221 matches found
GHSA-9HFR-GW99-8RHX bsv-sdk ARC broadcaster treats INVALID/MALFORMED/ORPHAN responses as successful broadcasts
ARC broadcaster treats failure statuses as successful broadcasts Summary BSV::Network::ARC's failure detection only recognises REJECTED and DOUBLESPENDATTEMPTED. ARC responses with txStatus values of INVALID, MALFORMED, MINEDINSTALEBLOCK, or any ORPHAN-containing extraInfo / txStatus are silently...
EUVD-2026-20105
The Riaxe Product Customizer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4 via the '/wp-json/InkXEProductDesignerLite/orders' REST API endpoint. The endpoint is registered with 'permissioncallback' set to 'returntrue', meaning no...
CVE-2026-5041
creationtimestamp| type| source ---|---|--- 2026-03-29 10:30:26+00:00| seen| https://infosec.exchange/users/offseq/statuses/116311996902257625 2026-03-29 10:30:28+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mi6wwkabje2s...
CVE-2026-5004
creationtimestamp| type| source ---|---|--- 2026-03-27 14:09:36+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116301534081725054 2026-03-28 18:50:02+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mi5cevw2wq23 2026-03-28 19:15:23+00:00| published-proof-of-concept|...
CVE-2026-3587
creationtimestamp| type| source ---|---|--- 2026-03-23 08:02:01+00:00| seen| https://infosec.exchange/users/certvde/statuses/116277439434054031 2026-03-23 08:02:11+00:00| seen| https://bsky.app/profile/certvde.infosec.exchange.ap.brid.gy/post/3mhplts73kmm2 2026-03-23 08:17:02+00:00| seen|...
Cross-site Scripting (XSS)
Overview craftcms/commerce is a Craft Commerce Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Name field when updating order statuses in the orders table. An attacker can execute arbitrary JavaScript code in the context of an administrator's browser by...
CVE-2026-2448
creationtimestamp| type| source ---|---|--- 2026-03-03 04:30:30+00:00| seen| https://infosec.exchange/users/offseq/statuses/116163361394594510 2026-03-03 04:30:31+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mg4wowxu2425 2026-03-03 07:26:23+00:00| seen|...
CVE-2026-26975
creationtimestamp| type| source ---|---|--- 2026-02-20 01:17:59+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfawskqi6z2f 2026-02-20 01:18:30+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfawti2fy32k 2026-02-20 01:30:31+00:00| seen|...
CVE-2026-25049
creationtimestamp| type| source ---|---|--- 2026-02-04 21:01:03+00:00| seen| https://threatintel.cc/2026/02/04/critical-nn-flaws-disclosed-along.html 2026-02-04 21:23:59+00:00| seen| https://infosec.exchange/users/DarkWebInformer/statuses/116014464225155765 2026-02-04 21:27:57+00:00| seen|...
WordPress plugin Fortis for WooCommerce 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
Craft Commerce has Stored DOM XSS in Order Status Name (Reflects in "Recent Orders" Dashboard Widget)
Summary A stored DOM XSS vulnerability exists in the "Recent Orders" dashboard widget. The Order Status Name is rendered via JavaScript string concatenation without proper escaping, allowing script execution when any admin visits the dashboard. Users are recommended to update to the patched 5.5.2...
EUVD-2025-206485
The Rupantorpay plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handlewebhook function in all versions up to, and including, 2.0.0. This makes it possible for unauthenticated attackers to modify WooCommerce order statuses by sending...
BIT-MOODLE-2025-3645 Moodle: idor in messaging web service allows access to some user details
A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users' names and online statuses...
EVMAPA
RISK EVALUATION Successful exploitation of these vulnerabilities could lead to degraded service, a denial-of-service, or unauthorized remote command execution, which could lead to spoofing or a manipulation of charging station statuses. 2. RECOMMENDED PRACTICES CISA recommends users take...
CVE-2022-25731
creationtimestamp| type| source ---|---|--- 2026-01-20 08:05:00+00:00| seen| https://infosec.exchange/users/certvde/statuses/115926387351405846...
SUSE CVE-2017-18895
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to obtain sensitive information user statuses via a REST API version 4 endpoint...
PT-2026-3226
The Rede Itaú for WooCommerce plugin for WordPress is vulnerable to order status manipulation due to insufficient verification of data authenticity in all versions up to, and including, 5.1.2. This is due to the plugin failing to verify the authenticity of payment callbacks. This makes it possibl...
CVE-2026-22643
creationtimestamp| type| source ---|---|--- 2026-01-15 14:43:10+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mchsz6yior2f 2026-01-15 14:43:37+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mchszz4er322 2026-01-15 15:12:34+00:00| seen|...
PT-2026-2818
The WP-CRM System plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on the wpcrm get email recipients and wpcrm system ajax task change status AJAX functions in all versions up to, and including, 3.4.5. This makes it possible for authenticated attackers,...
CVE-2024-2110
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.4.7.1. This is due to missing or incorrect nonce validation on several actions. This makes it possible for unauthenticated attackers...