Lucene search
K

20 matches found

NVD
NVD
added 2026/06/27 8:16 a.m.16 views

CVE-2026-11987

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.4 via the 'id' parameter due to missing validation on a user controlled key. This...

4.3CVSS0.00271EPSS
Exploits0References14
CVE
CVE
added 2026/06/27 6:50 a.m.19 views

CVE-2026-11987

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution (WordPress) up to version 5.0.4 is vulnerable to Insecure Direct Object Reference via the id parameter due to missing validation on a user‑controlled key. Authenticated attackers with subscriber+ access can read other vendors’ pro...

4.3CVSS5.7AI score0.00271EPSS
Exploits0References14
ATTACKERKB
ATTACKERKB
added 2026/03/21 3:26 a.m.5 views

CVE-2026-3651

The Build App Online plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.23. This is due to the plugin registering the 'build-app-online-update-vendor-product' AJAX action via wpajaxnopriv without proper authentication checks, capability verificatio...

5.3CVSS5.9AI score0.00305EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/03/11 1:19 p.m.5 views

CVE-2025-41709

An unauthenticated remote attacker can perform a command injection via Modbus-TCP or Modbus-RTU to gain read and write access on the affected device...

9.8CVSS5.9AI score0.02153EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/10 6:31 p.m.6 views

EUVD-2025-208466

PROBLEMTYPE in COMPONENT in VENDOR PRODUCT VERSION on PLATFORMS allows ATTACKER to IMPACT via VECTOR...

9.8CVSS5.8AI score0.02153EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/10 6:31 p.m.5 views

EUVD-2025-208465

PROBLEMTYPE in COMPONENT in VENDOR PRODUCT VERSION on PLATFORMS allows ATTACKER to IMPACT via VECTOR...

9.8CVSS5.8AI score0.02153EPSS
Exploits0References5
NVD
NVD
added 2025/12/05 8:15 a.m.5 views

CVE-2025-12130

The WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.4. This is due to missing or incorrect nonce validation on the /vendordashboard/product/delete/ endpoint...

4.3CVSS0.00106EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/05 7:26 a.m.30 views

CVE-2025-12130 WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors <= 2.6.4 - Cross-Site Request Forgery to Vendor Product Deletion

The WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.4. This is due to missing or incorrect nonce validation on the /vendordashboard/product/delete/ endpoint...

4.3CVSS0.00106EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.7 views

PT-2025-49231

The WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.4. This is due to missing or incorrect nonce validation on the /vendor dashboard/product/delete/ endpoint...

4.3CVSS5.3AI score0.00106EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/12/04 11:17 p.m.6 views

WordPress WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors plugin <= 2.6.4 - Cross-Site Request Forgery to Vendor Product Deletion vulnerability

Cross-Site Request Forgery to Vendor Product Deletion vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin WC Vendors Marketplace versions = 2.6.4...

4.3CVSS6.7AI score0.00106EPSS
Exploits0References1Affected Software1
0day.today
0day.today
added 2024/04/22 12:0 a.m.267 views

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass Vulnerability

Elber Signum DVB-S/S2 IRD for Radio Networks version 1.999 suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the setpwd endpoint that enables th...

7.8AI score
Exploits0
NVD
NVD
added 2023/12/14 3:15 p.m.25 views

CVE-2023-49739

Vulnerability in IdeaBox Creations PowerPack Pro for Elementor.This issue affects PowerPack Pro for Elementor: from n/a through 2.9.23...

7.1CVSS0.00416EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/12/14 12:0 a.m.6 views

PT-2023-31316 · [Vendor] · [Product]

Name of the Vulnerable Software and Affected Versions: PRODUCT version VERSION Description: A problem in COMPONENT of VENDOR PRODUCT on PLATFORMS allows ATTACKER to IMPACT via VECTOR. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...

7.1CVSS6.6AI score0.00416EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:46 a.m.5 views

SUSE CVE-2012-2693

libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices...

3.7CVSS8.8AI score0.00331EPSS
Exploits0References3
Exploit DB
Exploit DB
added 2019/01/28 12:0 a.m.74 views

BEWARD Intercom 2.3.1 - Credentials Disclosure

!/usr/bin/env python -- coding: utf8 -- BEWARD Intercom 2.3.1 Credentials Disclosure Vendor: Beward R&D Co., Ltd Product web page: https://www.beward.net Affected version: 2.3.1.34471 2.3.0 2.2.11 2.2.10.5 2.2.9 2.2.8.9 2.2.7.4 Note: For versions above 2.2.11: The application data directory, whic...

7AI score
Exploits0
exploitpack
exploitpack
added 2018/07/17 12:0 a.m.44 views

Microhard Systems 3G4G Cellular Ethernet and Serial Gateway - Configuration Download

Microhard Systems 3G4G Cellular Ethernet and Serial Gateway - Configuration Download Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Configuration Download Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb...

Exploits0
CNVD
CNVD
added 2017/11/01 12:0 a.m.6 views

EMC AppSync Server Hardcoded Password Vulnerability

EMC AppSync is a suite of data protection software from EMC Corporation. The software provides simple, self-service, service-level agreement SLA-driven data protection and storage management for EMC VNX and EMC VMAX storage.EMC AppSync Server is its server version. A hard-coded password...

7.8CVSS6.9AI score0.00319EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2013/01/08 4:20 a.m.6 views

libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored

libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices...

3.7CVSS7.3AI score0.00331EPSS
Exploits0References4
Vulnerability Lab
Vulnerability Lab
added 2011/06/20 12:0 a.m.18 views

Phone Applications - Remote SQL Injection Vulnerabilities

Document Title: =============== Phone Applications - Remote SQL Injection Vulnerabilities References: =========== Download: http://www.vulnerability-lab.com/upub/resources/videos/25.wmv View: http://www.youtube.com/watch?v=2uCHYjOmdk Release Date: ============= 2011-06-20 Vulnerability Laboratory...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2009/09/28 12:0 a.m.35 views

HEAT Call Logging 8.01 - SQL Injection

= ;otokoyama; = -=HEAT Call Logging Version 8.01=- "The HEAT family is a comprehensive service solution, combining core technologies with a variety of expansion options, so any enterprise can build a tailored solution." -=web=- http://www.frontrange.com/heat.aspx -=attack=- U:' OR HEATPass IS NOT...

7.4AI score
Exploits0
Rows per page
Query Builder