CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4 matches found

Github Security Blog•added 2026/03/11 12:12 a.m.•4 views

Sylius affected by IDOR in Cart and Checkout LiveComponents

Impact An authenticated Insecure Direct Object Reference IDOR vulnerability exists in multiple shop LiveComponents due to unvalidated resource IDs accepted via LiveArg parameters. Unlike props, which are protected by LiveComponent's @checksum, args are fully user-controlled - any action that...

7.1CVSS5.9AI score0.00021EPSS

Exploits0References3Affected Software1

EUVD•added 2026/03/11 12:12 a.m.•3 views

EUVD-2026-10913

Sylius affected by IDOR in Cart and Checkout LiveComponents...

7.1CVSS5.8AI score0.00021EPSS

Exploits0References1

CVE•added 2026/03/10 9:22 p.m.•6 views

CVE-2026-31820

Sylius (Open Source eCommerce on Symfony) contains an authenticated insecure direct object reference (IDOR) in multiple LiveComponents. The vulnerability stems from unvalidated resource IDs accepted via #[LiveArg] parameters, where loading with ->find() occurs without ownership checks. Affecte...

7.1CVSS5.8AI score0.00021EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/03/10 12:0 a.m.•3 views

PT-2026-24474

Name of the Vulnerable Software and Affected Versions Sylius versions prior to 2.0.16 Sylius versions prior to 2.1.12 Sylius versions prior to 2.2.3 Description Sylius, an Open Source eCommerce Framework on Symfony, contains an authenticated Insecure Direct Object Reference IDOR issue in several...

7.1CVSS5.8AI score0.00021EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by