CVE-2026-31888

Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, the Store API login endpoint POST /store-api/account/login returns different error codes depending on whether the submitted email address belongs to a registered customer CHECKOUTCUSTOMERAUTHBADCREDENTIALS or is unknown...

CVE-2026-31888 Shopware has user enumeration via distinct error codes on Store API login endpoint

Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, the Store API login endpoint POST /store-api/account/login returns different error codes depending on whether the submitted email address belongs to a registered customer CHECKOUTCUSTOMERAUTHBADCREDENTIALS or is unknown...

EUVD-2020-7212

Malware in sbrugna...

Proposal for Improving Google A2A Protocol: Safeguarding Sensitive Data in Multi-Agent Systems

A2A, a protocol for AI agent communication, offers a robust foundation for secure AI agent communication. However, it has several critical issues in handling sensitive data, such as payment details, identification documents, and personal information. This paper reviews the existing protocol,...

New Support Website - July 15th 2024

New Support Website - July 15th 2024 Support.Citrix.com is migrating to a new platform. This is the main website for hosting public CTX knowledge articles and for customers to create and view their support cases. This new platform will launch on July 15th 2024 Callback and LiveChat are dependent ...

Top Security and Data Privacy Regulations for Financial Services

Regulatory compliance has become an increasingly more important part of the financial services industry in recent years. And it’s a trend that’s likely to continue due to the upsurge in cloud computing, the use of mobile applications, and a shift to IoT devices, all of which are driving exponenti...

CVE-2020-15085

In Saleor Storefront before version 2.10.3, request data used to authenticate customers was inadvertently cached in the browser's local storage mechanism, including credentials. A malicious user with direct access to the browser could extract the email and password. In versions prior to 2.10.0...

Mobile Carrier Customer Service Ushers in SIM-Swap Fraud

Mobile carriers have left the door wide open to SIM-swap attacks, particularly when it comes to prepaid accounts, researchers have found. SIM swapping is a form of fraud that allows crooks to bypass SMS-based two-factor authentication 2FA and crack online banking or other high-value accounts...

a2zmobility.ca XSS vulnerability

Vulnerable URL: https://www.a2zmobility.ca/comersus/store/comersuscustomerAuthenticateForm.asp?redirectUrl=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly...

uniformpros.ca XSS vulnerability

Vulnerable URL: https://www.uniformpros.ca/comersus/store/comersuscustomerAuthenticateForm.asp?redirectUrl=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly...

Unfixed XSS vulnerability at www.hobbytoys.it

Security researcher RedTuning, has submitted on 23/01/2008 a cross-site-scripting XSS vulnerability affecting www.hobbytoys.it, which at the time of submission ranked 576780 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 23/01/2008. It is...