CVE-2024-46307
A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of products.
CVSS
7.5
High
EPSS
0.5%
p37
KEV
—
Exploit Today
11
0-100
Published: Oct 9, 2024 · Last modified: Jul 5, 2026 · CWE-841
0.4%EPSS · 30 days0.5%
2026-06-302026-07-17
A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of products.
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2026-422467.4 HIG24.6%
——7Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAP#starttls to return "successfully", without starting TLS. This issue has been patched in versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4.4dCVE-2025-363334.3 MED20.3%
——6IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to perform unauthorized actions due to the improper enforcement of behavioral workflow.12dCVE-2026-345829.1 CRI14.2%
——4Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which entirely omits Certificate, CertificateVerify, and the Finished message and instead sends application data records. This vulnerability is fixed in 3.11.1.4d