Lucene search
K

4 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/13 8:42 p.m.5 views

CVE-2026-45054

CubeCart is an ecommerce software solution. Prior to 6.7.0, the admin orders-transactions listing page admin.php?g=orders&node=transactions builds a raw ORDER BY SQL fragment from the attacker-controlled $GET'sort' array without column or direction validation. Both the column key and the directio...

4.9CVSS6.1AI score0.00239EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/12/09 2:14 p.m.22 views

CVE-2025-67572 WordPress PenNews theme < 6.7.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in PenciDesign PenNews pennews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PenNews: from n/a through 6.7.4...

5.3CVSS0.00222EPSS
Exploits0References1
CNVD
CNVD
added 2019/01/09 12:0 a.m.2 views

SAP Commerce Cross-Site Scripting Vulnerability

SAP Commerce is a suite of e-commerce solutions from SAP Germany. The product includes components for product content management, experience management, personalization and order management. A cross-site scripting vulnerability exists in SAP Commerce versions prior to 6.7, which arises from a...

6.1CVSS6.7AI score0.01016EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2007/11/29 2:50 p.m.6 views

pcre miscalculation of memory requirements for malformed Posix character class

Perl-Compatible Regular Expression PCRE library before 6.7 allows context-dependent attackers to cause a denial of service error or crash via a regular expression that involves a "malformed POSIX character class", as demonstrated via an invalid character after a sequence...

4.3CVSS5.8AI score0.01604EPSS
Exploits0References4
Rows per page
Query Builder