Lucene search
+L

229 matches found

Patchstack
Patchstack
added 2026/02/06 6:47 a.m.8 views

WordPress PeproDev WooCommerce Receipt Uploader plugin <= 2.6.9 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin PeproDev WooCommerce Receipt Uploader versions = 2.6.9...

6.1CVSS8.3AI score0.00471EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/01/30 3:10 p.m.14 views

CLEANSTART-2026-KC06686 SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process

Multiple security vulnerabilities affect the istio-fips package. SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. See references for individual vulnerability details...

9.8CVSS5.6AI score0.00632EPSS
Exploits1References8
NVD
NVD
added 2026/01/21 8:16 p.m.8 views

CVE-2025-68141

EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of a DCChargeLoopRes message that includes Receipt as well as TaxCosts, the vector taxcosts in the target Receipt structure is accessed out of bounds. This occurs in the method template void...

7.4CVSS0.00248EPSS
Exploits1References1
EUVD
EUVD
added 2026/01/21 7:56 p.m.6 views

EUVD-2025-206315

EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of a DCChargeLoopRes message that includes Receipt as well as TaxCosts, the vector taxcosts in the target Receipt structure is accessed out of bounds. This occurs in the method template void...

7.4CVSS5.6AI score0.00248EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/01/21 7:56 p.m.21 views

CVE-2025-68141 EVerest vulnerable to null pointer dereference during DC_ChargeLoopRes document deserialization

EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of a DCChargeLoopRes message that includes Receipt as well as TaxCosts, the vector taxcosts in the target Receipt structure is accessed out of bounds. This occurs in the method template void...

7.4CVSS0.00248EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/01/21 7:56 p.m.6 views

CVE-2025-68141 EVerest vulnerable to null pointer dereference during DC_ChargeLoopRes document deserialization

EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of a DCChargeLoopRes message that includes Receipt as well as TaxCosts, the vector taxcosts in the target Receipt structure is accessed out of bounds. This occurs in the method template void...

7.4CVSS5.6AI score0.00248EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/01/21 7:56 p.m.4 views

CVE-2025-68141

EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of a DCChargeLoopRes message that includes Receipt as well as TaxCosts, the vector taxcosts in the target Receipt structure is accessed out of bounds. This occurs in the method template void...

7.4CVSS5.5AI score0.00248EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/01/21 7:56 p.m.18 views

CVE-2025-68141

CVE-2025-68141 affects the EVerest EV charging software stack. Before version 2025.10.0, deserializing a DC_ChargeLoopRes message that includes Receipt and TaxCosts can access the vector tax_costs in Receipt out of bounds, in the function template void convert(const struct iso20_dc_DetailedTaxTy...

7.4CVSS5.6AI score0.00248EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/01/21 7:56 p.m.7 views

CVE-2025-68141 EVerest vulnerable to null pointer dereference during DC_ChargeLoopRes document deserialization

EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of a DCChargeLoopRes message that includes Receipt as well as TaxCosts, the vector taxcosts in the target Receipt structure is accessed out of bounds. This occurs in the method template void...

7.4CVSS5.6AI score0.00248EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.11 views

PT-2026-3857

EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of a DC ChargeLoopRes message that includes Receipt as well as TaxCosts, the vector tax costs in the target Receipt structure is accessed out of bounds. This occurs in the method template void...

7.4CVSS5.6AI score0.00248EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/01/17 3:24 a.m.5 views

CVE-2025-14463

The Payment Button for PayPal plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 1.2.3.41. This is due to the plugin exposing a public AJAX endpoint wppaypalcheckoutajaxprocessorder that processes checkout results without any authentication or...

5.3CVSS5.6AI score0.00314EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/12/18 10:37 p.m.5 views

CVE-2025-68147

Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. Starting in version 3.4.0 and prior to version 3.4.2, a Stored Cross-Site Scripting XSS vulnerability exists in the "Return Policy" configuration field. The application doe...

8.1CVSS5.3AI score0.00321EPSS
Exploits4References1
CVE
CVE
added 2025/12/17 10:16 p.m.25 views

CVE-2025-68147

Summary (CVE-2025-68147 for OpenSourcePOS) OpenSourcePOS (CodeIgniter PHP app) versions 3.4.0–3.4.1 contain a stored XSS in the “Return Policy” field of the Store Configuration. The flaw stems from insufficient sanitization when saving/displaying the policy, allowing an attacker with configuratio...

8.1CVSS5AI score0.00321EPSS
Exploits4References3Affected Software1
EUVD
EUVD
added 2025/12/17 10:16 p.m.11 views

EUVD-2025-204017

Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. Starting in version 3.4.0 and prior to version 3.4.2, a Stored Cross-Site Scripting XSS vulnerability exists in the "Return Policy" configuration field. The application doe...

8.1CVSS5AI score0.00321EPSS
Exploits4References3
OSV
OSV
added 2025/12/17 10:16 p.m.8 views

CVE-2025-68147 opensourcepos has a Cross-site Scripting vulnerability

Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. Starting in version 3.4.0 and prior to version 3.4.2, a Stored Cross-Site Scripting XSS vulnerability exists in the "Return Policy" configuration field. The application doe...

8.1CVSS5.1AI score0.00321EPSS
Exploits4References5
GithubExploit
GithubExploit
added 2025/12/17 5:30 p.m.211 views

Exploit for CVE-2025-68147

CVE-2025-68147: Stored Cross-Site Scripting XSS in OpenSourc...

5.5AI score0.00321EPSS
Exploits4
NVD
NVD
added 2025/12/04 4:16 p.m.14 views

CVE-2025-61148

An Insecure Direct Object Reference IDOR vulnerability in the EduplusCampus 3.0.1 Student Payment API allows authenticated users to access other students personal and financial records by modifying the 'recno' parameter in the /student/get-receipt endpoint...

6.5CVSS0.00302EPSS
Exploits3References3
EUVD
EUVD
added 2025/12/04 12:0 a.m.7 views

EUVD-2025-201212

An Insecure Direct Object Reference IDOR vulnerability in the EduplusCampus 3.0.1 Student Payment API allows authenticated users to access other students personal and financial records by modifying the 'recno' parameter in the /student/get-receipt endpoint...

6.2AI score0.00302EPSS
Exploits3References4
Cvelist
Cvelist
added 2025/12/04 12:0 a.m.29 views

CVE-2025-61148

An Insecure Direct Object Reference IDOR vulnerability in the EduplusCampus 3.0.1 Student Payment API allows authenticated users to access other students personal and financial records by modifying the 'recno' parameter in the /student/get-receipt endpoint...

0.00302EPSS
Exploits3References3
CVE
CVE
added 2025/12/04 12:0 a.m.34 views

CVE-2025-61148

CVE-2025-61148 describes an Insecure Direct Object Reference (IDOR) in EduplusCampus 3.0.1, specifically the Student Payment API. An authenticated user can access other students’ personal and financial records by altering the rec_no parameter in the /student/get-receipt endpoint. The issue is roo...

6.5CVSS6.3AI score0.00302EPSS
Exploits3References3Affected Software1
Rows per page
Query Builder