Lucene search
K

10 matches found

EUVD
EUVD
added 2026/06/05 8:33 p.m.12 views

EUVD-2026-33408

Shopper: Missing authorization on Product admin Livewire sub-form components...

6.5CVSS5.4AI score0.00221EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/05 8:33 p.m.20 views

Shopper: Missing authorization on Product admin Livewire sub-form components

Impact Sub-form Livewire components used in the product editor Edit, Inventory, Seo, Shipping, Files had no authorization on their store method. Any authenticated panel user, regardless of role, could mutate any product's pricing, stock, SEO metadata, shipping dimensions, and attached media witho...

6.5CVSS5.6AI score0.00221EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-17633

Malware in sbrugna...

6.5CVSS6.5AI score0.01881EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-17240

Malicious code in bioql PyPI...

5.3CVSS6.5AI score0.00455EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 8:21 a.m.4 views

CVE-2024-1492

The WPify Woo Czech plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the maybesendtopacketa function in all versions up to, and including, 4.0.8. This makes it possible for unauthenticated attackers to obtain shipping details for orders as lon...

5.3CVSS4.8AI score0.00455EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:53 a.m.7 views

CVE-2019-8235

An insecure direct object reference IDOR vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8, and 2.1 prior to 2.1.17 versions. An authenticated user may be able to view personally identifiable shipping details of another user due to insufficient validation of user controlled...

6.5CVSS6.5AI score0.01881EPSS
Exploits0References1
OSV
OSV
added 2024/02/29 1:43 a.m.4 views

CVE-2024-1492

The WPify Woo Czech plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the maybesendtopacketa function in all versions up to, and including, 4.0.8. This makes it possible for unauthenticated attackers to obtain shipping details for orders as lon...

5.3CVSS5.8AI score0.00455EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:43 a.m.22 views

Design/Logic Flaw

The WPify Woo Czech plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the maybesendtopacketa function in all versions up to, and including, 4.0.8. This makes it possible for unauthenticated attackers to obtain shipping details for orders as lon...

5CVSS7.2AI score0.00455EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/02/19 12:0 a.m.9 views

WPify Woo Czech < 4.0.9 - Missing Authorization

Description The WPify Woo Czech plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the maybesendtopacketa function in all versions up to, and including, 4.0.8. This makes it possible for unauthenticated attackers to obtain shipping details for...

5CVSS6.3AI score0.00455EPSS
Exploits0References1Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.42 views

PRODSECBUG-2276: Insecure Direct Object Reference (IDOR) vulnerability can expose order shipping details

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

7.5CVSS7.2AI score0.00836EPSS
Exploits0Affected Software1
Rows per page
Query Builder