CVE-2026-2850 yeqifu warehouse Customer Endpoint CustomerController.java deleteCustomer access control

A vulnerability was found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function addCustomer/updateCustomer/deleteCustomer of the file dataset\repos\warehouse\src\main\java\com\yeqifu\bus\controller\CustomerController.java of the component Customer Endpoint...

Authorization Bypass

NopCommerce.Core is vulnerable to authorization bypass. The vulnerability is due to the AddressEdit function in CustomerController.cs not properly removing redundant address endpoint parameters, allowing a malicious user to modify the addresses of other users on the site...