Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Snyk
Snykadded 2026/03/11 12:12 a.m.2 views

Authorization Bypass Through User-Controlled Key

Overview sylius/sylius is a platform for PHP, based on Symfony framework. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via unvalidated resource IDs accepted through LiveArg parameters in multiple LiveComponents. An attacker can access...

7.1CVSS5.9AI score0.00021EPSS
Exploits0References2
CNNVD
CNNVDadded 2025/03/19 12:0 a.m.4 views

PayPal Plugin 安全漏洞

PayPal Plugin is an open source plugin for the PayPal commerce platform from Sylius eCommerce. A security vulnerability exists in PayPal Plugin versions prior to 1.6.2, prior to 1.7.2, and prior to 2.0.2, which originates from a user being able to modify the shopping cart after completing the...

6.5CVSS6.4AI score0.00324EPSS
Exploits0References2
Snyk
Snykadded 2025/02/06 6:42 p.m.2 views

Improper Restriction of Excessive Authentication Attempts

Overview sylius/sylius is a platform for PHP, based on Symfony framework. Affected versions of this package are vulnerable to Improper Restriction of Excessive Authentication Attempts due to improper rate limiting mechanism. An attacker can perform repeated login attempts without being restricted...

8.2CVSS6.7AI score0.09773EPSS
Exploits1References2
OSV
OSVadded 2024/07/17 5:51 p.m.4 views

CVE-2024-40633 Customer data leak via adjustments API endpoint in Sylius

Sylius is an Open Source eCommerce Framework on Symfony. A security vulnerability was discovered in the /api/v2/shop/adjustments/id endpoint, which retrieves order adjustments based on incremental integer IDs. The vulnerability allows an attacker to enumerate valid adjustment IDs and retrieve ord...

5.3CVSS6.9AI score0.00239EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2022/03/14 9:45 p.m.6 views

CVE-2022-24749 Basic Cross-site Scripting and Unrestricted Upload of File with Dangerous Type in Sylius

Sylius is an open source eCommerce platform. In versions prior to 1.9.10, 1.10.11, and 1.11.2, it is possible to upload an SVG file containing cross-site scripting XSS code in the admin panel. In order to perform a XSS attack, the file itself has to be open in a new card or loaded outside of the...

6.1CVSS6AI score0.00308EPSS
Exploits1References4
CNNVD
CNNVDadded 2022/03/14 12:0 a.m.4 views

Sylius 安全漏洞

Sylius is an open source e-commerce platform based on the Symfony framework from the Polish company Sylius. sylius has a security vulnerability that stems from the possibility that an attacker-controlled page could load the website in an iframe. This would enable a clickjacking attack where an...

6.1CVSS5.6AI score0.00285EPSS
Exploits0References6
CNNVD
CNNVDadded 2021/06/28 12:0 a.m.1 views

Sylius 信息泄露漏洞

Sylius is a Polish company Sylius set of open source e-commerce platform based on the Symfony framework . A security vulnerability exists in Sylius versions prior to 1.9.5 and 1.10.0-RC, which stems from the fact that some of the details of an order placed in Sylius order ID, order number, total...

5.3CVSS5.8AI score0.00221EPSS
Exploits0References2
Rows per page
Query Builder