CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Name of the Vulnerable Software and Affected Versions Shopper versions prior to 2.8.0 Description Sub-form Livewire components within the product editor—specifically those handling Edit, Inventory, Seo, Shipping, and Files—lack authorization on their store method. This allows any authenticated...

6.5CVSS5.6AI score0.00221EPSS

Exploits0References7

NVD•added 2026/05/15 5:16 p.m.•7 views

CVE-2026-42207

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, MageProductAlertAddController::stockAction reads the uenc query parameter and passes...

6.1CVSS0.00149EPSS

Exploits0References1

OSV•added 2026/05/12 3:49 a.m.•0 views

MINI-VXH9-8X4P-75CH

Bulletin has no description...

5.3CVSS5.7AI score0.00179EPSS

Exploits0

OSV•added 2026/05/11 7:33 p.m.•0 views

MINI-H69R-HQ8H-GWJM

Bulletin has no description...

7.5CVSS5.7AI score0.00588EPSS

Exploits0

OSV•added 2026/05/11 12:21 a.m.•4 views

MINI-R947-F84J-H9RG

Bulletin has no description...

5.3CVSS5.7AI score0.00421EPSS

Exploits1

Vulnrichment•added 2026/05/10 12:43 p.m.•8 views

CVE-2021-47928 Opencart TMD Vendor System 3.x Blind SQL Injection via product route

Opencart TMD Vendor System 3.x contains a blind SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the productid parameter. Attackers can craft malicious SQL queries using time-based or content-based blind injection...

8.8CVSS5.9AI score0.00276EPSS

Exploits0References4

Positive Technologies•added 2026/05/10 12:0 a.m.•6 views

PT-2026-39504

Opencart TMD Vendor System 3.x contains a blind SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the product id parameter. Attackers can craft malicious SQL queries using time-based or content-based blind injection...

8.8CVSS5.9AI score0.00276EPSS

Exploits0References5

OSV•added 2026/05/01 6:30 p.m.•3 views

MINI-2C29-P3X6-CR88

Bulletin has no description...

7.5CVSS6.2AI score0.0043EPSS

Exploits0

RedhatCVE•added 2026/04/29 2:49 p.m.•2 views

CVE-2026-7269

A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected is an unknown function of the file /index.php?page=product. Performing a manipulation of the argument ID results in cross site scripting. It is possible to initiate the attack remotely. The exploit has...

4.8CVSS3.3AI score0.0021EPSS

Exploits0References1

OSV•added 2026/04/28 3:20 a.m.•3 views

MINI-RMMW-3RV8-PCVR

Bulletin has no description...

8.8CVSS5AI score0.00195EPSS

Exploits0

Positive Technologies•added 2026/04/28 12:0 a.m.•1 views

PT-2026-35711

A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. This affects an unknown function of the file /view prod.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used...

6.5CVSS6.3AI score0.00192EPSS

Exploits0References6

OSV•added 2026/04/12 8:4 p.m.•0 views

MINI-WGHF-95GX-3H5R

Bulletin has no description...

6.1CVSS5.7AI score0.0029EPSS

Exploits0

OSV•added 2026/04/12 2:20 a.m.•2 views

MINI-MGF9-V227-4G2J

Bulletin has no description...

7.5CVSS5.7AI score0.00349EPSS

Exploits0