Adobe Commerce (Magento) - Remote Code Execution

Adobe Commerce versions 2.4.3-p1 and earlier and 2.3.7-p2 and earlier are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution. id: CVE-2022-24086 info: name:...

CVE-2026-25758 Spree allows unauthenticated users can access all guest addresses

Spree is an open source e-commerce solution built with Ruby on Rails. A critical IDOR vulnerability exists in Spree Commerce's guest checkout flow that allows any guest user to bind arbitrary guest addresses to their order by manipulating address ID parameters. This enables unauthorized access to...

PT-2025-42514

Name of the Vulnerable Software and Affected Versions PrestaShop Checkout versions 1.3.0 through 4.4.0 PrestaShop Checkout versions 5.0.0 through 5.0.4 Description The PrestaShop Checkout module, used in partnership with PayPal, contains a flaw in the Express Checkout feature. Missing validation...

UBUNTU-CVE-2024-35186

gitoxide is a pure Rust implementation of Git. During checkout, gix-worktree-state does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads to a major loss of...