GHSA-9V5M-39WH-5CHQ Shopware: Unauthorized Payment Trigger for Foreign Orders via /store-api/handle-payment

Summary The Shopware Store API endpoint /store-api/handle-payment contains an object-level authorization flaw that allows a low-privileged external user with a normal customer or guest context to trigger the payment flow for another user’s order by supplying a foreign orderId. The affected...

Shopware: Unauthorized Payment Trigger for Foreign Orders via /store-api/handle-payment

Summary The Shopware Store API endpoint /store-api/handle-payment contains an object-level authorization flaw that allows a low-privileged external user with a normal customer or guest context to trigger the payment flow for another user’s order by supplying a foreign orderId. The affected...

PT-2026-46892

Summary The Shopware Store API endpoint /store-api/handle-payment contains an object-level authorization flaw that allows a low-privileged external user with a normal customer or guest context to trigger the payment flow for another user’s order by supplying a foreign orderId. The affected...

CVE-2026-3590

Mattermost CVE-2026-3590 describes a race condition in the guest magic link authentication flow that fails to enforce atomic single-use for tokens. A valid magic link can be used to establish multiple independent authenticated sessions via concurrent requests on affected versions: Mattermost 10.1...

CVE-2026-3590 Race Condition in Guest Magic Link Authentication Allows Token Reuse

Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, which allows an attacker with access to a valid magic link to establish multiple independent authenticated sessions via concurrent...

CVE-2026-30225

CVE-2026-30225 (OliveTin) : An authentication context confusion in RestartAction prior to 3000.11.1 allows a low-privileged authenticated user to bypass ACLs and execute privileged shell actions via a synthetic request that loses the original caller’s authentication headers, causing the resolver ...

CVE-2020-36870

Various Ruijie Gateway EG and NBR models firmware versions 11.16B9P1 11.94B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server...

EUVD-2020-30818

Various Ruijie Gateway EG and NBR models firmware versions 11.16B9P1 11.94B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server...

CVE-2020-36870

Various Ruijie Gateway EG and NBR models firmware versions 11.16B9P1 11.94B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server...

CVE-2020-36870 Ruijie Gateway EG & NBR Models v11.1(6)B9P1 - 11.9(4)B12P1 RCE

Various Ruijie Gateway EG and NBR models firmware versions 11.16B9P1 11.94B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server...

CVE-2020-36870

CVE-2020-36870 affects Ruijie Gateway EG and Ruijie NBR series (firmware versions 11.1(6)B9P1 through 11.9(4)B12P1 are vulnerable). Root cause is a code execution vulnerability in the EWEB management system that can be abused via front-end functionality; when features such as guest authentication...

PT-2025-45510

Name of the Vulnerable Software and Affected Versions Ruijie Gateway EG and NBR models versions 11.16B9P1 through 11.94B12P1 Description The EWEB management system in various Ruijie Gateway EG and NBR models contains a code execution issue. Attackers can exploit front-end code when features like...

VulnCheck KEV: CVE-2020-36870

Various Ruijie Gateway EG and NBR models firmware versions 11.16B9P1 11.94B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server...

SUSE-SU-2023:3795-1 Security update for open-vm-tools

This update for open-vm-tools fixes the following issues: Update to 12.3.0 build 22234872 bsc1214850 - There are no new features in the open-vm-tools 12.3.0 release. This is primarily a maintenance release that addresses a few critical problems, including: - This release integrates CVE-2023-20900...

OESA-2023-1630 open-vm-tools security update

The project is an open source implementation of VMware Tools. It is a suite of open source virtualization utilities and drivers to improve the functionality, user experience and administration of VMware virtual machines. This package contains only the core user-space programs and libraries of...

USN-6257-1 open-vm-tools vulnerability

It was discovered that Open VM Tools incorrectly handled certain authentication requests. A fully compromised ESXi host can force Open VM Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. CVE-2023-20867...

CVE-2022-22977: VMware Guest Authentication Service LPE (FIXED)

A low-privileged local attacker can prevent the VMware Guest Authentication service VGAuthService.exe from running in a guest Windows environment and can crash this service, thus rendering the guest unstable. In some very contrived circumstances, the attacker can leak file content to which they d...

Swift File Transfer Mobile Cross Site Scripting / Information Disclosure

Document Title: =============== Swift File Transfer Mobile - Multiple Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2205 Release Date: ============= 2020-04-17 Vulnerability Laboratory ID VL-ID: ====================================...

The vulnerability of the Hyper-V hardware virtualization system for Windows operating systems allows attackers to disclose sensitive information that should be protected.

The vulnerability of the Hyper-V hardware virtualization technology for Windows operating systems is related to errors in the authentication process in the guest operating system. Exploiting this vulnerability can allow an attacker to disclose sensitive information...

The vulnerability of the Hyper-V hardware virtualization system in the Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of the Hyper-V hardware virtualization technology in the Windows operating system is related to deficiencies in the authentication process of the guest operating system. Exploiting this vulnerability allows an attacker to execute arbitrary code through a specially created...