CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

27 matches found

Github Security Blog•added 2026/04/14 1:1 a.m.•4 views

Craft Commerce has an unauthenticated information disclosure that can leak some customer order data on anonymous payments

Summary PaymentsController::actionPay discloses some order data to unauthenticated users when an order number is provided and the email check fails during an anonymous payment. The JSON error response includes the serialized order object order, which contains some sensitive fields such as custome...

6.3CVSS5.8AI score0.0009EPSS

Exploits0References6Affected Software1

Positive Technologies•added 2026/02/02 12:0 a.m.•2 views

PT-2026-6301

Name of the Vulnerable Software and Affected Versions CI4MS versions prior to 0.28.5.0 Description CI4MS, a CodeIgniter 4-based CMS skeleton, contains a flaw in its authentication implementation that allows an unauthenticated attacker to determine if an email address is registered within the...

5.3CVSS5.5AI score0.00027EPSS

Exploits0References9

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2019-9403

Malware in sbrugna...

5.3CVSS5.6AI score0.00358EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2005-0494

Malware in sbrugna...

5CVSS6.4AI score0.00219EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-32494

Malicious code in bioql PyPI...

5.3CVSS6.5AI score0.00512EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-2704

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00167EPSS

Exploits1References7

OSV•added 2025/01/21 9:15 p.m.•0 views

CVE-2024-57542

Linksys E8450 v1.2.00.360516 was discovered to contain a command injection vulnerability via the field idemailcheckbtn...

8.8CVSS5.8AI score0.01604EPSS

Exploits1References1

CNNVD•added 2025/01/21 12:0 a.m.•1 views

Linksys E8450 操作系统命令注入漏洞

The Linksys E8450 is a router from Linksys USA. A command injection vulnerability exists in the Linksys E8450 v1.2.00.360516, which stems from idemailcheckbtn failing to correctly filter constructed command special characters, commands, and more. An attacker can exploit this vulnerability to caus...

8.8CVSS7.5AI score0.01604EPSS

Exploits1References2

CNNVD•added 2024/11/18 12:0 a.m.•1 views

GLPI 信息泄露漏洞

GLPI is an open source IT and asset management software from GLPI Open Source. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

7.5CVSS4.3AI score0.24448EPSS

Exploits1References2

CNNVD•added 2023/11/22 12:0 a.m.•3 views

WordPress Plugin WP EXtra Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

4.3CVSS6.5AI score0.00065EPSS

Exploits0References3

vulnersOsv•added 2023/10/25 6:32 p.m.•0 views

node-js-1408 (=1.0.0), node-js-1409 (=1.0.0) potentially affected by CVE-2023-39619 via node-email-check (=1.0.4)

node-email-check NPM version =1.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on node-email-check and may be impacted: - node-js-1408 =1.0.0 - node-js-1409 =1.0.0 Source cves: CVE-2023-39619 Source advisory: OSV:GHSA-9242-6P36-6256...

7.5CVSS7.1AI score0.00167EPSS

Exploits1

OSV•added 2023/10/25 6:32 p.m.•0 views

GHSA-9242-6P36-6256 Inefficient Regular Expression Complexity in node-email-check