Lucene search
K

22 matches found

Cvelist
Cvelist
added 2026/03/03 12:0 a.m.26 views

CVE-2026-26892

Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in /managecarrier.php...

0.00268EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/10 3:13 p.m.7 views

CVE-2025-62995

Missing Authorization vulnerability in multiparcels MultiParcels Shipping For WooCommerce multiparcels-shipping-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MultiParcels Shipping For WooCommerce: from n/a through = 1.30.12...

4.3CVSS7AI score0.00185EPSS
Exploits0References1
NVD
NVD
added 2025/12/09 4:18 p.m.6 views

CVE-2025-62995

Missing Authorization vulnerability in multiparcels MultiParcels Shipping For WooCommerce multiparcels-shipping-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MultiParcels Shipping For WooCommerce: from n/a through = 1.30.12...

4.3CVSS0.00185EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/09 2:52 p.m.22 views

CVE-2025-62995 WordPress MultiParcels Shipping For WooCommerce plugin <= 1.30.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in multiparcels MultiParcels Shipping For WooCommerce multiparcels-shipping-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MultiParcels Shipping For WooCommerce: from n/a through = 1.30.12...

4.3CVSS0.00185EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 4:47 p.m.3 views

Malicious code in muklis-40 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b64d6bff226bb8a8cc1a4f7de9f0dc98224c1bf95dd33425713aba069664551c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-4763

Malware in sbrugna...

7.8CVSS7.9AI score0.00361EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2016-3750

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libs/binder/Parcel.cpp in the Parcels Framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not...

7.8CVSS7.6AI score0.00361EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/02/28 4:2 a.m.3 views

SUSE CVE-2021-46935

In the Linux kernel, the following vulnerability has been resolved: binder: fix asyncfreespace accounting for empty parcels In 4.13, commit 74310e06be4d "android: binder: Move buffer out of area shared with user space" fixed a kernel structure visibility issue. As part of that patch, sizeofvoid w...

5.5CVSS4.6AI score0.00229EPSS
Exploits0References3
OSV
OSV
added 2023/08/21 5:15 p.m.3 views

CVE-2023-3366

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.2 does not have CRSF check when deleting a shipment, allowing attackers to make any logged in user, delete arbitrary shipment via a CSRF attack...

4.3CVSS5.9AI score0.00231EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/08/21 12:0 a.m.5 views

PT-2023-27008 · WordPress · Multiparcels Shipping For Woocommerce

Name of the Vulnerable Software and Affected Versions: MultiParcels Shipping For WooCommerce WordPress plugin versions prior to 1.15.4 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being...

6.1CVSS6.3AI score0.00396EPSS
Exploits2References4
CNNVD
CNNVD
added 2023/08/21 12:0 a.m.5 views

WordPress plugin MultiParcels Shipping For WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.1CVSS6.8AI score0.00396EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2023/08/21 12:0 a.m.7 views

PT-2023-24439 · WordPress · Multiparcels Shipping For Woocommerce

Name of the Vulnerable Software and Affected Versions: MultiParcels Shipping For WooCommerce WordPress plugin versions prior to 1.15.2 Description: The issue allows attackers to make any logged-in user delete arbitrary shipments via a CSRF attack because the plugin does not have a CRSF check when...

4.3CVSS7.2AI score0.00231EPSS
Exploits2References5
OSV
OSV
added 2023/08/07 3:15 p.m.6 views

CVE-2023-3671

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.4 does not sanitise and escape various parameters before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS7.3AI score0.00396EPSS
Exploits2References1
OSV
OSV
added 2023/08/07 3:15 p.m.2 views

CVE-2023-3365

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.14 does not have authorisation when deleting shipment, allowing any authenticated users, such as subscriber to delete arbitrary shipment...

8.1CVSS7.4AI score0.00592EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/08/07 12:0 a.m.7 views

PT-2023-24431 · WordPress · Multiparcels Shipping For Woocommerce

Name of the Vulnerable Software and Affected Versions: MultiParcels Shipping For WooCommerce WordPress plugin versions prior to 1.14.14 Description: The issue concerns a lack of authorization in the deletion of shipments, allowing any authenticated user, such as a subscriber, to delete arbitrary...

8.1CVSS8.8AI score0.00592EPSS
Exploits2References5
Wired Threat Level
Wired Threat Level
added 2023/05/17 6:5 p.m.18 views

The US Post Office Is Spying on the Mail. Senators Want to Stop It

The USPS carries out warrantless surveillance on thousands of parcels every year. Lawmakers want it to end—right now...

7AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2016/08/03 12:0 a.m.10 views

The vulnerability of the Android operating system, which allows a hacker to bypass the security mechanisms of a isolated execution environment

The vulnerability of the libs/binder/Parcel.cpp file in the Parcels software interface of the Android operating system is related to the lack of checking for the return value of system calls. Exploiting this vulnerability allows a malicious actor to bypass the security mechanisms of isolated...

7.5CVSS7.2AI score0.00361EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2016/07/11 1:59 a.m.24 views

CVE-2016-3750

libs/binder/Parcel.cpp in the Parcels Framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate the return value of the dup system call, which allows attackers to bypass an isolation protection mechanism via a crafted...

7.8CVSS7.4AI score0.00361EPSS
Exploits0References2
OSV
OSV
added 2016/07/11 1:59 a.m.5 views

CVE-2016-3750

libs/binder/Parcel.cpp in the Parcels Framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate the return value of the dup system call, which allows attackers to bypass an isolation protection mechanism via a crafted...

7.8CVSS5.8AI score0.00361EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2016/07/11 1:59 a.m.25 views

CVE-2016-3750

libs/binder/Parcel.cpp in the Parcels Framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate the return value of the dup system call, which allows attackers to bypass an isolation protection mechanism via a crafted...

7.8CVSS7.1AI score0.00361EPSS
Exploits0References2
Rows per page
Query Builder