Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.10 views

CVE-2026-5167

The Masteriyo LMS – Online Course Builder for eLearning, LMS & Education plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in versions up to and including 2.1.7. This is due to insufficient webhook signature verification in the handlewebhook function. The...

5.3CVSS5.6AI score0.00375EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/05 2:2 p.m.22 views

CVE-2025-14085 youlaitech youlai-mall orders improper control of dynamically-identified variables

A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. This impacts an unknown function of the file /app-api/v1/orders/. The manipulation of the argument orderId leads to improper control of dynamically-identified variables. Remote exploitation of the attack is possible. The exploi...

6.5CVSS0.00337EPSS
Exploits1References4
EUVD
EUVD
added 2025/12/05 2:2 p.m.6 views

EUVD-2025-201410

A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. This impacts an unknown function of the file /app-api/v1/orders/. The manipulation of the argument orderId leads to improper control of dynamically-identified variables. Remote exploitation of the attack is possible. The exploi...

6.5CVSS5.9AI score0.00337EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.6 views

PT-2025-49243

Name of the Vulnerable Software and Affected Versions youlaitech youlai-mall versions 1.0.0 through 2.0.0 Description A flaw exists in youlaitech youlai-mall that involves improper control of dynamically-identified variables. The issue is located within an unknown function of the...

8.8CVSS6.3AI score0.00337EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2025/11/13 12:0 a.m.6 views

PT-2025-46833

A vulnerability was detected in macrozheng mall-swarm up to 1.0.3. Affected by this issue is the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderID results in improper authorization. The attack can be launched remotely. The exploit is now public and may be...

6.5CVSS6.4AI score0.00208EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-32014

Malicious code in bioql PyPI...

6.6AI score0.00197EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/10/02 12:17 a.m.13 views

CVE-2025-59686

Kazaar 1.25.12 allows /api/v1/org-id/orders/order-id/documents calls with a modified order-id...

6.9AI score0.00197EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/09 2:2 p.m.8 views

CVE-2025-8755 macrozheng mall com.macro.mall.portal.controller UmsMemberController.java detail authorization

A vulnerability was found in macrozheng mall up to 1.0.3 and classified as problematic. This issue affects the function detail of the file UmsMemberController.java of the component com.macro.mall.portal.controller. The manipulation of the argument orderId leads to authorization bypass. The attack...

6.9CVSS0.00488EPSS
Exploits1References5
Rows per page
Query Builder