Lucene search
K

1216 matches found

CVE
CVE
added 2 days ago10 views

CVE-2026-14743

CVE-2026-14743 affects the code-projects Real State Services 1.0. The vulnerability is a SQL injection in an unknown function of the file /normalHomeSale.php triggered by manipulating the loc argument. Exploitation can be performed remotely, and public exploit code is available. The provided docu...

7.5CVSS6.9AI score0.00263EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2 days ago6 views

CVE-2026-14743

A vulnerability was identified in code-projects Real State Services 1.0. The impacted element is an unknown function of the file /normalHomeSale.php. Such manipulation of the argument loc leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might ...

7.5CVSS6.9AI score0.00263EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/06/29 6:16 p.m.7 views

CVE-2026-57950

ruoyi-vue-pro through 2026.05, fixed in commit 5d1fd70 contains a broken access control vulnerability in ErpSaleOrderController that allows attackers with erp:sale-out permissions to gain unauthorized access to sale order operations by exploiting an incorrect permission namespace enforcement...

8.6CVSS0.00294EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/29 5:20 p.m.7 views

EUVD-2026-40167

ruoyi-vue-pro through 2026.05, fixed in commit 5d1fd70 contains a broken access control vulnerability in ErpSaleOrderController that allows attackers with erp:sale-out permissions to gain unauthorized access to sale order operations by exploiting an incorrect permission namespace enforcement...

8.6CVSS5.8AI score0.00294EPSS
Exploits0References3
CVE
CVE
added 2026/06/29 5:20 p.m.11 views

CVE-2026-57950

Summary (CVE-2026-57950): ruoyi-vue-pro before 2026.05 contains a broken access control in ErpSaleOrderController due to incorrect permission namespace enforcement. The controller applies the erp:sale-out namespace instead of the intended erp:sale-order namespace, allowing attackers with erp:sale...

8.6CVSS5.8AI score0.00294EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/29 5:20 p.m.31 views

CVE-2026-57950 ruoyi-vue-pro - Incorrect Permission Namespace in ErpSaleOrderController

ruoyi-vue-pro through 2026.05, fixed in commit 5d1fd70 contains a broken access control vulnerability in ErpSaleOrderController that allows attackers with erp:sale-out permissions to gain unauthorized access to sale order operations by exploiting an incorrect permission namespace enforcement...

8.6CVSS0.00294EPSS
Exploits0References3
NVD
NVD
added 2026/06/29 12:16 p.m.9 views

CVE-2026-13559

A weakness has been identified in code-projects Real State Services 1.0. Impacted is an unknown function of the file /single-listsale.php?action=add. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been made available to...

7.5CVSS0.00412EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/29 10:30 a.m.7 views

EUVD-2026-40070

A weakness has been identified in code-projects Real State Services 1.0. Impacted is an unknown function of the file /single-listsale.php?action=add. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been made available to...

7.5CVSS7AI score0.00412EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/29 10:30 a.m.31 views

CVE-2026-13559 code-projects Real State Services single-list_sale.php add sql injection

A weakness has been identified in code-projects Real State Services 1.0. Impacted is an unknown function of the file /single-listsale.php?action=add. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been made available to...

7.5CVSS0.00412EPSS
Exploits0References6
CVE
CVE
added 2026/06/29 10:30 a.m.13 views

CVE-2026-13559

CVE-2026-13559 affects code-projects Real State Services 1.0. The vulnerability resides in the /single-list_sale.php?action=add handling of the ID parameter, where unsafely manipulated input enables SQL injection. Attack vector is network-based and exploitation is possible remotely, with a public...

7.5CVSS7AI score0.00412EPSS
Exploits0References6
NVD
NVD
added 2026/06/24 7:16 a.m.9 views

CVE-2026-8705

The ClearSale Total plugin for WordPress is vulnerable to SQL Injection via the pagsegurometodo POST parameter of the clearsaletotalpush AJAX action in all versions up to, and including, 3.4.2. The handler is registered for unauthenticated users wpajaxnoprivclearsaletotalpush, and although a...

7.5CVSS0.00505EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/24 5:33 a.m.7 views

EUVD-2026-38672

The ClearSale Total plugin for WordPress is vulnerable to SQL Injection via the pagsegurometodo POST parameter of the clearsaletotalpush AJAX action in all versions up to, and including, 3.4.2. The handler is registered for unauthenticated users wpajaxnoprivclearsaletotalpush, and although a...

7.5CVSS6.1AI score0.00505EPSS
Exploits0References6
CVE
CVE
added 2026/06/24 5:33 a.m.17 views

CVE-2026-8705

The CVE describes a SQL injection in the ClearSale Total WordPress plugin (versions <= 3.4.2). The vulnerability occurs via the pagseguro[metodo] POST parameter of the clearsale_total_push AJAX action, which is accessible to unauthenticated users (wp_ajax_nopriv_clearsale_total_push). Although...

7.5CVSS6.1AI score0.00505EPSS
Exploits0References6
NVD
NVD
added 2026/06/16 10:16 a.m.11 views

CVE-2026-52711

Unauthenticated Broken Access Control in WooCommerce POS = 1.8.14 versions...

7.5CVSS0.00232EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/16 9:0 a.m.13 views

EUVD-2026-37048

Unauthenticated Broken Access Control in WooCommerce POS = 1.8.14 versions...

7.5CVSS5.2AI score0.00232EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.11 views

CVE-2025-41011

HTML injection vulnerability in PHP Point of Sale v19.4. This vulnerability allows an attacker to render HTML in the victim's browser due to a lack of proper validation of user input by sending a request to '/reports/generate/specificcustomer', ussing 'startdateformatted' y 'enddateformatted'...

6.1CVSS5.5AI score0.00158EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.10 views

CVE-2026-32712

Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Daily Sales management table. The customername column is configured with escape: false in the bootstrap-tabl...

5.4CVSS5.6AI score0.00169EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.11 views

CVE-2026-4479

The WholeSale Products Dynamic Pricing Management WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.4CVSS5.6AI score0.00157EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.10 views

CVE-2026-39380

Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Stock Locations configuration feature. The application fails to properly sanitize user input supplied throug...

5.4CVSS5.6AI score0.00162EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.7 views

CVE-2026-8802

A vulnerability was detected in opensourcepos Open Source Point of Sale up to 3.4.2. This issue affects the function getPicThumb of the file app/Controllers/Items.php. The manipulation of the argument picfilename results in path traversal. The attack may be launched remotely. The patch is...

5.3CVSS5.2AI score0.0039EPSS
Exploits0References1
Rows per page
Query Builder