction::execute previously created the Order row before checking and incrementing the discount's total use counter. Under concurrent checkout pressure Black Friday, flash sale, viral coupon, the global usage limit wa...

5.9CVSS5.8AI score0.00032EPSS

Exploits0References4

CNNVD•added 2026/05/29 12:0 a.m.•4 views

shopper 安全漏洞

Shopper is an open-source e-commerce management backend developed by Shopper Labs. Versions of Shopper prior to 2.8.0 contained a security vulnerability. This vulnerability stemmed from the CreateOrderFromCartAction::execute function, which created order lines before checking and increasing the...

5.9CVSS5.8AI score0.00032EPSS

Exploits0References3

OSV•added 2026/05/18 4:37 p.m.•0 views

GHSA-9RH9-HF3W-9FGG shopper/framework: Race condition on Discount.usage_limit allows silent over-redemption

Impact CreateOrderFromCartAction::execute previously created the Order row before checking and incrementing the discount's totaluse counter. Under concurrent checkout pressure Black Friday, flash sale, viral coupon, the global usagelimit was silently exceeded: orders were committed with the...

5.9CVSS5.8AI score

Exploits0References6

Github Security Blog•added 2026/05/18 4:37 p.m.•11 views

shopper/framework: Race condition on Discount.usage_limit allows silent over-redemption

5.8AI score

Exploits0References6Affected Software1

SUSE CVE•added 2026/04/09 11:25 p.m.•1 views

SUSE CVE-2026-35201

Discount is an implementation of John Gruber's Markdown markup language in C. From 1.3.1.1 to before 2.2.7.4, a signed length truncation bug causes an out-of-bounds read in the default Markdown parse path. Inputs larger than INTMAX are truncated to a signed int before entering the native parser,...

5.9CVSS5.9AI score0.00077EPSS

Exploits1References3

Tenable Nessus•added 2026/04/07 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2026-35201

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Discount is an implementation of John Gruber's Markdown markup language in C. From 1.3.1.1 to before 2.2.7.4, a signed length truncation bug causes an...

5.9CVSS5.9AI score0.00077EPSS

Exploits1References3

NVD•added 2026/04/06 8:16 p.m.•0 views

CVE-2026-35201

5.9CVSS0.00077EPSS

Exploits1References1

OSV•added 2026/04/06 8:16 p.m.•1 views

UBUNTU-CVE-2026-35201

5.9CVSS5.9AI score0.00077EPSS

Exploits1References3

Debian CVE•added 2026/04/06 7:49 p.m.•3 views

CVE-2026-35201

5.9CVSS4.8AI score0.00077EPSS

Exploits1

ATTACKERKB•added 2026/04/06 7:49 p.m.•0 views

CVE-2026-35201

5.9CVSS6AI score0.00077EPSS

Exploits1References2Affected Software1

AlpineLinux•added 2026/04/06 7:49 p.m.•0 views

CVE-2026-35201

5.9CVSS7.3AI score0.00077EPSS

Exploits1References1

CVE•added 2026/04/06 7:49 p.m.•45 views

CVE-2026-35201

Discount is an implementation of John Gruber's Markdown in C (rdiscount). A signed length truncation bug in the default Markdown parse path affects inputs from 1.3.1.1 up to before 2.2.7.4, enabling an out-of-bounds read and potentially crashing the process. The vulnerability arises when input le...

5.9CVSS6AI score0.00077EPSS

Exploits1References1Affected Software1

CNNVD•added 2026/04/06 12:0 a.m.•3 views

discount 缓冲区错误漏洞

Discount is a Markdown language parsing and conversion tool developed by Orc developers. Versions of Discount from 1.3.1.1 to 2.2.7.4 contained a buffer error vulnerability. This vulnerability stemmed from a signed length truncation error, which could lead to out-of-bounds reads and process crash...

5.9CVSS7.3AI score0.00077EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by