Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1111 matches found

EUVD
EUVDadded 1 hour ago7 views

EUVD-2026-33408

Shopper: Missing authorization on Product admin Livewire sub-form components...

6.5CVSS5.9AI score0.00029EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 1 hour ago7 views

Shopper: Missing authorization on Product admin Livewire sub-form components

Impact Sub-form Livewire components used in the product editor Edit, Inventory, Seo, Shipping, Files had no authorization on their store method. Any authenticated panel user, regardless of role, could mutate any product's pricing, stock, SEO metadata, shipping dimensions, and attached media witho...

6.5CVSS5.6AI score0.00029EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVEadded 2 hours ago0 views

CVE-2026-32270

Craft Commerce is an ecommerce platform for Craft CMS. In versions 4.0.0 through 4.10.2 and 5.0.0 through 5.5.4, the PaymentsController::actionPay discloses some order data to unauthenticated users when an order number is provided and the email check fails during an anonymous payment. The JSON...

6.3CVSS0.0009EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2 hours ago0 views

CVE-2026-6417

The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failedorders' parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS0.0006EPSS
Exploits0References1
Nuclei
Nucleiadded 19 hours ago12 views

Multiple Shipping Address Woocommerce < 2.0 - SQL Injection

The Multiple Shipping Address Woocommerce plugin before 2.0 does not properly sanitize and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauthenticated SQL injections. id: CVE-2022-0783 info: name: Multiple...

9.8CVSS7.9AI score0.54534EPSS
Exploits2References2
Patchstack
Patchstackadded 2 days ago4 views

WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin <= 4.9.4 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Jakub Herman in WordPress Plugin WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels versions = 4.9.4...

5.5AI score
Exploits0Affected Software1
RedhatCVE
RedhatCVEadded 4 days ago9 views

CVE-2026-47742

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Sub-form Livewire components used in the product editor Edit, Inventory, Seo, Shipping, Files had no authorization on their store method. Any authenticated panel user, regardless of role, could mutate any product's pricing, stock, SEO...

6.5CVSS5.9AI score0.00029EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/29 6:0 p.m.7 views

CVE-2026-47742

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Sub-form Livewire components used in the product editor Edit, Inventory, Seo, Shipping, Files had no authorization on their store method. Any authenticated panel user, regardless of role, could mutate any product's pricing, stock, SEO...

6.5CVSS5.9AI score0.00029EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/29 6:0 p.m.5 views

CVE-2026-47742 Shopper: Missing authorization on Product admin Livewire sub-form components

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Sub-form Livewire components used in the product editor Edit, Inventory, Seo, Shipping, Files had no authorization on their store method. Any authenticated panel user, regardless of role, could mutate any product's pricing, stock, SEO...

6.5CVSS5.9AI score0.00029EPSS
Exploits0References2
CVE
CVEadded 2026/05/29 6:0 p.m.9 views

CVE-2026-47742

Affected software: Shopper: Headless e-commerce Admin Panel. Vulnerability summary: Before version 2.8.0, sub-form Livewire components used in the product editor (Edit, Inventory, Seo, Shipping, Files) lacked authorization on their store() method. This allowed any authenticated panel user, regard...

6.5CVSS5.9AI score0.00029EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/05/29 12:0 a.m.5 views

shopper 安全漏洞

Shopper is an open-source e-commerce management backend developed by Shopper Labs. Versions of Shopper prior to 2.8.0 contained security vulnerabilities. These vulnerabilities stemmed from the fact that multiple Filament operations listed in administrator order details and order shipping tables...

8.1CVSS5.8AI score0.00032EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/05/29 12:0 a.m.8 views

PT-2026-44943

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Sub-form Livewire components used in the product editor Edit, Inventory, Seo, Shipping, Files had no authorization on their store method. Any authenticated panel user, regardless of role, could mutate any product's pricing, stock, SEO...

6.5CVSS5.9AI score0.00029EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/23 1:51 p.m.7 views

Malicious code in @zaamx/netme (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ff8cae34ceeb5f691ca4c4f92fbe10d0bc4e6b9eddf081e7c99ab1ee6193c98 This Medusa plugin hardcodes outbound POST requests to https://n8n.lidxi.com/webhook/ in multiple subscribers and admin routes, with no configuration...

5.8AI score
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/18 12:0 a.m.3 views

CVE-2026-39079

An issue in prestashop upsshipping all versions through at least 2.4.0 allows a remote attacker to obtain sensitive information via the /modules/upsshipping/logs/, and /modules/upsshipping/lib/UPSBaseApi.php components...

7.5CVSS5.8AI score0.00055EPSS
Exploits0References2
NVD
NVDadded 2026/05/14 6:16 a.m.3 views

CVE-2026-6417

The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failedorders' parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS0.0006EPSS
Exploits0References2
CVE
CVEadded 2026/05/14 5:30 a.m.6 views

CVE-2026-6417

The GLS Shipping for WooCommerce plugin for WordPress has a Reflected Cross-Site Scripting vulnerability (CVE-2026-6417) in the failed_orders parameter across all versions up to 1.4.0, caused by insufficient input sanitization and output escaping. Unauthenticated attackers can inject scripts in p...

6.1CVSS6AI score0.0006EPSS
Exploits0References2
EUVD
EUVDadded 2026/05/14 5:30 a.m.3 views

EUVD-2026-30236

The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failedorders' parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS6AI score0.0006EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/14 5:30 a.m.4 views

CVE-2026-6417

The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failedorders' parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS6AI score0.0006EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/05/14 5:30 a.m.28 views

CVE-2026-6417 GLS Shipping for WooCommerce <= 1.4.0 - Reflected Cross-Site Scripting via 'failed_orders'

The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failedorders' parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS0.0006EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/05/14 5:30 a.m.2 views

CVE-2026-6417 GLS Shipping for WooCommerce <= 1.4.0 - Reflected Cross-Site Scripting via 'failed_orders'

The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failedorders' parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS6AI score0.0006EPSS
Exploits0References2
Rows per page
Query Builder