Lucene search
K

126 matches found

NVD
NVD
added 2026/07/06 10:16 p.m.7 views

CVE-2026-43925

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, an unauthenticated mass assignment vulnerability in the client self-registration endpoint allows any visitor to assign themselves to an arbitrary client group during sign-up. Because client groups can...

6.9CVSS0.00298EPSS
Exploits0References1
OSV
OSV
added 2026/07/06 9:49 p.m.4 views

CVE-2026-43927 FOSSBilling has race condition in cart checkout that bypasses promo code usage limits

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, a race condition in the cart checkout flow allows an authenticated client to apply a promo code beyond its configured maximum uses. By sending concurrent checkout requests before any single request...

6.9CVSS6AI score0.0022EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/06 9:49 p.m.5 views

CVE-2026-43927

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, a race condition in the cart checkout flow allows an authenticated client to apply a promo code beyond its configured maximum uses. By sending concurrent checkout requests before any single request...

6.9CVSS6AI score0.0022EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/06 9:49 p.m.31 views

CVE-2026-43927 FOSSBilling has race condition in cart checkout that bypasses promo code usage limits

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, a race condition in the cart checkout flow allows an authenticated client to apply a promo code beyond its configured maximum uses. By sending concurrent checkout requests before any single request...

6.9CVSS0.0022EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/06 9:41 p.m.36 views

CVE-2026-43925 FOSSBilling: Mass assignment of group_id in guest client registration allows unauthorized promo code use

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, an unauthenticated mass assignment vulnerability in the client self-registration endpoint allows any visitor to assign themselves to an arbitrary client group during sign-up. Because client groups can...

6.9CVSS0.00298EPSS
Exploits0References1
OSV
OSV
added 2026/07/06 9:41 p.m.4 views

CVE-2026-43925 FOSSBilling: Mass assignment of group_id in guest client registration allows unauthorized promo code use

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, an unauthenticated mass assignment vulnerability in the client self-registration endpoint allows any visitor to assign themselves to an arbitrary client group during sign-up. Because client groups can...

6.9CVSS6.1AI score0.00298EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.6 views

PT-2026-56030

Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description An unauthenticated mass assignment issue exists in the client self-registration endpoint. This allows a visitor to assign themselves to an arbitrary client group during the sign-up process. Since...

6.9CVSS6.1AI score0.00298EPSS
Exploits0References7
NVD
NVD
added 2026/06/26 3:16 p.m.7 views

CVE-2026-56048

Unauthenticated Insecure Direct Object References IDOR in Payment Gateway Based Fees and Discounts for WooCommerce = 3.0.0 versions...

6.5CVSS0.00242EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.11 views

CVE-2026-56048

Summary: CVE-2026-56048 concerns the WordPress plugin “Payment Gateway Based Fees and Discounts for WooCommerce” (versions ≤ 3.0.0). The vulnerability is described as an unauthenticated insecure direct object reference (IDOR). The connected documents confirm the affected product and root cause (I...

6.5CVSS5.8AI score0.00242EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.6 views

EUVD-2026-39709

Unauthenticated Insecure Direct Object References IDOR in Payment Gateway Based Fees and Discounts for WooCommerce = 3.0.0 versions...

6.5CVSS5.8AI score0.00242EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.37 views

CVE-2026-56048 WordPress Payment Gateway Based Fees and Discounts for WooCommerce plugin <= 3.0.0 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in Payment Gateway Based Fees and Discounts for WooCommerce = 3.0.0 versions...

6.5CVSS0.00242EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.9 views

PT-2026-52762

Name of the Vulnerable Software and Affected Versions Payment Gateway Based Fees and Discounts for WooCommerce versions prior to 3.0.1 Description An unauthenticated Insecure Direct Object Reference IDOR exists in the software. IDOR is a type of access control vulnerability that occurs when an...

6.5CVSS5.8AI score0.00242EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/06/25 9:16 a.m.6 views

WordPress Payment Gateway Based Fees and Discounts for WooCommerce plugin <= 3.0.0 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Jakub Herman in WordPress Plugin Payment Gateway Based Fees and Discounts for WooCommerce versions = 3.0.0...

6.5CVSS5.8AI score0.00242EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.5 views

PT-2026-31234

Missing Authorization vulnerability in shiptime ShipTime: Discounted Shipping Rates shiptime-discount-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShipTime: Discounted Shipping Rates: from n/a through = 1.1.1...

5.3CVSS5.9AI score0.0025EPSS
Exploits0References4
Snyk
Snyk
added 2025/11/27 3:49 p.m.3 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The package was flagged as malicious during the Sha1-hulud supply chain attack. Although the Sha1-hulud IoCs are not present within the package, the contents of the affected version were removed from the officia...

9.8CVSS6.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/24 11:37 p.m.7 views

Malicious code in @devx-commerce/plugin-discounts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 74de4ea6b81994c916a9fecaea82b1fa9c5a8bf24ad75dc6c755122b821ec169 The package @devx-commerce/plugin-discounts was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/07 1:46 p.m.4 views

CVE-2025-60784

A vulnerability in the XiaozhangBang Voluntary Like System V8.8 allows remote attackers to manipulate the zhekou parameter in the /topfirst.php Pay module, enabling unauthorized discounts. By sending a crafted HTTP POST request with zhekou set to an abnormally low value, an attacker can purchase...

6.5CVSS6.9AI score0.0036EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/05 12:0 a.m.3 views

EUVD-2025-37929

A vulnerability in the XiaozhangBang Voluntary Like System V8.8 allows remote attackers to manipulate the zhekou parameter in the /topfirst.php Pay module, enabling unauthorized discounts. By sending a crafted HTTP POST request with zhekou set to an abnormally low value, an attacker can purchase...

6.5CVSS6.4AI score0.0036EPSS
Exploits1References3
CVE
CVE
added 2025/11/05 12:0 a.m.23 views

CVE-2025-60784

Summary : CVE-2025-60784 affects XiaozhangBang Voluntary Like System V8.8. The vulnerable component is the Pay module function in the /topfirst.php endpoint, where the server fails to validate parameters. Impact : remote attackers can set zhekou to an abnormally low value to buy votes at reduced ...

6.5CVSS6.5AI score0.0036EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-17781

Malware in sbrugna...

6.1CVSS6.3AI score0.00679EPSS
Exploits0References2
Rows per page
Query Builder