Lucene search
+L

64 matches found

NVD
NVD
added 2 days ago10 views

CVE-2026-48014

Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, the order state transition features /api/action/order/orderId/state/transition and similar transaction and delivery transition routes in src/Core/Checkout/Order/Api/OrderActionController.php do not declare...

6.5CVSS0.00233EPSS
Exploits0References5
Cvelist
Cvelist
added 2 days ago36 views

CVE-2026-48014 Shopware: Admin API ACL Bypass in Order State Transition Endpoints

Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, the order state transition features /api/action/order/orderId/state/transition and similar transaction and delivery transition routes in src/Core/Checkout/Order/Api/OrderActionController.php do not declare...

6.5CVSS0.00233EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/06/27 1:54 a.m.9 views

SUSE CVE-2026-53033

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Take state lock for afunix iter When a BPF iterator program updates a sockmap, there is a race condition in unixstreambpfupdateproto where the peer pointer can become stale1 during a state transition TCPESTABLISHED ...

7.8CVSS5.8AI score0.00135EPSS
Exploits0References3
OSV
OSV
added 2026/06/04 7:33 p.m.13 views

GHSA-F8Q6-3G5W-JJR6 Shopware: Admin API ACL Bypass in Order State Transition Endpoints

Summary This is a vertical authorization bypass in the Admin API affecting order state transition features /api/action/order/orderId/state/transition and similar transaction/delivery transition routes. The root cause is that the transition action routes do not declare required server-side ACL...

6.5CVSS5.9AI score0.00233EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/04 7:33 p.m.7 views

Missing Authorization

Overview shopware/platform is a Shopware e-commerce core. Affected versions of this package are vulnerable to Missing Authorization in the orderStateTransition process. An attacker can modify order states without proper privileges by sending crafted API requests directly to the affected endpoints...

7.1CVSS5.8AI score0.00233EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/05/27 12:0 a.m.11 views

Do You Dare to Try Test-Driven Forensics? Increasing Trust in Desktop Forensics with ADARE

Digital forensic relies on validated tools and established procedures, yet the underlying operating systems, applications, and analysis tools evolve rapidly. This evolution can cause artifact behavior and tool outputs to drift, silently degrading repeatability and confidence in long-lived forensi...

5.8AI score
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.17 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: sched/ext: Fixed invalid task state transitions during class switching. When enabling the schedext scheduler, it is possible to trigger invalid task state transitions, resulting in warnings like the following which can be easily...

5.5CVSS6.1AI score0.00134EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/04/24 1:27 a.m.8 views

SUSE CVE-2026-41651

PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use TOCTOU race condition on transaction flags that...

8.8CVSS6AI score0.0046EPSS
Exploits10References14
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-19544

Malware in sbrugna...

8.6CVSS7.3AI score0.0123EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-2322

Malware in sbrugna...

7.8CVSS8.1AI score0.00189EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-7497

Malware in sbrugna...

6.5CVSS7.8AI score0.0134EPSS
Exploits0References13
EUVD
EUVD
added 2025/10/07 12:30 a.m.12 views

EUVD-2015-1210

Malware in sbrugna...

4.3CVSS6AI score0.19633EPSS
Exploits1References14
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-46426

Malicious code in bioql PyPI...

4.6CVSS5.2AI score0.00311EPSS
Exploits0References1
OSV
OSV
added 2025/09/11 4:56 p.m.5 views

CVE-2025-39780 sched/ext: Fix invalid task state transitions on class switch

In the Linux kernel, the following vulnerability has been resolved: sched/ext: Fix invalid task state transitions on class switch When enabling a schedext scheduler, we may trigger invalid task state transitions, resulting in warnings like the following which can be easily reproduced by running t...

5.5CVSS6.1AI score0.00134EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/09/11 12:0 a.m.6 views

PT-2025-37237

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists in the Linux kernel related to invalid task state transitions when using the sched ext scheduler. This issue occurs because initialization is skipped for tasks that are...

6AI score0.00134EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/22 3:26 p.m.7 views

CVE-2020-27895

An information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling. This issue is fixed in iTunes 12.11 for Windows. A malicious application may be able to access local users Apple IDs...

4.3CVSS5.1AI score0.00649EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 10:26 a.m.11 views

CVE-2019-10518

Use after free of a pointer in iWLAN scenario during netmgr state transition to CONNECT in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure an...

7.8CVSS7.4AI score0.00189EPSS
Exploits0References1
CVE
CVE
added 2025/04/16 11:6 p.m.78 views

CVE-2025-1566

CVE-2025-1566 affects Google ChromeOS, specifically the Native System VPN in the Dev Channel. The root cause is a failure to properly tunnel DNS traffic during VPN state transitions, enabling network observers to expose plaintext DNS queries. Reported in ChromeOS/Kubernetes-related advisories, wi...

7.5CVSS7.5AI score0.00192EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2025/02/26 1:55 a.m.11 views

CVE-2022-49219

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: fix memory leak during D3hot to D0 transition If 'vfiopcicoredevice::needspmrestore' is set PCI device does not have NoSoftReset bit set in its PMCSR config register, then the current PCI state will be saved locally in...

5.5CVSS5.7AI score0.00253EPSS
Exploits0
OSV
OSV
added 2025/02/26 1:55 a.m.11 views

CVE-2022-49219 vfio/pci: fix memory leak during D3hot to D0 transition

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: fix memory leak during D3hot to D0 transition If 'vfiopcicoredevice::needspmrestore' is set PCI device does not have NoSoftReset bit set in its PMCSR config register, then the current PCI state will be saved locally in...

5.5CVSS6AI score0.00253EPSS
Exploits0References9
Rows per page
Query Builder