Malicious code in shopify_flow_app (npm)

The package shopifyflowapp was found to contain malicious code...

MAL-2025-33145 Malicious code in shopify_flow_app (npm)

The package shopifyflowapp was found to contain malicious code...

CVE-2021-25507

Improper authorization vulnerability in Samsung Flow mobile application prior to 4.8.03.5 allows Samsung Flow PC application connected with user device to access part of notification data in Secure Folder without authorization...

Shopify: Unauthenticated read and write access to ALL endpoints of a store is possible for removed staff members who had "Apps" permission

Technical Background ===================== Shopify Apps need an access token to work with the data of a store. Is very important to keep this token in a secure place. Quoting the Shopify Blog: ... this is like a password into this shop, so you’ll want to store this token in a very safe place...

Shopify: Bypass report #416983 - Removed Staff members who had "Apps" permission can still modify flow app connections

The following report intends to disclose a bypass for 416983. It's been found that removed staff members who had "Apps" permission can still modify flow app connection settings due to improper authorization. Description Signed URLs generated by Shopify Flow https://apps.shopify.com/flow use a...

Shopify: H1514 Removed Staff members who had "Apps" permission can still modify flow app connections

Summary: It's been found that removed staff members who had "Apps" permission can still modify flow app connection settings due to improper authorization. Description: Flow app https://apps.shopify.com/flow allows users to connect their Google Sheets, Trello and Asana accounts to their flow...