Lucene search
K

126 matches found

CNVD
CNVD
added 2024/01/30 12:0 a.m.29 views

Cups Easy cross-site scripting vulnerability (CNVD-2024-11129)

Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the countryid parameter on the /cupseasylive/countrymodify.php page. An attacker could...

8.2CVSS6.2AI score0.00436EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/01/26 12:0 a.m.2 views

Cups Easy 跨站脚本漏洞

Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the description parameter on the /cupseasylive/itemlist.php page. An attacker could use...

8.2CVSS7AI score0.00399EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/01/26 12:0 a.m.3 views

Cups Easy 跨站脚本漏洞

Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the stateid parameter on the /cupseasylive/statecreate.php page. An attacker could use...

8.2CVSS7AI score0.00437EPSS
Exploits0References2
Openbugbounty
Openbugbounty
added 2023/07/06 11:38 p.m.3 views

responsiblepurchasing.org Cross Site Scripting vulnerability OBB-3482843

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/01/04 2:13 p.m.13 views

american-purchasing.com Cross Site Scripting vulnerability OBB-3128335

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Microsoft KB
Microsoft KB
added 2022/09/13 7:0 a.m.58 views

September 13, 2022—KB5017373 (Security-only update)

September 13, 2022—KB5017373 Security-only update Summary Learn more about this security-only update, including improvements, any known issues, and how to get the update. IMPORTANT Windows 7, Windows Server 2008 R2, Windows Embedded Standard 7, and Windows Embedded POS Ready 7 have reached the en...

9.8CVSS8.4AI score0.85646EPSS
Exploits13
Snyk
Snyk
added 2022/06/23 9:26 a.m.2 views

Malicious Package

Overview en-conduit-plugin-in-app-purchasing is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerab...

9.8CVSS7AI score
Exploits0References3
Akamai Blog
Akamai Blog
added 2022/04/28 1:0 p.m.18 views

Platform Update: Build the Future on Akamai

Today, technology is infused into nearly everything we do. The data behind personalized recommendations, connected devices, and wearables has changed how we engage with the world around us — whether we’re driving to a new destination, purchasing from a new retailer, or monitoring our health...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/11/22 12:0 a.m.13 views

Malicious user can DOS lock by falsely reaching maxNumberOfKeys using shareKey

Handle kenzo Vulnerability details A malicious user can call shareKey repeatedly, transferring miniscule amounts of his key to different accounts, thereby minting new keys until maxNumberOfKeys is reached. Impact Malicious user can grief and make lock purchasing become disabled. Proof of Concept ...

6.9AI score
Exploits0
NVD
NVD
added 2021/10/27 9:15 p.m.15 views

CVE-2021-41191

Roblox-Purchasing-Hub is an open source Roblox product purchasing hub. A security risk in versions 1.0.1 and prior allowed people who have someone's API URL to get product files without an API key. This issue is fixed in version 1.0.2. As a workaround, add @requireapikey in BOT/lib/cogs/website.p...

7.5CVSS0.01327EPSS
Exploits0References3
OSV
OSV
added 2021/10/27 9:15 p.m.17 views

CVE-2021-41191

Roblox-Purchasing-Hub is an open source Roblox product purchasing hub. A security risk in versions 1.0.1 and prior allowed people who have someone's API URL to get product files without an API key. This issue is fixed in version 1.0.2. As a workaround, add @requireapikey in BOT/lib/cogs/website.p...

7.5CVSS6.6AI score
Exploits0References3
Prion
Prion
added 2021/10/27 9:15 p.m.16 views

Code injection

Roblox-Purchasing-Hub is an open source Roblox product purchasing hub. A security risk in versions 1.0.1 and prior allowed people who have someone's API URL to get product files without an API key. This issue is fixed in version 1.0.2. As a workaround, add @requireapikey in BOT/lib/cogs/website.p...

5CVSS7.3AI score0.01327EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/10/27 8:30 p.m.21 views

CVE-2021-41191 API giving out files without key

Roblox-Purchasing-Hub is an open source Roblox product purchasing hub. A security risk in versions 1.0.1 and prior allowed people who have someone's API URL to get product files without an API key. This issue is fixed in version 1.0.2. As a workaround, add @requireapikey in BOT/lib/cogs/website.p...

7.5CVSS7.5AI score0.01327EPSS
Exploits0References3
CVE
CVE
added 2021/10/27 8:30 p.m.55 views

CVE-2021-41191

Summary of CVE-2021-41191 Roblox-Purchasing-Hub (open-source) had a vulnerability in versions 1.0.1 and earlier allowing someone who has another user’s API URL to obtain product files without an API key. The issue has been fixed in version 1.0.2. A workaround mentioned in the sources is to add an...

7.5CVSS7.3AI score0.01327EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2021/10/27 12:0 a.m.4 views

Roblox-Purchasing-Hub 安全漏洞

Roblox-Purchasing-Hub is a Roblox product purchasing center. A security vulnerability exists in Roblox-Purchasing-Hub that stems from a security risk in Roblox-Purchasing-Hub version 1.0.1 and earlier versions that allows someone with someone's API URL to obtain product files without an API key...

7.5CVSS7.3AI score0.01327EPSS
Exploits0References4
NCSC
NCSC
added 2021/10/20 12:0 a.m.7 views

Vulnerabilities fixed in Oracle Peoplesoft products

Oracle has fixed vulnerabilities in the following PeopleSoft products: PeopleSoft Enterprise PT PeopleTools PeopleSoft Enterprise CS SA Integration Pack PeopleSoft Enterprise SCM Purchasing PeopleSoft Enterprise CS Academic Advisement PeopleSoft Enterprise CS Student Records. PeopleSoft Enterpris...

9.8CVSS7.3AI score0.53336EPSS
Exploits4
BDU FSTEC
BDU FSTEC
added 2021/05/19 12:0 a.m.3 views

The vulnerability of the Endeca sub-component of the Oracle Purchasing component of the Oracle E-Business Suite allows a perpetrator to gain unauthorized access to the device.

The vulnerability of the Endeca sub-component of the Oracle Purchasing component of the Oracle E-Business Suite is related to errors in the code. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to the device through HTTP requests...

8.5CVSS6.8AI score0.00987EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2021/04/22 10:15 p.m.14 views

CVE-2021-2262

Vulnerability in the Oracle Purchasing product of Oracle E-Business Suite component: Endeca. The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Purchasing. Successful attacks of this...

8.1CVSS0.00987EPSS
Exploits0References1
OSV
OSV
added 2021/04/22 10:15 p.m.3 views

CVE-2021-2262

Vulnerability in the Oracle Purchasing product of Oracle E-Business Suite component: Endeca. The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Purchasing. Successful attacks of this...

8.1CVSS6.6AI score0.00987EPSS
Exploits0References1
Prion
Prion
added 2021/04/22 10:15 p.m.16 views

Design/Logic Flaw

Vulnerability in the Oracle Purchasing product of Oracle E-Business Suite component: Endeca. The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Purchasing. Successful attacks of this...

5.5CVSS8.1AI score0.00987EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder