Lucene search
K

1131 matches found

NVD
NVD
added 2026/05/27 11:16 a.m.19 views

CVE-2026-42746

Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Retrieve Embedded Sensitive Data.This issue affects Smart Online Order for Clover: from n/a through = 1.6.0...

7.3CVSS0.00188EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 11:16 a.m.16 views

CVE-2026-42745

Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Authentication Bypass.This issue affects Smart Online Order for Clover: from n/a through = 1.6.0...

7.3CVSS0.00229EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 9:49 a.m.14 views

EUVD-2026-32195

Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Retrieve Embedded Sensitive Data.This issue affects Smart Online Order for Clover: from n/a through = 1.6.0...

7.3CVSS5.8AI score0.00188EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 9:49 a.m.7 views

CVE-2026-42746

Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Retrieve Embedded Sensitive Data.This issue affects Smart Online Order for Clover: from n/a through = 1.6.0...

7.3CVSS5.8AI score0.00188EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/27 9:49 a.m.7 views

CVE-2026-42745

Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Authentication Bypass.This issue affects Smart Online Order for Clover: from n/a through = 1.6.0...

7.3CVSS5.8AI score0.00229EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/27 9:49 a.m.12 views

CVE-2026-42738 WordPress Smart Online Order for Clover plugin <= 1.6.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Stored XSS.This issue affects Smart Online Order for Clover: from n/a through = 1.6.0...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 9:49 a.m.31 views

CVE-2026-42738 WordPress Smart Online Order for Clover plugin <= 1.6.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Stored XSS.This issue affects Smart Online Order for Clover: from n/a through = 1.6.0...

7.1CVSS0.00146EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 9:49 a.m.9 views

CVE-2026-42738

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Stored XSS.This issue affects Smart Online Order for Clover: from n/a through = 1.6.0...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-43654

Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Authentication Bypass.This issue affects Smart Online Order for Clover: from n/a through = 1.6.0...

7.3CVSS5.8AI score0.00229EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.16 views

PT-2026-43655

Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Retrieve Embedded Sensitive Data.This issue affects Smart Online Order for Clover: from n/a through = 1.6.0...

7.3CVSS5.8AI score0.00188EPSS
Exploits0References2
OSV
OSV
added 2026/05/20 1:22 a.m.7 views

MAL-2026-4643 Malicious code in polymarket-clob-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e0a3a7bbeb25fb478d59cdd4b62ebb34c13e8e236505813660e81abf61e74ec The package is published as polymarket-clob-client, an unscoped lookalike of the legitimate @polymarket/clob-client maintained by Polymarket, but the...

5.9AI score
Exploits0References1
NVD
NVD
added 2026/05/19 7:16 a.m.21 views

CVE-2025-15609

The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like past orders, PII, etc...

7.5CVSS0.00404EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/19 6:0 a.m.9 views

CVE-2025-15609 Fortis For WooCommerce < 1.3.1 - Sensitive API Key Disclosure

The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like past orders, PII, etc...

5.8AI score0.00404EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 6:0 a.m.25 views

CVE-2025-15609

The CVE-2025-15609 entry concerns the Fortis for WooCommerce WordPress plugin prior to version 1.3.1. The vulnerability allows unauthenticated attackers to leak sensitive API keys and query Fortis’ API, enabling retrieval of sensitive customer data (e.g., past orders and PII). The available sourc...

7.5CVSS5.8AI score0.00404EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/19 6:0 a.m.16 views

EUVD-2025-209890

The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like past orders, PII, etc...

7.5CVSS5.8AI score0.00404EPSS
Exploits0References1
OSV
OSV
added 2026/05/18 4:37 p.m.8 views

GHSA-9RH9-HF3W-9FGG shopper/framework: Race condition on Discount.usage_limit allows silent over-redemption

Impact CreateOrderFromCartAction::execute previously created the Order row before checking and incrementing the discount's totaluse counter. Under concurrent checkout pressure Black Friday, flash sale, viral coupon, the global usagelimit was silently exceeded: orders were committed with the...

5.9CVSS5.8AI score0.00239EPSS
Exploits0References7
NVD
NVD
added 2026/05/15 7:17 p.m.19 views

CVE-2026-45800

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an authenticated SQL injection issue in the frontend user order history page in Vvveb CMS. A normal frontend user can log in and access /user/orders. The orderby and...

8.7CVSS0.00265EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/15 6:44 p.m.8 views

CVE-2026-45800 Vvveb: Authenticated SQL injection in /user/orders via order_by and direction

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an authenticated SQL injection issue in the frontend user order history page in Vvveb CMS. A normal frontend user can log in and access /user/orders. The orderby and...

8.7CVSS5.9AI score0.00265EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/15 6:44 p.m.10 views

EUVD-2026-30582

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an authenticated SQL injection issue in the frontend user order history page in Vvveb CMS. A normal frontend user can log in and access /user/orders. The orderby and...

8.7CVSS5.9AI score0.00265EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/15 6:44 p.m.49 views

CVE-2026-45800 Vvveb: Authenticated SQL injection in /user/orders via order_by and direction

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an authenticated SQL injection issue in the frontend user order history page in Vvveb CMS. A normal frontend user can log in and access /user/orders. The orderby and...

8.7CVSS0.00265EPSS
Exploits0References1
Rows per page
Query Builder