Lucene search
K

9084 matches found

EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42175

The Bulk Order Update for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 1.6. This is due to the bouwfetchcsvdata AJAX handler being registered on the wpajaxnopriv hook with no capability or nonce check, and passing the attacker-supplied...

5.3CVSS6.1AI score0.00333EPSS
Exploits0References4
CVE
CVE
added 5 days ago9 views

CVE-2026-14500

The CVE-2026-14500 entry concerns the Bulk Order Update for WooCommerce plugin for WordPress (

5.3CVSS6.1AI score0.00333EPSS
Exploits0References4
NVD
NVD
added last week9 views

CVE-2026-53644

FOSSBilling is a free, open-source billing and client management system. Versions 0.5.3 through 0.7.2 allow authenticated clients to both read and reset API key service secrets for orders that are no longer in an active state e.g., suspended, canceled. The root cause is missing order-state...

8.6CVSS0.00251EPSS
Exploits0References1
CVE
CVE
added last week9 views

CVE-2026-53644

CVE-2026-53644 (FOSSBilling) : Versions 0.5.3–0.7.2 allow authenticated clients to read and reset API key service secrets for orders not in an active state due to missing order-state validation in two client API endpoints, despite an isActive() helper existing in the Serviceapikey module. The iss...

8.6CVSS6AI score0.00251EPSS
Exploits0References1
CVE
CVE
added last week12 views

CVE-2026-43927

FOSSBilling has a race-condition vulnerability in the cart checkout flow that, before version 0.8.0, lets an authenticated user apply promo codes beyond their maxuses by sending concurrent checkout requests before usage increments complete. This can enable unlimited discounts or free orders from ...

6.9CVSS6AI score0.0022EPSS
Exploits0References1
OSV
OSV
added 2026/07/06 6:31 a.m.5 views

OESA-2026-2871 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrackexpect: use expect-helper Use expect-helper in ctnetlink and /proc to dump the helper name. Using nfcthelp without holding a reference to t...

9.8CVSS5.8AI score0.00612EPSS
Exploits0References15
BDU FSTEC
BDU FSTEC
added 2026/07/06 12:0 a.m.3 views

The vulnerability of the Internal Operations component of the “from order to payment” automation module in Oracle Receivables, a business automation system from Oracle E-Business Suite. This vulnerability allows a perpetrator to gain full control over the application.

The vulnerability of the Internal Operations component of the “from order to payment” automation module in Oracle Receivables, a business automation system from Oracle E-Business Suite, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker operating...

8.1CVSS5.9AI score0.00366EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.4 views

PT-2026-56037

Name of the Vulnerable Software and Affected Versions FOSSBilling versions 0.5.3 through 0.7.2 Description Authenticated clients can read and reset API key service secrets for orders that are not in an active state, such as suspended or canceled. This occurs due to missing order-state validation ...

8.6CVSS6AI score0.00251EPSS
Exploits0References5
NVD
NVD
added 2026/07/05 5:16 a.m.10 views

CVE-2026-14703

A vulnerability has been found in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /patientorder.php. Such manipulation of the argument editid leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and...

6.5CVSS0.002EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/05 5:15 a.m.32 views

CVE-2026-14713 SourceCodester Pizzafy E-Commerce System ajax.php confirm_order sql injection

A security flaw has been discovered in SourceCodester Pizzafy E-Commerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=confirmorder. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been...

7.5CVSS0.00263EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/05 5:15 a.m.7 views

CVE-2026-14713

A security flaw has been discovered in SourceCodester Pizzafy E-Commerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=confirmorder. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been...

7.5CVSS6.8AI score0.00263EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/07/05 5:15 a.m.17 views

CVE-2026-14713

SourceCodester Pizzafy E-Commerce System 1.0 is affected by a remote SQL injection in /admin/ajax.php?action=confirm_order caused by manipulating the ID parameter. The vulnerability allows remote exploitation and has publicly released PoC code. Documented metrics indicate high severity (CVSS up t...

7.5CVSS6.8AI score0.00263EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/05 5:15 a.m.14 views

EUVD-2026-41728

A security flaw has been discovered in SourceCodester Pizzafy E-Commerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=confirmorder. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been...

7.5CVSS6.8AI score0.00263EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/05 4:15 a.m.8 views

EUVD-2026-41722

A vulnerability has been found in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /patientorder.php. Such manipulation of the argument editid leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and...

6.5CVSS5.8AI score0.002EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/05 2:30 a.m.7 views

CVE-2026-14694

A vulnerability has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. Affected by this issue is the function cancelorder of the file classes/Master.php of the component POST Parameter Handler. The manipulation of the argument ID leads to sql injection. It is possible...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/07/05 2:15 a.m.8 views

EUVD-2026-41716

A flaw has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. Affected by this vulnerability is the function cancelorder of the file classes/Master.php. Executing a manipulation can lead to improper authorization. The attack may be performed from remote. The exploit h...

5.5CVSS5.6AI score0.0023EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/05 2:15 a.m.7 views

CVE-2026-14693

A flaw has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. Affected by this vulnerability is the function cancelorder of the file classes/Master.php. Executing a manipulation can lead to improper authorization. The attack may be performed from remote. The exploit h...

5.5CVSS5.8AI score0.0023EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/07/03 12:0 a.m.4 views

UBUNTU-CVE-2026-53358

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: use chan timer to close channels in cleanuplisten l2capchanclose removes the channel from conn-chanl, which must be done under conn-lock. cleanuplisten runs under the parent sklock, so acquiring conn-lock would...

5.8AI score0.00165EPSS
Exploits0References11
OSV
OSV
added 2026/07/02 7:46 p.m.4 views

GHSA-HHM7-QRV5-H4R6 Zebra: Repeated Non-Finalized Shielded Transaction Aborts Zebra Before Duplicate-Nullifier Rejection

Am I affected You are affected if: 1. You run zebrad up to and including v4.4.1. 2. Your node processes blocks past the checkpoint height non-finalized state is active. 3. The network has NU5 or later activated. All default configurations are affected. Summary Chain::push in the non-finalized sta...

5.9CVSS5.7AI score
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/07/02 7:17 p.m.6 views

CVE-2026-53358

A flaw was found in the Linux kernel's Bluetooth L2CAP Logical Link Control and Adaptation Protocol implementation. This vulnerability arises from an incorrect order of acquiring locks during channel cleanup, which could lead to a race condition. This issue could potentially cause instability or...

5.5CVSS5.8AI score0.00165EPSS
Exploits0References4
Rows per page
Query Builder