Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

43 matches found

NVD
NVDadded 2026/05/15 7:17 p.m.5 views

CVE-2026-45800

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an authenticated SQL injection issue in the frontend user order history page in Vvveb CMS. A normal frontend user can log in and access /user/orders. The orderby and...

8.7CVSS0.00011EPSS
Exploits0References1
CVE
CVEadded 2026/05/15 6:44 p.m.9 views

CVE-2026-45800

Summary: CVE-2026-45800 affects the Vvveb CMS prior to version 1.0.8.3. The vulnerability is an authenticated SQL injection in the frontend order history page (/user/orders). The order_by and direction parameters are taken from the URL, propagated through the Orders component, and directly concat...

8.7CVSS5.9AI score0.00011EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/15 6:44 p.m.3 views

CVE-2026-45800 Vvveb: Authenticated SQL injection in /user/orders via order_by and direction

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an authenticated SQL injection issue in the frontend user order history page in Vvveb CMS. A normal frontend user can log in and access /user/orders. The orderby and...

8.7CVSS5.9AI score0.00011EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/05/13 12:0 a.m.6 views

PT-2026-40812

Name of the Vulnerable Software and Affected Versions CubeCart versions prior to 6.7.0 Description The admin orders-transactions listing page at 'admin.php? g=orders&node=transactions' constructs a raw ORDER BY SQL fragment using the sort array from the $ GET variable without validating the colum...

4.9CVSS6.1AI score0.00039EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/03/02 12:0 a.m.1 views

CVE-2026-26710

code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/edit-orders.php...

9.8CVSS6AI score0.00049EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/03/02 12:0 a.m.28 views

CVE-2026-26710

code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/edit-orders.php...

0.00049EPSS
Exploits1References1
CVE
CVEadded 2026/02/05 12:0 a.m.5 views

CVE-2025-70791

CVE-2025-70791 : Microweber 2.0.19 has a Cross-Site Scripting vulnerability in the "/admin/order/abandoned" endpoint. The issue arises from accepting and manipulating the orderDirection parameter in a crafted URL, which can lure a user with admin privileges into visiting it and result in JavaScri...

6.1CVSS6.1AI score0.0002EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVEadded 2026/02/01 3:19 p.m.6 views

CVE-2025-14554

The Sell BTC - Cryptocurrency Selling Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'orderformdata' AJAX action in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS6AI score0.00083EPSS
Exploits0References1
EUVD
EUVDadded 2026/01/31 1:24 p.m.4 views

EUVD-2025-206583

The Sell BTC - Cryptocurrency Selling Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'orderformdata' AJAX action in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS6AI score0.00083EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2026/01/31 1:24 p.m.3 views

CVE-2025-14554 Sell BTC - Cryptocurrency Selling Calculator <= 1.5 - Unauthenticated Stored Cross-Site Scripting via 'orderform_data' AJAX Action

The Sell BTC - Cryptocurrency Selling Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'orderformdata' AJAX action in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS5.6AI score0.00083EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2026/01/31 12:0 a.m.4 views

PT-2026-5543

Name of the Vulnerable Software and Affected Versions Sell BTC - Cryptocurrency Selling Calculator plugin for WordPress versions prior to 1.5. Description The Sell BTC - Cryptocurrency Selling Calculator plugin for WordPress is susceptible to Stored Cross-Site Scripting through the orderform data...

7.2CVSS5.7AI score0.00083EPSS
Exploits0References13
RedhatCVE
RedhatCVEadded 2026/01/21 12:30 a.m.6 views

CVE-2025-67261

Abacre Retail Point of Sale 14.0.0.396 is vulnerable to content-based blind SQL injection. The vulnerability exists in the Search function of the Orders page...

6.5CVSS5.7AI score0.00042EPSS
Exploits2References1
ATTACKERKB
ATTACKERKBadded 2026/01/20 12:0 a.m.2 views

CVE-2025-67261

Abacre Retail Point of Sale 14.0.0.396 is vulnerable to content-based blind SQL injection. The vulnerability exists in the Search function of the Orders page...

6.5CVSS5.6AI score0.00042EPSS
Exploits2References3
CVE
CVEadded 2026/01/20 12:0 a.m.10 views

CVE-2025-67261

CVE-2025-67261 affects Abacre Retail Point of Sale 14.0.0.396. The issue is a content-based blind SQL injection in the Orders page &gt; Search function. Technical evidence shows exploit payloads attempting to infer database structure (e.g., existence of Client table via EXISTS(SELECT 1 FROM Clien...

6.5CVSS5.7AI score0.00042EPSS
Exploits2References2Affected Software1
Packet Storm
Packet Stormadded 2026/01/19 12:0 a.m.141 views

📄 Abacre Retail Point of Sale 14.0.0.396 SQL Injection

Abacre Retail Point of Sale version 14.0.0.396 suffers from a remote blind SQL injection vulnerability. CVE-2025-67261 - Content-based blind SQL injection on Abacre Retail Point of Sale 14.0.0.396 Abacre Retail Point of Sale 14.0.0.396 is vulnerable to content-based blind SQL injection. The...

6.5CVSS5.8AI score0.00042EPSS
Exploits2
EUVD
EUVDadded 2025/11/03 6:31 p.m.2 views

EUVD-2025-37493

Water Management System v1.0 is vulnerable to Cross Site Scripting XSS in /orders.php...

5.4CVSS5.7AI score0.00041EPSS
Exploits1References2
NVD
NVDadded 2025/11/03 4:15 p.m.1 views

CVE-2025-63449

Water Management System v1.0 is vulnerable to Cross Site Scripting XSS in /orders.php...

5.4CVSS0.00041EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2025/11/03 12:0 a.m.2 views

CVE-2025-63449

Water Management System v1.0 is vulnerable to Cross Site Scripting XSS in /orders.php...

5.8AI score0.00041EPSS
Exploits1References1
Cvelist
Cvelistadded 2025/11/03 12:0 a.m.3 views

CVE-2025-63449

Water Management System v1.0 is vulnerable to Cross Site Scripting XSS in /orders.php...

0.00041EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/10/13 5:29 a.m.2 views

CVE-2025-11604

A vulnerability was determined in projectworlds Online Ordering Food System 1.0. This issue affects some unknown processing of the file /all-orders.php. This manipulation of the argument Status causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly...

9.8CVSS7AI score0.00046EPSS
Exploits1References1
Rows per page
Query Builder