Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

23 matches found

Positive Technologies
Positive Technologiesadded 2026/01/12 12:0 a.m.2 views

PT-2026-2300

Name of the Vulnerable Software and Affected Versions xmall version 1.1 Description An issue exists in xmall version 1.1 related to access control. Specifically, the /member/orderList API endpoint allows unauthorized access to other users' order details. This is achieved by manipulating the userI...

8.2CVSS6.6AI score0.00065EPSS
Exploits1References4
CVE
CVEadded 2026/01/12 12:0 a.m.9 views

CVE-2023-36331

CVE-2023-36331 affects xmall v1.1. The /member/orderList API has improper access control that lets an attacker read other users’ order details by manipulating the userId query parameter. The CVSS 3.1 base score is 8.2 (NETWORK, LOW attack complexity, no privileges required, confidentiality impact...

8.2CVSS6.5AI score0.00065EPSS
Exploits1References1Affected Software1
EUVD
EUVDadded 2026/01/12 12:0 a.m.2 views

EUVD-2023-40299

Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily access other users' order details via manipulation of the query parameter userId...

8.2CVSS6.3AI score0.00065EPSS
Exploits1References2
CNNVD
CNNVDadded 2026/01/12 12:0 a.m.2 views

xmall 安全漏洞

XMall is a distributed e-commerce shopping mall based on SOA architecture by the individual developer of Exrick. A security vulnerability exists in version 1.1 of xmall, which stems from improper access control of the /member/orderList API, and could lead to an attacker accessing other users' ord...

8.2CVSS6.6AI score0.00065EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2025/12/16 7:44 a.m.2 views

CVE-2025-14710

A vulnerability was detected in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This affects an unknown part of the file /controller/api/OrderList.php. The manipulation of the argument telephone results in sql injection. The attack can be executed remotely. The exploit ...

7.5CVSS6.7AI score0.00036EPSS
Exploits1References1
OSV
OSVadded 2025/12/15 8:15 a.m.2 views

CVE-2025-14710

A vulnerability was detected in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This affects an unknown part of the file /controller/api/OrderList.php. The manipulation of the argument telephone results in sql injection. The attack can be executed remotely. The exploit ...

9.8CVSS5.7AI score
Exploits0References4
Vulnrichment
Vulnrichmentadded 2025/12/15 7:32 a.m.2 views

CVE-2025-14710 FantasticLBP Hotels Server OrderList.php sql injection

A vulnerability was detected in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This affects an unknown part of the file /controller/api/OrderList.php. The manipulation of the argument telephone results in sql injection. The attack can be executed remotely. The exploit ...

7.5CVSS6.3AI score0.00036EPSS
Exploits1References4
CVE
CVEadded 2025/12/15 7:32 a.m.11 views

CVE-2025-14710

The connected Red Hat/CVE and NVD entries confirm CVE-2025-14710 affects FantasticLBP Hotels Server, specifically a SQL injection in /controller/api/OrderList.php via the telephone parameter. Exploitation is remote and publicly available, with the issue tied to a rolling-release deployment where ...

9.8CVSS6.3AI score0.00036EPSS
Exploits1References4Affected Software1
CNNVD
CNNVDadded 2025/12/15 12:0 a.m.3 views

FantasticLBP Hotels Server SQL注入漏洞

FantasticLBP Hotels Server is a hotel reservation system backend management system by FantasticLBP individual developers. FantasticLBP Hotels Server suffers from a SQL injection vulnerability, which stems from the incorrect manipulation of the parameter telephone in the file...

9.8CVSS7.8AI score0.00036EPSS
Exploits1References4
RedhatCVE
RedhatCVEadded 2025/11/17 9:7 a.m.8 views

CVE-2025-13168

A weakness has been identified in ury-erp ury up to 0.2.0. This affects the function overridedpastorderlist of the file ury/ury/api/posextend.py. This manipulation of the argument searchterm causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available t...

