Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

35 matches found

RedhatCVE
RedhatCVEadded yesterday3 views

CVE-2026-47741

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, CreateOrderFromCartAction::execute previously created the Order row before checking and incrementing the discount's totaluse counter. Under concurrent checkout pressure Black Friday, flash sale, viral coupon, the global usagelimit was...

5.9CVSS5.5AI score0.00032EPSS
Exploits0References1
NVD
NVDadded 2026/05/29 7:16 p.m.7 views

CVE-2026-47741

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, CreateOrderFromCartAction::execute previously created the Order row before checking and incrementing the discount's totaluse counter. Under concurrent checkout pressure Black Friday, flash sale, viral coupon, the global usagelimit was...

5.9CVSS0.00032EPSS
Exploits0References3
CVE
CVEadded 2026/05/15 6:37 p.m.6 views

CVE-2026-44826

Vvveb CMS contains a vulnerability where the cart-add endpoint accepts a negative quantity before version 1.0.8.2. This allows negative line totals, subtotals, taxes, and grand totals, causing the merchant order to reflect a negative total and enabling a fraudulent “merchant owes customer money” ...

7.5CVSS5.8AI score0.0005EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/03/21 3:26 a.m.28 views

CVE-2026-3641 Appmax <= 1.0.3 - Missing Authorization to Order Status Manipulation and Arbitrary Order Creation via Webhook Endpoint

The Appmax plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 1.0.3. This is due to the plugin registering a public REST API webhook endpoint at /webhook-system without implementing webhook signature validation, secret verification, or any...

5.3CVSS0.00149EPSS
Exploits0References9
Vulnrichment
Vulnrichmentadded 2026/03/21 3:26 a.m.6 views

CVE-2026-3641 Appmax <= 1.0.3 - Missing Authorization to Order Status Manipulation and Arbitrary Order Creation via Webhook Endpoint

The Appmax plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 1.0.3. This is due to the plugin registering a public REST API webhook endpoint at /webhook-system without implementing webhook signature validation, secret verification, or any...

5.3CVSS5.9AI score0.00149EPSS
Exploits0References9
Patchstack
Patchstackadded 2026/02/03 6:4 a.m.3 views

WordPress Payment Button for PayPal plugin <= 1.2.3.41 - Missing Authorization to Unauthenticated Arbitrary Order Creation vulnerability

Missing Authorization to Unauthenticated Arbitrary Order Creation vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Payment Button for PayPal versions = 1.2.3.41...

5.3CVSS5.4AI score0.00393EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/01/17 3:24 a.m.3 views

CVE-2025-14463

The Payment Button for PayPal plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 1.2.3.41. This is due to the plugin exposing a public AJAX endpoint wppaypalcheckoutajaxprocessorder that processes checkout results without any authentication or...

5.3CVSS5.6AI score0.00393EPSS
Exploits0References7
Vulnrichment
Vulnrichmentadded 2026/01/17 3:24 a.m.1 views

CVE-2025-14463 Payment Button for PayPal <= 1.2.3.41 - Missing Authorization to Unauthenticated Arbitrary Order Creation

The Payment Button for PayPal plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 1.2.3.41. This is due to the plugin exposing a public AJAX endpoint wppaypalcheckoutajaxprocessorder that processes checkout results without any authentication or...

5.3CVSS5.8AI score0.00393EPSS
Exploits0References6
CNNVD
CNNVDadded 2026/01/09 12:0 a.m.1 views

GESTSUP SQL注入漏洞

GESTSUP is a software application from the French company GESTSUP. It is 100% web-based SUPport MANAGEMENT software that manages tickets and devices. A SQL injection vulnerability exists in GestSup 3.2.56 and prior versions, which stems from user-controlled inputs in the work order creation...

8.1CVSS7.7AI score0.00019EPSS
Exploits0References2
GithubExploit
GithubExploitadded 2025/11/06 9:38 a.m.404 views

Exploit for Improper Input Validation in Adobe Commerce

CVE-2025-54236 - Magento Remote Code Execution Exploit Des...

9.1CVSS8.7AI score0.72152EPSS
Exploits9
EUVD
EUVDadded 2025/10/03 8:7 p.m.14 views

EUVD-2025-4447

Malicious code in bioql PyPI...

5.3CVSS9.2AI score0.00246EPSS
Exploits0References3
CNVD
CNVDadded 2025/06/30 12:0 a.m.1 views

Inventory Management System createOrder.php File SQL Injection Vulnerability

Inventory Management System is an inventory management system. The Inventory Management System suffers from a SQL injection vulnerability that originates in the /phpaction/createOrder.php file, which does not adequately filter user input. An attacker can exploit this vulnerability by remotely...

9.8CVSS7.7AI score0.00204EPSS
Exploits1References1
OSV
OSVadded 2025/06/17 5:15 a.m.0 views

CVE-2025-6160

A vulnerability, which was classified as critical, has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /usercustomercreateorder.php. The manipulation of the argument userid leads to sql injection. The attack may be initiat...

9.8CVSS5.8AI score
Exploits0References5
RedhatCVE
RedhatCVEadded 2025/05/22 10:30 p.m.6 views

CVE-2022-24748

Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In versions prior to 6.4.8.2 it is possible to modify customers and to create orders without App Permission. This issue is a result of improper api route checking. Users are advised to upgra...

7.5CVSS6.6AI score0.00222EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/02/24 4:24 a.m.16 views

CVE-2024-13798

The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 2.3.5. This is due to insufficient verification on form fields. This makes it possible for unauthenticated attackers to create new orders for...

5.3CVSS6.7AI score0.00246EPSS
Exploits0References1
OSV
OSVadded 2025/02/22 5:15 a.m.0 views

CVE-2024-13798

The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 2.3.5. This is due to insufficient verification on form fields. This makes it possible for unauthenticated attackers to create new orders for...

5.3CVSS5.8AI score
Exploits0References2
NVD
NVDadded 2025/02/22 5:15 a.m.7 views

CVE-2024-13798

The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 2.3.5. This is due to insufficient verification on form fields. This makes it possible for unauthenticated attackers to create new orders for...

5.3CVSS0.00246EPSS
Exploits0References2
CVE
CVEadded 2025/02/22 4:21 a.m.46 views

CVE-2024-13798

CVE-2024-13798: Post Grid and Gutenberg Blocks – ComboBlocks for WordPress allows unauthenticated users to create orders and mark them paid due to insufficient form verification. Affected versions: all up to 2.3.5. Patch available: update to 2.3.5 (or newer) to remediate.

5.3CVSS5.2AI score0.00246EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2025/02/22 4:21 a.m.8 views

CVE-2024-13798 Post Grid and Gutenberg Blocks – ComboBlocks <= 2.3.5 - Unauthenticated Paid Order Creation

The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 2.3.5. This is due to insufficient verification on form fields. This makes it possible for unauthenticated attackers to create new orders for...

5.3CVSS5.2AI score0.00246EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/02/22 4:21 a.m.8 views

CVE-2024-13798 Post Grid and Gutenberg Blocks – ComboBlocks <= 2.3.5 - Unauthenticated Paid Order Creation

The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 2.3.5. This is due to insufficient verification on form fields. This makes it possible for unauthenticated attackers to create new orders for...

5.3CVSS0.00246EPSS
Exploits0References2
Rows per page
Query Builder