EUVD-2020-3938

Malware in sbrugna...

EUVD-2022-31756

Malicious code in bioql PyPI...

Code Bug at Compliance Firm Vanta Leaks Customer Data to Other Clients

Compliance automation provider Vanta confirms a software bug exposed private customer data to other users, impacting hundreds of…...

CVE-2024-1294

The Sunshine Photo Cart: Free Client Galleries for Photographers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.24 via the 'invoice'. This makes it possible for unauthenticated attackers to extract sensitive data including customer...

Data breaches in 2024: Could it get any worse?

It may sound weird when I say that I would like to remember 2024 as the year of the biggest breaches. That’s mainly because that would mean we’ll never see another year like it. To support this nomination, I will remind you of several high-profile breaches, some of a size almost beyond imaginatio...

CVE-2024-40633 Customer data leak via adjustments API endpoint in Sylius

Sylius is an Open Source eCommerce Framework on Symfony. A security vulnerability was discovered in the /api/v2/shop/adjustments/id endpoint, which retrieves order adjustments based on incremental integer IDs. The vulnerability allows an attacker to enumerate valid adjustment IDs and retrieve ord...

CVE-2024-40633 Customer data leak via adjustments API endpoint in Sylius

Sylius is an Open Source eCommerce Framework on Symfony. A security vulnerability was discovered in the /api/v2/shop/adjustments/id endpoint, which retrieves order adjustments based on incremental integer IDs. The vulnerability allows an attacker to enumerate valid adjustment IDs and retrieve ord...

CVE-2023-30282

PrestaShop scexportcustomers = 3.6.1 is vulnerable to Incorrect Access Control. Due to a lack of permissions' control, a guest can access exports from the module which can lead to leak of personal information from customer table...