9084 matches found
EUVD-2026-42175
The Bulk Order Update for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 1.6. This is due to the bouwfetchcsvdata AJAX handler being registered on the wpajaxnopriv hook with no capability or nonce check, and passing the attacker-supplied...
CVE-2026-14500
The CVE-2026-14500 entry concerns the Bulk Order Update for WooCommerce plugin for WordPress (
CVE-2026-53644
FOSSBilling is a free, open-source billing and client management system. Versions 0.5.3 through 0.7.2 allow authenticated clients to both read and reset API key service secrets for orders that are no longer in an active state e.g., suspended, canceled. The root cause is missing order-state...
CVE-2026-53644
CVE-2026-53644 (FOSSBilling) : Versions 0.5.3–0.7.2 allow authenticated clients to read and reset API key service secrets for orders not in an active state due to missing order-state validation in two client API endpoints, despite an isActive() helper existing in the Serviceapikey module. The iss...
CVE-2026-43927
FOSSBilling has a race-condition vulnerability in the cart checkout flow that, before version 0.8.0, lets an authenticated user apply promo codes beyond their maxuses by sending concurrent checkout requests before usage increments complete. This can enable unlimited discounts or free orders from ...
OESA-2026-2871 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrackexpect: use expect-helper Use expect-helper in ctnetlink and /proc to dump the helper name. Using nfcthelp without holding a reference to t...
The vulnerability of the Internal Operations component of the “from order to payment” automation module in Oracle Receivables, a business automation system from Oracle E-Business Suite. This vulnerability allows a perpetrator to gain full control over the application.
The vulnerability of the Internal Operations component of the “from order to payment” automation module in Oracle Receivables, a business automation system from Oracle E-Business Suite, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker operating...
PT-2026-56037
Name of the Vulnerable Software and Affected Versions FOSSBilling versions 0.5.3 through 0.7.2 Description Authenticated clients can read and reset API key service secrets for orders that are not in an active state, such as suspended or canceled. This occurs due to missing order-state validation ...
CVE-2026-14703
A vulnerability has been found in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /patientorder.php. Such manipulation of the argument editid leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and...
CVE-2026-14713 SourceCodester Pizzafy E-Commerce System ajax.php confirm_order sql injection
A security flaw has been discovered in SourceCodester Pizzafy E-Commerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=confirmorder. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been...
CVE-2026-14713
A security flaw has been discovered in SourceCodester Pizzafy E-Commerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=confirmorder. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been...
CVE-2026-14713
SourceCodester Pizzafy E-Commerce System 1.0 is affected by a remote SQL injection in /admin/ajax.php?action=confirm_order caused by manipulating the ID parameter. The vulnerability allows remote exploitation and has publicly released PoC code. Documented metrics indicate high severity (CVSS up t...
EUVD-2026-41728
A security flaw has been discovered in SourceCodester Pizzafy E-Commerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=confirmorder. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been...
EUVD-2026-41722
A vulnerability has been found in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /patientorder.php. Such manipulation of the argument editid leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and...
CVE-2026-14694
A vulnerability has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. Affected by this issue is the function cancelorder of the file classes/Master.php of the component POST Parameter Handler. The manipulation of the argument ID leads to sql injection. It is possible...
EUVD-2026-41716
A flaw has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. Affected by this vulnerability is the function cancelorder of the file classes/Master.php. Executing a manipulation can lead to improper authorization. The attack may be performed from remote. The exploit h...
CVE-2026-14693
A flaw has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. Affected by this vulnerability is the function cancelorder of the file classes/Master.php. Executing a manipulation can lead to improper authorization. The attack may be performed from remote. The exploit h...
UBUNTU-CVE-2026-53358
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: use chan timer to close channels in cleanuplisten l2capchanclose removes the channel from conn-chanl, which must be done under conn-lock. cleanuplisten runs under the parent sklock, so acquiring conn-lock would...
GHSA-HHM7-QRV5-H4R6 Zebra: Repeated Non-Finalized Shielded Transaction Aborts Zebra Before Duplicate-Nullifier Rejection
Am I affected You are affected if: 1. You run zebrad up to and including v4.4.1. 2. Your node processes blocks past the checkpoint height non-finalized state is active. 3. The network has NU5 or later activated. All default configurations are affected. Summary Chain::push in the non-finalized sta...
CVE-2026-53358
A flaw was found in the Linux kernel's Bluetooth L2CAP Logical Link Control and Adaptation Protocol implementation. This vulnerability arises from an incorrect order of acquiring locks during channel cleanup, which could lead to a race condition. This issue could potentially cause instability or...