229 matches found
WordPress PeproDev WooCommerce Receipt Uploader plugin <= 2.6.9 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin PeproDev WooCommerce Receipt Uploader versions = 2.6.9...
CLEANSTART-2026-KC06686 SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process
Multiple security vulnerabilities affect the istio-fips package. SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. See references for individual vulnerability details...
CVE-2025-68141
EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of a DCChargeLoopRes message that includes Receipt as well as TaxCosts, the vector taxcosts in the target Receipt structure is accessed out of bounds. This occurs in the method template void...
EUVD-2025-206315
EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of a DCChargeLoopRes message that includes Receipt as well as TaxCosts, the vector taxcosts in the target Receipt structure is accessed out of bounds. This occurs in the method template void...
CVE-2025-68141 EVerest vulnerable to null pointer dereference during DC_ChargeLoopRes document deserialization
EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of a DCChargeLoopRes message that includes Receipt as well as TaxCosts, the vector taxcosts in the target Receipt structure is accessed out of bounds. This occurs in the method template void...
CVE-2025-68141 EVerest vulnerable to null pointer dereference during DC_ChargeLoopRes document deserialization
EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of a DCChargeLoopRes message that includes Receipt as well as TaxCosts, the vector taxcosts in the target Receipt structure is accessed out of bounds. This occurs in the method template void...
CVE-2025-68141
EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of a DCChargeLoopRes message that includes Receipt as well as TaxCosts, the vector taxcosts in the target Receipt structure is accessed out of bounds. This occurs in the method template void...
CVE-2025-68141
CVE-2025-68141 affects the EVerest EV charging software stack. Before version 2025.10.0, deserializing a DC_ChargeLoopRes message that includes Receipt and TaxCosts can access the vector tax_costs in Receipt out of bounds, in the function template void convert(const struct iso20_dc_DetailedTaxTy...
CVE-2025-68141 EVerest vulnerable to null pointer dereference during DC_ChargeLoopRes document deserialization
EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of a DCChargeLoopRes message that includes Receipt as well as TaxCosts, the vector taxcosts in the target Receipt structure is accessed out of bounds. This occurs in the method template void...
PT-2026-3857
EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of a DC ChargeLoopRes message that includes Receipt as well as TaxCosts, the vector tax costs in the target Receipt structure is accessed out of bounds. This occurs in the method template void...
CVE-2025-14463
The Payment Button for PayPal plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 1.2.3.41. This is due to the plugin exposing a public AJAX endpoint wppaypalcheckoutajaxprocessorder that processes checkout results without any authentication or...
CVE-2025-68147
Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. Starting in version 3.4.0 and prior to version 3.4.2, a Stored Cross-Site Scripting XSS vulnerability exists in the "Return Policy" configuration field. The application doe...
CVE-2025-68147
Summary (CVE-2025-68147 for OpenSourcePOS) OpenSourcePOS (CodeIgniter PHP app) versions 3.4.0–3.4.1 contain a stored XSS in the “Return Policy” field of the Store Configuration. The flaw stems from insufficient sanitization when saving/displaying the policy, allowing an attacker with configuratio...
EUVD-2025-204017
Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. Starting in version 3.4.0 and prior to version 3.4.2, a Stored Cross-Site Scripting XSS vulnerability exists in the "Return Policy" configuration field. The application doe...
CVE-2025-68147 opensourcepos has a Cross-site Scripting vulnerability
Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. Starting in version 3.4.0 and prior to version 3.4.2, a Stored Cross-Site Scripting XSS vulnerability exists in the "Return Policy" configuration field. The application doe...
Exploit for CVE-2025-68147
CVE-2025-68147: Stored Cross-Site Scripting XSS in OpenSourc...
CVE-2025-61148
An Insecure Direct Object Reference IDOR vulnerability in the EduplusCampus 3.0.1 Student Payment API allows authenticated users to access other students personal and financial records by modifying the 'recno' parameter in the /student/get-receipt endpoint...
EUVD-2025-201212
An Insecure Direct Object Reference IDOR vulnerability in the EduplusCampus 3.0.1 Student Payment API allows authenticated users to access other students personal and financial records by modifying the 'recno' parameter in the /student/get-receipt endpoint...
CVE-2025-61148
An Insecure Direct Object Reference IDOR vulnerability in the EduplusCampus 3.0.1 Student Payment API allows authenticated users to access other students personal and financial records by modifying the 'recno' parameter in the /student/get-receipt endpoint...
CVE-2025-61148
CVE-2025-61148 describes an Insecure Direct Object Reference (IDOR) in EduplusCampus 3.0.1, specifically the Student Payment API. An authenticated user can access other students’ personal and financial records by altering the rec_no parameter in the /student/get-receipt endpoint. The issue is roo...