6.5CVSS6.8AI score0.00041EPSS
Exploits1References1
NVD
NVDadded 2025/11/14 3:15 p.m.3 views

CVE-2025-13168

A weakness has been identified in ury-erp ury up to 0.2.0. This affects the function overridedpastorderlist of the file ury/ury/api/posextend.py. This manipulation of the argument searchterm causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available t...

9.8CVSS0.00041EPSS
Exploits1References7
CVE
CVEadded 2025/11/14 3:2 p.m.7 views

CVE-2025-13168

Summary : CVE-2025-13168 affects the ury-erp component “ury” up to version 0.2.0. The vulnerability stems from the function overrided_past_order_list in file ury/ury/api/pos_extend.py where improper handling of the search_term argument enables an SQL injection. This allows remote exploitation, an...

9.8CVSS6.4AI score0.00041EPSS
Exploits1References7Affected Software1
Cvelist
Cvelistadded 2025/11/14 3:2 p.m.10 views

CVE-2025-13168 ury-erp ury pos_extend.py overrided_past_order_list sql injection

A weakness has been identified in ury-erp ury up to 0.2.0. This affects the function overridedpastorderlist of the file ury/ury/api/posextend.py. This manipulation of the argument searchterm causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available t...

6.5CVSS0.00041EPSS
Exploits1References7
Positive Technologies
Positive Technologiesadded 2025/11/14 12:0 a.m.3 views

PT-2025-46957

Name of the Vulnerable Software and Affected Versions ury-erp ury versions up to 0.2.0 Description A weakness exists in ury-erp ury that allows for SQL injection. This issue is related to the manipulation of the search term argument within the overrided past order list function located in the fil...

9.8CVSS6.4AI score0.00041EPSS
Exploits1References13
RedhatCVE
RedhatCVEadded 2025/05/23 2:58 a.m.2 views

CVE-2023-1165

A vulnerability was found in Zhong Bang CRMEB Java 1.3.4. It has been classified as critical. This affects an unknown part of the file /api/admin/system/store/order/list. The manipulation of the argument keywords leads to sql injection. The exploit has been disclosed to the public and may be used...

7.2CVSS7.6AI score0.00426EPSS
Exploits1References1
CNNVD
CNNVDadded 2024/01/11 12:0 a.m.2 views

Pimcore Security Vulnerability

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, ecommerce framework and product information management applications. A security vulnerability exists in Pimcore...

4.3CVSS6.6AI score0.00006EPSS
Exploits1References5
CNNVD
CNNVDadded 2023/06/07 12:0 a.m.2 views

WordPress Plugin Welcart e-Commerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.WordPress plugin i...

7.5CVSS5.8AI score0.00935EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2023/06/07 12:0 a.m.2 views

PT-2023-12464 · WordPress · Welcart E-Commerce

Name of the Vulnerable Software and Affected Versions: Welcart e-Commerce plugin for WordPress versions up to and including 2.2.7 Description: The issue is related to missing capability checks on certain functions, specifically download orderdetail list, change orderlist, and download member list...

7.5CVSS5.1AI score0.00935EPSS
Exploits1References4
OSV
OSVadded 2023/03/03 8:15 a.m.13 views

CVE-2023-1165

A vulnerability was found in Zhong Bang CRMEB Java 1.3.4. It has been classified as critical. This affects an unknown part of the file /api/admin/system/store/order/list. The manipulation of the argument keywords leads to sql injection. The exploit has been disclosed to the public and may be used...

7.2CVSS7.6AI score
Exploits0References3
Prion
Prionadded 2023/03/03 8:15 a.m.15 views

Sql injection

A vulnerability was found in Zhong Bang CRMEB Java 1.3.4. It has been classified as critical. This affects an unknown part of the file /api/admin/system/store/order/list. The manipulation of the argument keywords leads to sql injection. The exploit has been disclosed to the public and may be used...

5.2CVSS7.3AI score0.00426EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder