CVE-2017-20260

Joomla! Component Price Alert 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the productid parameter. Attackers can send requests to the subscribeajax view with crafted SQL payloads in the...

EUVD-2017-18987

Joomla! Component Price Alert 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the productid parameter. Attackers can send requests to the subscribeajax view with crafted SQL payloads in the...

CVE-2017-20260

Joomla! Component Price Alert 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the product_id parameter in the subscribeajax view. Attackers can craft SQL payloads to extract sensitive database...

CVE-2017-20260 Joomla! Component Price Alert 3.0.2 SQL Injection

Joomla! Component Price Alert 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the productid parameter. Attackers can send requests to the subscribeajax view with crafted SQL payloads in the...

CVE-2017-20260

Joomla! Component Price Alert 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the productid parameter. Attackers can send requests to the subscribeajax view with crafted SQL payloads in the...

Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data

Salesforce has revealed that it disabled the Klue Battlecards app integration within its platform in response to a security incident impacting the competitive intelligence company on June 11, 2026. To that end, organizations will be unable to connect to Salesforce via the app until further notice...

PT-2026-50937

Name of the Vulnerable Software and Affected Versions Joomla! Component Price Alert version 3.0.2 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. By sending requests to the 'subscribeajax' view with crafted payloads in the product id parameter,...

CVE-2026-22334

Subscriber Arbitrary File Download in Woocommerce Book Price = 1.3 versions...

CVE-2026-22334 WordPress Woocommerce Book Price plugin <= 1.3 - Arbitrary File Download vulnerability

Subscriber Arbitrary File Download in Woocommerce Book Price = 1.3 versions...

CVE-2026-22334

CVE-2026-22334 concerns the WordPress Woocommerce Book Price plugin (&lt;= 1.3). The vulnerability is an Arbitrary File Download that requires authentication (Subscriber level or higher). The CVE entry notes an authenticated path to download arbitrary files, with a base CVSS v3.1 score of 7.5 (HI...

CVE-2026-49110 WordPress Upsell Order Bump Offer for WooCommerce plugin <= 3.1.4 - Price Manipulation vulnerability

Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce = 3.1.4 versions...

CVE-2026-49110

The CVE-2026-49110 entry concerns the WordPress plugin Upsell Order Bump Offer for WooCommerce, affected in versions &lt;= 3.1.4. It describes an Unauthenticated Broken Authentication vulnerability enabling price manipulation in Upsell Order Bump offers. CVSSv3.1 metrics indicate Network attack v...

CVE-2026-12183

Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerability CWE-287 in the system configuration module. The /php/ajax-login.php endpoint returns userid=1 administrator in response to any HTTP POST request that supplie...

EUVD-2026-36653

Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerability CWE-287 in the system configuration module. The /php/ajax-login.php endpoint returns userid=1 administrator in response to any HTTP POST request that supplie...

Shopper: Missing authorization on Product admin Livewire sub-form components

Impact Sub-form Livewire components used in the product editor Edit, Inventory, Seo, Shipping, Files had no authorization on their store method. Any authenticated panel user, regardless of role, could mutate any product's pricing, stock, SEO metadata, shipping dimensions, and attached media witho...

CVE-2026-5811

A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this issue is the function saveproduct of the file /Actions.php of the component POST Parameter Handler. Such manipulation of the argument price leads to business logic errors. The attack may be performe...

CVE-2025-14755

The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference IDOR in all versions up to, and including, 4.0.1 only when used in combination with Cost Calculator Builder PRO. This is due to the ccbwoocommercepayment AJAX...

WordPress Upsell Order Bump Offer for WooCommerce plugin <= 3.1.4 - Price Manipulation vulnerability

Price Manipulation vulnerability discovered by Jakub Herman in WordPress Plugin Upsell Order Bump Offer for WooCommerce versions = 3.1.4...

PT-2026-45707

Name of the Vulnerable Software and Affected Versions Easy Cart versions prior to 1.9 Description The Easy Cart plugin for WordPress contains a Stored Cross-Site Scripting issue. Authenticated attackers with Contributor-level access or higher can inject arbitrary web scripts into pages. This occu...

PT-2026-44741

Name of the Vulnerable Software and Affected Versions QEMU affected versions not specified Description A heap use-after-free UAF race condition exists in the 9pfs component, specifically within the v9fs co readdir many function. This issue allows an unprivileged guest to cause a denial of service...