Lucene search
K

3007 matches found

EUVD
EUVD
added 2026/04/08 5:22 p.m.12 views

EUVD-2026-20532

Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a malicious actor can include many GraphQL mutations or queries in a single API call using aliases or chaining multiple mutations, resulting in resource exhaustion. This vulnerability is fixed in...

7.5CVSS5.9AI score0.00268EPSS
Exploits0References1
Securelist
Securelist
added 2026/04/08 9:0 a.m.4 views

Financial cyberthreats in 2025 and the outlook for 2026

In 2025, the financial cyberthreat landscape continued to evolve. While traditional PC banking malware declined in relative prevalence, this shift was offset by the rapid growth of credential theft by infostealers. Attackers increasingly relied on aggregation and reuse of stolen data, rather than...

5.8AI score
Exploits0
NVD
NVD
added 2026/03/24 12:16 a.m.3 views

CVE-2026-4613

A vulnerability was found in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown code of the file /products.php. The manipulation of the argument Search results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

7.5CVSS0.00259EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.9 views

SourceCodester E-Commerce Site SQL注入漏洞

SourceCodester E-Commerce Site is an e-commerce website developed under open source by SourceCodester. Version 1.0 of SourceCodester E-Commerce Site has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter Search in the file /products.php, which may le...

7.5CVSS7.1AI score0.00259EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/23 11:4 p.m.27 views

CVE-2026-4613 SourceCodester E-Commerce Site products.php sql injection

A vulnerability was found in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown code of the file /products.php. The manipulation of the argument Search results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

7.5CVSS0.00259EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/23 11:4 p.m.2 views

CVE-2026-4613

A vulnerability was found in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown code of the file /products.php. The manipulation of the argument Search results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

7.5CVSS6.9AI score0.00259EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/03/23 11:4 p.m.10 views

CVE-2026-4613

SourceCodester E-Commerce Site 1.0 contains an SQL injection in the /products.php file triggered by the Search parameter. The vulnerability is exploitable remotely with a Proof-of-Concept exploit documented, affecting unknown code paths in the file. Reported CVSS metrics indicate high impact on c...

7.5CVSS6.9AI score0.00259EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.5 views

PT-2026-27258

A vulnerability was found in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown code of the file /products.php. The manipulation of the argument Search results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

7.5CVSS6.9AI score0.00259EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/02/27 7:44 p.m.4 views

CVE-2025-14343

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Dokuzsoft Technology Ltd. E-Commerce Product allows Reflected XSS.This issue affects E-Commerce Product: through 10122025...

7.6CVSS5.9AI score0.00185EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/27 12:31 p.m.7 views

EUVD-2025-208137

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Dayneks Software Industry and Trade Inc. E-Commerce Platform allows SQL Injection.This issue affects E-Commerce Platform: through 27022026. NOTE: The vendor was contacted early about this disclosur...

9.8CVSS5.9AI score0.00395EPSS
Exploits0References2
NVD
NVD
added 2026/02/27 12:16 p.m.9 views

CVE-2025-11251

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Dayneks Software Industry and Trade Inc. E-Commerce Platform allows SQL Injection. This issue affects E-Commerce Platform: through 27022026. NOTE: The vendor was contacted early about this disclosu...

9.8CVSS0.00395EPSS
Exploits0References2
CVE
CVE
added 2026/02/27 11:58 a.m.11 views

CVE-2025-11251

CVE-2025-11251 concerns an SQL Injection vulnerability in Dayneks Software Industry and Trade Inc. E-Commerce Platform. The issue stems from improper neutralization of special elements in SQL commands, allowing potentially untrusted input to affect query logic. Affected vector is network-based, w...

9.8CVSS5.5AI score0.00395EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/27 11:58 a.m.6 views

CVE-2025-11251 SQLi in Dayneks Software's E-Commerce Platform

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Dayneks Software Industry and Trade Inc. E-Commerce Platform allows SQL Injection. This issue affects E-Commerce Platform: through 27022026. NOTE: The vendor was contacted early about this disclosu...

9.8CVSS5.8AI score0.00395EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/27 11:58 a.m.25 views

CVE-2025-11251 SQLi in Dayneks Software's E-Commerce Platform

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Dayneks Software Industry and Trade Inc. E-Commerce Platform allows SQL Injection. This issue affects E-Commerce Platform: through 27022026. NOTE: The vendor was contacted early about this disclosu...

9.8CVSS0.00395EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.8 views

Dayneks E-Commerce Platform SQL注入漏洞

Dayneks E-Commerce Platform is an e-commerce platform developed by the Turkish company Dayneks. Versions of Dayneks E-Commerce Platform dated back to February 27, 2026, and earlier contained a SQL injection vulnerability. This vulnerability stemmed from improper handling of special elements withi...

9.8CVSS5.9AI score0.00395EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/26 3:30 p.m.8 views

EUVD-2025-208120

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Dokuzsoft Technology Ltd. E-Commerce Product allows Reflected XSS.This issue affects E-Commerce Product: through 10122025...

7.6CVSS5.3AI score0.00185EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/26 12:6 p.m.7 views

CVE-2025-14343

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Dokuzsoft Technology Ltd. E-Commerce Product allows Reflected XSS. This issue affects E-Commerce Product: through 10122025...

7.6CVSS5.8AI score0.00185EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/26 12:6 p.m.24 views

CVE-2025-14343 Reflected XSS in Dokuzsoft Technology's E-Commerce Product

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Dokuzsoft Technology Ltd. E-Commerce Product allows Reflected XSS. This issue affects E-Commerce Product: through 10122025...

7.6CVSS0.00185EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/26 12:6 p.m.6 views

CVE-2025-14343 Reflected XSS in Dokuzsoft Technology's E-Commerce Product

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Dokuzsoft Technology Ltd. E-Commerce Product allows Reflected XSS. This issue affects E-Commerce Product: through 10122025...

7.6CVSS5.8AI score0.00185EPSS
Exploits0References2
CVE
CVE
added 2026/02/26 12:6 p.m.8 views

CVE-2025-14343

CVE-2025-14343 is a Reflected XSS vulnerability in Dokuzsoft Technology Ltd. E-Commerce Product (affected through version 10122025) caused by improper neutralization of input during web page generation. The issue enables reflected XSS without authentication, with a CVSS 3.1 base score of 7.6 (AV:...

7.6CVSS5.2AI score0.00185EPSS
Exploits0References2
Rows per page
Query Builder