CVE-2026-31887

Shopware (open commerce platform) contains a vulnerability in prior releases: before 6.7.8.1 and 6.6.10.15, an insufficient check on filter types for unauthenticated customers on the store-api.order endpoint (deepLinkCode) can allow access to other customers’ orders. This is fixed in 6.7.8.1 and ...

Spree 安全漏洞

Spree is an open-source e-commerce platform developed using Ruby on Rails by a personal developer. Vulnerabilities exist in versions prior to Spree 5.0.8, 5.1.10, 5.2.7, and 5.3.2. These vulnerabilities allow unverified users to view completed guest orders, potentially leading to the disclosure o...

PT-2026-6726

Name of the Vulnerable Software and Affected Versions Spree versions prior to 5.0.8 Spree versions prior to 5.1.10 Spree versions prior to 5.2.7 Spree versions prior to 5.3.2 Description Spree, an open source e-commerce solution, contains a flaw where unauthenticated users can view completed gues...

CVE-2026-24136 Saleor has an Insecure Direct Object Reference (IDOR) in GraphQL API

Saleor is an e-commerce platform. Versions 3.2.0 through 3.20.109, 3.21.0-a.0 through 3.21.44 and 3.22.0-a.0 through 3.22.28 have a n Insecure Direct Object Reference IDOR vulnerability that allows unauthenticated actors to extract sensitive information in plain text. Orders created before Saleor...

PT-2023-30441 · Mercedes · Mercedes Me Ios App

Name of the Vulnerable Software and Affected Versions: Mercedes me IOS APP versions 1.34.0 and below Description: The issue allows attackers to view the maintenance orders of other users and access sensitive user information. Recommendations: For Mercedes me IOS APP versions 1.34.0 and below,...