Lucene search
K

4 matches found

OSV
OSV
added 2026/02/06 10:37 p.m.7 views

CVE-2026-25757 Unauthenticated Spree Commerce users can view completed guest orders by Order ID

Spree is an open source e-commerce solution built with Ruby on Rails. Prior to versions 5.0.8, 5.1.10, 5.2.7, and 5.3.2, unauthenticated users can view completed guest orders by Order ID. This issue may lead to disclosure of PII of guest users including names, addresses and phone numbers. This...

8.7CVSS5.3AI score0.00441EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.14 views

PT-2026-6726

Name of the Vulnerable Software and Affected Versions Spree versions prior to 5.0.8 Spree versions prior to 5.1.10 Spree versions prior to 5.2.7 Spree versions prior to 5.3.2 Description Spree, an open source e-commerce solution, contains a flaw where unauthenticated users can view completed gues...

8.7CVSS5.5AI score0.00441EPSS
Exploits1References15
Vulnrichment
Vulnrichment
added 2025/11/22 11:8 a.m.4 views

CVE-2025-13526 OneClick Chat to Order <= 1.0.8 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure

The OneClick Chat to Order plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.8 via the 'waorderthankyouoverride' function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view...

7.5CVSS5.2AI score0.00322EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-1402

Malware in sbrugna...

5.3CVSS5.3AI score0.00881EPSS
Exploits0References6
Rows per page
Query Builder