30 matches found
CVE-2026-47740
Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple Filament actions on the admin Order detail and Order shipments table were callable by an authenticated low-privilege user without the permission required to mutate orders. The order detail actions cancel, mark paid, mark...
CVE-2026-47740 Shopper: Authorization bypass in multiple Livewire admin components
Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple Filament actions on the admin Order detail and Order shipments table were callable by an authenticated low-privilege user without the permission required to mutate orders. The order detail actions cancel, mark paid, mark...
CVE-2026-47740 Shopper: Authorization bypass in multiple Livewire admin components
Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple Filament actions on the admin Order detail and Order shipments table were callable by an authenticated low-privilege user without the permission required to mutate orders. The order detail actions cancel, mark paid, mark...
shopper/framework: Authorization bypass in multiple Livewire admin components
Impact Multiple Livewire components in the admin panel allowed an authenticated low-privilege user to mutate data without the required permission: - Order detail Filament actions cancel, mark paid, mark complete, capture payment, archive, start processing were callable with readorders only and di...
Linux Distros Unpatched Vulnerability : CVE-2026-7688
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. This affects the function checkValForAPI of the file htdocs/expedition/class/expedition.class.p...
GHSA-RVWR-Q5HJ-WQ7G Dolibarr has an Injection issue
A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. This affects the function checkValForAPI of the file htdocs/expedition/class/expedition.class.php of the component Shipments API Endpoint. The manipulation of the argument fields leads to sql injection. The attack is possible to be...
Dolibarr has an Injection issue
A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. This affects the function checkValForAPI of the file htdocs/expedition/class/expedition.class.php of the component Shipments API Endpoint. The manipulation of the argument fields leads to sql injection. The attack is possible to be...
CVE-2026-7688
A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. This affects the function checkValForAPI of the file htdocs/expedition/class/expedition.class.php of the component Shipments API Endpoint. The manipulation of the argument fields leads to sql injection. The attack is possible to be...
CVE-2026-7688
A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. This affects the function checkValForAPI of the file htdocs/expedition/class/expedition.class.php of the component Shipments API Endpoint. The manipulation of the argument fields leads to sql injection. The attack is possible to be...
CVE-2026-7688 Dolibarr ERP CRM Shipments API Endpoint expedition.class.php _checkValForAPI sql injection
A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. This affects the function checkValForAPI of the file htdocs/expedition/class/expedition.class.php of the component Shipments API Endpoint. The manipulation of the argument fields leads to sql injection. The attack is possible to be...
EUVD-2026-26826
A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. This affects the function checkValForAPI of the file htdocs/expedition/class/expedition.class.php of the component Shipments API Endpoint. The manipulation of the argument fields leads to sql injection. The attack is possible to be...
CVE-2026-7688 Dolibarr ERP CRM Shipments API Endpoint expedition.class.php _checkValForAPI sql injection
A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. This affects the function checkValForAPI of the file htdocs/expedition/class/expedition.class.php of the component Shipments API Endpoint. The manipulation of the argument fields leads to sql injection. The attack is possible to be...
CVE-2026-7688
Dolibarr ERP CRM (up to 23.0.2) contains a SQL injection in Shipments API Endpoint, via _checkValForAPI in htdocs/expedition/class/expedition.class.php. The vulnerability allows remote access with high attack complexity and LOW impact on confidentiality/integrity/availability; exploit maturity is...
Dolibarr ERP CRM 注入漏洞
Dolibarr ERP CRM is an open-source enterprise and sales management system developed by Dolibarr. Versions of Dolibarr ERP CRM 23.0.2 and earlier had a injection vulnerability. This vulnerability stemmed from the operation of the fields parameter in the checkValForAPI function of the Shipments API...
PT-2026-36692
A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. This affects the function checkValForAPI of the file htdocs/expedition/class/expedition.class.php of the component Shipments API Endpoint. The manipulation of the argument fields leads to sql injection. The attack is possible to be...
EUVD-2025-3400
Malicious code in bioql PyPI...
CVE-2025-23766
CVE-2025-23766 concerns a Missing Authorization vulnerability in the OPSI Israel Domestic Shipments WordPress plugin (
CVE-2025-23766 WordPress OPSI Israel Domestic Shipments plugin <= 2.8.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in ashamil OPSI Israel Domestic Shipments woo-ups-pickup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OPSI Israel Domestic Shipments: from n/a through = 2.8.2...
CVE-2025-23766 WordPress OPSI Israel Domestic Shipments plugin <= 2.8.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in ashamil OPSI Israel Domestic Shipments woo-ups-pickup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OPSI Israel Domestic Shipments: from n/a through = 2.8.2...
WordPress plugin OPSI Israel Domestic Shipments 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...