Lucene search
K

1129 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.8 views

CVE-2026-6417

The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failedorders' parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS5.7AI score0.00168EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.9 views

CVE-2026-9493

Service Center developed by BankPro E-Service Technology has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify the parameter of a specific query function to access other users' EC order details...

7.1CVSS5.5AI score0.00259EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.10 views

CVE-2026-45800

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an authenticated SQL injection issue in the frontend user order history page in Vvveb CMS. A normal frontend user can log in and access /user/orders. The orderby and...

8.7CVSS5.6AI score0.00265EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.8 views

CVE-2026-42746

Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Retrieve Embedded Sensitive Data.This issue affects Smart Online Order for Clover: from n/a through = 1.6.0...

7.3CVSS5.4AI score0.00188EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.6 views

CVE-2026-42738

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Stored XSS.This issue affects Smart Online Order for Clover: from n/a through = 1.6.0...

7.1CVSS5.4AI score0.00146EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.8 views

CVE-2026-42745

Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Authentication Bypass.This issue affects Smart Online Order for Clover: from n/a through = 1.6.0...

7.3CVSS5.4AI score0.00229EPSS
Exploits0References1
OSV
OSV
added 2026/06/04 7:33 p.m.9 views

GHSA-9V5M-39WH-5CHQ Shopware: Unauthorized Payment Trigger for Foreign Orders via /store-api/handle-payment

Summary The Shopware Store API endpoint /store-api/handle-payment contains an object-level authorization flaw that allows a low-privileged external user with a normal customer or guest context to trigger the payment flow for another user’s order by supplying a foreign orderId. The affected...

4.3CVSS5.7AI score0.0005EPSS
Exploits0References4
HackRead
HackRead
added 2026/06/01 10:46 a.m.17 views

Fake Purchase Order Emails Spread Fileless PureLogs Malware via RAR Archives

Hackers are using fake purchase order emails and process hollowing to deploy fileless PureLogs malware to steal Windows users' browser, crypto, and Discord data...

5.8AI score
Exploits0
NVD
NVD
added 2026/05/29 7:16 p.m.15 views

CVE-2026-47740

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple Filament actions on the admin Order detail and Order shipments table were callable by an authenticated low-privilege user without the permission required to mutate orders. The order detail actions cancel, mark paid, mark...

8.1CVSS0.00258EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/29 6:3 p.m.34 views

CVE-2026-47740 Shopper: Authorization bypass in multiple Livewire admin components

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple Filament actions on the admin Order detail and Order shipments table were callable by an authenticated low-privilege user without the permission required to mutate orders. The order detail actions cancel, mark paid, mark...

8.1CVSS0.00258EPSS
Exploits0References2
CVE
CVE
added 2026/05/29 6:3 p.m.21 views

CVE-2026-47740

Shopper: Authorization bypass vulnerability in a headless e-commerce Admin Panel. Before 2.8.0, multiple Filament actions on the admin Order detail and Order shipments tables could be invoked by an authenticated user with only read_orders or browse_orders permissions, without needing edit_orders....

8.1CVSS5.8AI score0.00258EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/29 5:58 p.m.32 views

CVE-2026-47744 Shopper: Authorization bypass and RBAC privilege escalation in team settings

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct authorization defects in the team settings allowed any authenticated panel user to take over the RBAC system. Settings/Team/Index had no mount authorization. Any authenticated user could load the page and use its public...

9.9CVSS0.00321EPSS
Exploits0References1
NVD
NVD
added 2026/05/29 7:16 a.m.20 views

CVE-2026-9493

Service Center developed by BankPro E-Service Technology has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify the parameter of a specific query function to access other users' EC order details...

7.1CVSS0.00259EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/29 5:54 a.m.14 views

CVE-2026-9493

Service Center developed by BankPro E-Service Technology has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify the parameter of a specific query function to access other users' EC order details...

7.1CVSS5.8AI score0.00259EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/29 5:54 a.m.14 views

EUVD-2026-33253

Service Center developed by BankPro E-Service Technology has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify the parameter of a specific query function to access other users' EC order details...

7.1CVSS5.8AI score0.00259EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

BankPro E-Service Service Center 安全漏洞

The BankPro E-Service Service Center is a digital banking service management platform provided by BankPro E-Service in Taiwan, China. There is a security vulnerability in the BankPro E-Service Service Center. This vulnerability stems from insecure direct object references, which may allow...

7.1CVSS5.8AI score0.00259EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/28 6:0 a.m.9 views

CVE-2026-7862

The Eupago Gateway For Woocommerce WordPress plugin before 4.7.2 does not properly restrict access to its refund request handler, allowing unauthenticated attackers to initiate refunds against any WooCommerce order using the merchant's payment gateway credentials, and for applicable payment...

5.8AI score0.00215EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 8:16 p.m.14 views

CVE-2026-42877

FacturaScripts is an open source accounting and invoicing software. In 2025.92 and earlier, a stored Cross-Site Scripting XSS vulnerability exists in the product search modal of sales Core/Lib/AjaxForms/SalesModalHTML.php and purchases documents Core/Lib/AjaxForms/PurchasesModalHTML.php. An...

5.4CVSS0.00165EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 6:37 p.m.9 views

EUVD-2026-32630

FacturaScripts is an open source accounting and invoicing software. In 2025.92 and earlier, a stored Cross-Site Scripting XSS vulnerability exists in the product search modal of sales Core/Lib/AjaxForms/SalesModalHTML.php and purchases documents Core/Lib/AjaxForms/PurchasesModalHTML.php. An...

5.4CVSS5.9AI score0.00165EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 11:16 a.m.19 views

CVE-2026-42746

Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Retrieve Embedded Sensitive Data.This issue affects Smart Online Order for Clover: from n/a through = 1.6.0...

7.3CVSS0.00188EPSS
Exploits0References1
Rows per page
Query Builder