4 matches found
CVE-2026-45054
CubeCart is an ecommerce software solution. Prior to 6.7.0, the admin orders-transactions listing page admin.php?g=orders&node=transactions builds a raw ORDER BY SQL fragment from the attacker-controlled $GET'sort' array without column or direction validation. Both the column key and the directio...
CVE-2025-67572 WordPress PenNews theme < 6.7.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in PenciDesign PenNews pennews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PenNews: from n/a through 6.7.4...
SAP Commerce Cross-Site Scripting Vulnerability
SAP Commerce is a suite of e-commerce solutions from SAP Germany. The product includes components for product content management, experience management, personalization and order management. A cross-site scripting vulnerability exists in SAP Commerce versions prior to 6.7, which arises from a...
pcre miscalculation of memory requirements for malformed Posix character class
Perl-Compatible Regular Expression PCRE library before 6.7 allows context-dependent attackers to cause a denial of service error or crash via a regular expression that involves a "malformed POSIX character class", as demonstrated via an invalid character after a sequence...