7 matches found
CVE-2026-11987
The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.4 via the 'id' parameter due to missing validation on a user controlled key. This...
CVE-2025-64298
NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are exposed in the Windows share accessed by clients in networked installs. By default, this directory has insecure directory paths that allow access to the SQL Server database and...
CVE-2025-11741
CVE-2025-11741 affects the WPC Smart Quick View for WooCommerce plugin for WordPress. The vulnerability is an Information Exposure via the woosq_quickview AJAX endpoint caused by insufficient access restrictions, enabling unauthenticated attackers to read data from password-protected, private, or...
EUVD-2025-28526
Malicious code in bioql PyPI...
Exposure of Resource to Wrong Sphere in microweber
Exposure of Resource to Wrong Sphere in microweber prior to 1.3 allows users to add deleted products to a cart and buy it...
Server: Insufficiently random values
The rand and mtrand functions in PHP 5.4.x do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in ownCloud 4.0.x. For...
Cisco Security Advisory: Transport Layer Security Renegotiation Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Transport Layer Security Renegotiation Vulnerability Advisory ID: cisco-sa-20091109-tls http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml Revision 1.0 For Public Release 2009 November 9 1600 UTC GMT Summary...