Lucene search
K

6 matches found

Cvelist
Cvelist
added 2026/03/23 11:25 p.m.28 views

CVE-2026-4001 Woocommerce Custom Product Addons Pro <= 5.4.1 - Unauthenticated Remote Code Execution via Custom Pricing Formula

The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.4.1 via the custom pricing formula eval in the processcustomformula function within includes/process/price.php. This is due to insufficient sanitization an...

9.8CVSS0.00707EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/05 8:51 p.m.3 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection when querying JSON or richText fields. An attacker can extract sensitive information and gain unauthorized access to user accounts by injecting crafted SQL statements. Note: This is only exploitable if a Drizzle-based...

9.8CVSS5.8AI score0.00453EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/05 8:51 p.m.18 views

@payloadcms/drizzle has SQL Injection in JSON/RichText Queries on PostgreSQL/SQLite Adapters

Impact When querying JSON or richText fields, user input was directly embedded into SQL without escaping, enabling blind SQL Injection attacks. An unauthenticated attacker could extract sensitive data emails, password reset tokens and achieve full account takeover without password cracking. Users...

9.8CVSS5.8AI score0.00453EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/22 12:0 a.m.4 views

PT-2024-28040 · Unknown +1 · Syncope Console +2

Name of the Vulnerable Software and Affected Versions: Syncope versions prior to 3.0.8 Description: The issue allows HTML tags to be added to any text field when editing a user, group, or object in the Syncope Console, potentially leading to exploits. The same vulnerability is found in the Syncop...

7.1CVSS7AI score0.00702EPSS
Exploits0References13
OSV
OSV
added 2024/02/23 3:15 p.m.3 views

CVE-2024-22776

Wallos 0.9 is vulnerable to Cross Site Scripting XSS in all text-based input fields without proper validation, excluding those requiring specific formats like date fields...

4.7CVSS5.8AI score0.00474EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/08/02 12:0 a.m.3 views

Data Illusion Survey Software Solutions NGSurvey Security Breach

ngSurvey is a Data Illusion Survey Software Solutions by ngSurvey, Inc. A security vulnerability exists in Data Illusion Survey Software Solutions NGSurvey v2.4.28 and earlier versions, which stems from vulnerability to denial-of-service attacks if a survey is submitted that contains Text Field,...

7.5CVSS6.7AI score0.01038EPSS
Exploits1References2
Rows per page
Query Builder