Lucene search
K

4167 matches found

Nuclei
Nuclei
added 9 hours ago24 views

WP AmASIN – The Amazon Affiliate Shop - Local File Inclusion

Absolute path traversal vulnerability in reviews.php in the WP AmASIN - The Amazon Affiliate Shop plugin 0.9.6 and earlier for WordPress allows remote attackers to read arbitrary files via a full pathname in the url parameter. id: CVE-2014-4577 info: name: WP AmASIN – The Amazon Affiliate Shop -...

5CVSS7.2AI score0.03749EPSS
Exploits1References3
Nuclei
Nuclei
added 9 hours ago15 views

Vendure Core - SQL Injection

Vendure, an open-source headless commerce platform built on Node.js/TypeScript, contains a critical SQL injection vulnerability in its Shop API. The languageCode query parameter is interpolated directly into a raw SQL CASE expression in ProductService.findOneBySlug without parameterization or inp...

9.1CVSS6.4AI score0.01762EPSS
Exploits1References4
Nuclei
Nuclei
added 9 hours ago66 views

Welcart eCommerce <=2.7.7 - Local File Inclusion

Welcart eCommerce 2.7.7 and before are vulnerable to unauthenticated local file inclusion. id: CVE-2022-41840 info: name: Welcart eCommerce =2.7.8 or apply the provided patch to fix the LFI vulnerability. reference: -...

9.8CVSS7AI score0.05116EPSS
Exploits2References4
Nuclei
Nuclei
added 9 hours ago72 views

WordPress Welcart e-Commerce <2.8.5 - Arbitrary File Access

WordPress Welcart e-Commerce plugin before 2.8.5 is susceptible to arbitrary file access. The plugin does not validate user input before using it to output the content of a file, which can allow an attacker to read arbitrary files on the server, obtain sensitive information, modify data, and/or...

7.5CVSS7.1AI score0.02941EPSS
Exploits2References3
Nuclei
Nuclei
added 9 hours ago49 views

PHPGurukul Dairy Farm Shop Management System 1.0 - SQL Injection

PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in...

9.8CVSS6.8AI score0.15652EPSS
Exploits1References4
NVD
NVD
added yesterday3 views

CVE-2026-57405

Missing Authorization vulnerability in themehunk Open Shop open-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Open Shop: from n/a through = 1.7.1...

7.1CVSS0.00321EPSS
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-57405

CVE-2026-57405 affects WordPress Open Shop theme (versions up to and including 1.7.1). The root cause is Missing Authorization due to incorrectly configured access control levels, classified as a Broken Access Control vulnerability. CVSS3.1 metrics indicate a HIGH base score of 7.1 (AV:N/AC:L/PR:...

7.1CVSS6.1AI score0.00321EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday22 views

CVE-2026-57405 WordPress Open Shop theme <= 1.7.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in themehunk Open Shop open-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Open Shop: from n/a through = 1.7.1...

7.1CVSS0.00321EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added yesterday4 views

gimp: gimp: Heap buffer overflow in read_channel_data()

A flaw was found in GIMP's Paint Shop Pro PSP file format parser. This heap buffer overflow vulnerability allows a remote attacker to cause arbitrary code execution or a denial of service DoS by tricking a user into opening a specially crafted PSP image file. The vulnerability occurs because the...

7.3CVSS6.6AI score0.00233EPSS
Exploits0References6
Nuclei
Nuclei
added yesterday185 views

Jms Blog - SQL Injection

The module Jms Blog jmsblog from Joommasters contains a Time Based SQL injection vulnerability. This module is for the PrestaShop e-commerce platform and mainly provided with joommasters PrestaShop themes id: CVE-2023-27034 info: name: Jms Blog - SQL Injection author: MaStErChO severity: critical...

9.8CVSS7.1AI score0.58743EPSS
Exploits0References5
Patchstack
Patchstack
added 6 days ago8 views

WordPress Open Shop theme <= 1.7.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by HaiND in WordPress Theme Open Shop versions = 1.7.1...

7.1CVSS6.1AI score0.00321EPSS
Exploits0Affected Software1
NVD
NVD
added 6 days ago10 views

CVE-2026-12936

The Recurio – Ultimate Subscription for WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 'data' parameter in all versions up to, and including, 1.1.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS0.00266EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-12936 Recurio <= 1.1.3 - Authenticated (Shop Manager+) SQL Injection via 'data' Parameter

The Recurio – Ultimate Subscription for WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 'data' parameter in all versions up to, and including, 1.1.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS0.00266EPSS
Exploits0References4
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42216

The Recurio – Ultimate Subscription for WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 'data' parameter in all versions up to, and including, 1.1.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS6AI score0.00266EPSS
Exploits0References4
CVE
CVE
added 6 days ago10 views

CVE-2026-12936

The CVE-2026-12936 relates to the Recurio – Ultimate Subscription for WooCommerce WordPress plugin. It describes a generic SQL Injection via the 'data' parameter in all versions up to and including 1.1.3 , caused by insufficient escaping and inadequate query preparation. With shop manager-level a...

4.9CVSS6AI score0.00266EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/05 2:0 a.m.28 views

CVE-2026-14692 SourceCodester Multi-Vendor Online Grocery Management System POST Parameter Master.php save_shop_type sql injection

A vulnerability was detected in SourceCodester Multi-Vendor Online Grocery Management System 1.0/5.7.26. Affected is the function saveshoptype of the file classes/Master.php of the component POST Parameter Handler. Performing a manipulation results in sql injection. The attack is possible to be...

6.5CVSS0.002EPSS
Exploits0References6
CVE
CVE
added 2026/07/05 2:0 a.m.19 views

CVE-2026-14692

The CVE-2026-14692 entry concerns SourceCodester Multi-Vendor Online Grocery Management System 1.0/5.7.26 where the function save_shop_type in classes/Master.php (POST Parameter Handler) is vulnerable to SQL injection. The vulnerability can be exploited remotely, and the exploit is publicly avail...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/05 2:0 a.m.8 views

EUVD-2026-41715

A vulnerability was detected in SourceCodester Multi-Vendor Online Grocery Management System 1.0/5.7.26. Affected is the function saveshoptype of the file classes/Master.php of the component POST Parameter Handler. Performing a manipulation results in sql injection. The attack is possible to be...

6.5CVSS5.8AI score0.002EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.15 views

PT-2026-55755

Name of the Vulnerable Software and Affected Versions SourceCodester Multi-Vendor Online Grocery Management System versions 1.0 through 5.7.26 Description Remote manipulation of the POST Parameter Handler component leads to SQL injection, a technique where malicious SQL statements are inserted in...

6.5CVSS6.6AI score0.002EPSS
Exploits0References9
NVD
NVD
added 2026/07/03 7:16 p.m.9 views

CVE-2026-58379

A flaw was found in GIMP's Paint Shop Pro PSP file format parser. This heap buffer overflow vulnerability allows a remote attacker to cause arbitrary code execution or a denial of service DoS by tricking a user into opening a specially crafted PSP image file. The vulnerability occurs because the...

7.3CVSS0.00233EPSS
Exploits0References5
Rows per page
Query Builder