Lucene search
K

221 matches found

OSV
OSV
added 2026/04/09 8:28 p.m.4 views

GHSA-9HFR-GW99-8RHX bsv-sdk ARC broadcaster treats INVALID/MALFORMED/ORPHAN responses as successful broadcasts

ARC broadcaster treats failure statuses as successful broadcasts Summary BSV::Network::ARC's failure detection only recognises REJECTED and DOUBLESPENDATTEMPTED. ARC responses with txStatus values of INVALID, MALFORMED, MINEDINSTALEBLOCK, or any ORPHAN-containing extraInfo / txStatus are silently...

7.5CVSS5.7AI score0.00266EPSS
Exploits0References8
EUVD
EUVD
added 2026/04/08 9:31 a.m.3 views

EUVD-2026-20105

The Riaxe Product Customizer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4 via the '/wp-json/InkXEProductDesignerLite/orders' REST API endpoint. The endpoint is registered with 'permissioncallback' set to 'returntrue', meaning no...

5.3CVSS5.9AI score0.00462EPSS
Exploits0References10
Circl
Circl
added 2026/03/29 10:30 a.m.15 views

CVE-2026-5041

creationtimestamp| type| source ---|---|--- 2026-03-29 10:30:26+00:00| seen| https://infosec.exchange/users/offseq/statuses/116311996902257625 2026-03-29 10:30:28+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mi6wwkabje2s...

5.8CVSS5.8AI score0.01894EPSS
Exploits0References2
Circl
Circl
added 2026/03/27 2:9 p.m.3 views

CVE-2026-5004

creationtimestamp| type| source ---|---|--- 2026-03-27 14:09:36+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116301534081725054 2026-03-28 18:50:02+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mi5cevw2wq23 2026-03-28 19:15:23+00:00| published-proof-of-concept|...

9CVSS8.1AI score0.00687EPSS
Exploits1References5
Circl
Circl
added 2026/03/23 8:2 a.m.4 views

CVE-2026-3587

creationtimestamp| type| source ---|---|--- 2026-03-23 08:02:01+00:00| seen| https://infosec.exchange/users/certvde/statuses/116277439434054031 2026-03-23 08:02:11+00:00| seen| https://bsky.app/profile/certvde.infosec.exchange.ap.brid.gy/post/3mhplts73kmm2 2026-03-23 08:17:02+00:00| seen|...

10CVSS4.8AI score0.00679EPSS
Exploits0References12
Snyk
Snyk
added 2026/03/10 6:23 p.m.2 views

Cross-site Scripting (XSS)

Overview craftcms/commerce is a Craft Commerce Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Name field when updating order statuses in the orders table. An attacker can execute arbitrary JavaScript code in the context of an administrator's browser by...

4.8CVSS5.7AI score0.00318EPSS
Exploits1References2
Circl
Circl
added 2026/03/03 4:30 a.m.2 views

CVE-2026-2448

creationtimestamp| type| source ---|---|--- 2026-03-03 04:30:30+00:00| seen| https://infosec.exchange/users/offseq/statuses/116163361394594510 2026-03-03 04:30:31+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mg4wowxu2425 2026-03-03 07:26:23+00:00| seen|...

8.8CVSS5.9AI score0.00888EPSS
Exploits0References4
Circl
Circl
added 2026/02/20 1:17 a.m.9 views

CVE-2026-26975

creationtimestamp| type| source ---|---|--- 2026-02-20 01:17:59+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfawskqi6z2f 2026-02-20 01:18:30+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfawti2fy32k 2026-02-20 01:30:31+00:00| seen|...

8.8CVSS5.7AI score0.01447EPSS
Exploits1References6
Circl
Circl
added 2026/02/04 9:1 p.m.6 views

CVE-2026-25049

creationtimestamp| type| source ---|---|--- 2026-02-04 21:01:03+00:00| seen| https://threatintel.cc/2026/02/04/critical-nn-flaws-disclosed-along.html 2026-02-04 21:23:59+00:00| seen| https://infosec.exchange/users/DarkWebInformer/statuses/116014464225155765 2026-02-04 21:27:57+00:00| seen|...

9.9CVSS5.3AI score0.01196EPSS
Exploits0References62
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.10 views

WordPress plugin Fortis for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5.3CVSS5.8AI score0.00345EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/02/02 10:41 p.m.6 views

Craft Commerce has Stored DOM XSS in Order Status Name (Reflects in "Recent Orders" Dashboard Widget)

Summary A stored DOM XSS vulnerability exists in the "Recent Orders" dashboard widget. The Order Status Name is rendered via JavaScript string concatenation without proper escaping, allowing script execution when any admin visits the dashboard. Users are recommended to update to the patched 5.5.2...

6.2CVSS5.6AI score0.00304EPSS
Exploits1References6Affected Software1
EUVD
EUVD
added 2026/01/28 11:23 a.m.6 views

EUVD-2025-206485

The Rupantorpay plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handlewebhook function in all versions up to, and including, 2.0.0. This makes it possible for unauthenticated attackers to modify WooCommerce order statuses by sending...

5.3CVSS5.9AI score0.00205EPSS
Exploits0References2
OSV
OSV
added 2026/01/26 2:49 p.m.4 views

BIT-MOODLE-2025-3645 Moodle: idor in messaging web service allows access to some user details

A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users' names and online statuses...

4.3CVSS5.8AI score0.00302EPSS
Exploits0References4
ICS
ICS
added 2026/01/22 7:0 a.m.10 views

EVMAPA

RISK EVALUATION Successful exploitation of these vulnerabilities could lead to degraded service, a denial-of-service, or unauthorized remote command execution, which could lead to spoofing or a manipulation of charging station statuses. 2. RECOMMENDED PRACTICES CISA recommends users take...

9.8CVSS5.6AI score0.00418EPSS
Exploits0References11
Circl
Circl
added 2026/01/20 8:5 a.m.5 views

CVE-2022-25731

creationtimestamp| type| source ---|---|--- 2026-01-20 08:05:00+00:00| seen| https://infosec.exchange/users/certvde/statuses/115926387351405846...

7.5CVSS5AI score0.00354EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/01/17 12:51 a.m.9 views

SUSE CVE-2017-18895

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to obtain sensitive information user statuses via a REST API version 4 endpoint...

5.3CVSS6.6AI score0.0092EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/16 12:0 a.m.8 views

PT-2026-3226

The Rede Itaú for WooCommerce plugin for WordPress is vulnerable to order status manipulation due to insufficient verification of data authenticity in all versions up to, and including, 5.1.2. This is due to the plugin failing to verify the authenticity of payment callbacks. This makes it possibl...

5.3CVSS5.9AI score0.00148EPSS
Exploits0References5
Circl
Circl
added 2026/01/15 2:43 p.m.5 views

CVE-2026-22643

creationtimestamp| type| source ---|---|--- 2026-01-15 14:43:10+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mchsz6yior2f 2026-01-15 14:43:37+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mchszz4er322 2026-01-15 15:12:34+00:00| seen|...

4.8AI score0.00079EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.9 views

PT-2026-2818

The WP-CRM System plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on the wpcrm get email recipients and wpcrm system ajax task change status AJAX functions in all versions up to, and including, 3.4.5. This makes it possible for authenticated attackers,...

5.4CVSS5.5AI score0.00222EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/07 9:12 a.m.11 views

CVE-2024-2110

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.4.7.1. This is due to missing or incorrect nonce validation on several actions. This makes it possible for unauthenticated attackers...

4.3CVSS6.4AI score0.00215EPSS
Exploits0References1
Rows per page
Query Builder