175 matches found
CVE-2026-47740
Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple Filament actions on the admin Order detail and Order shipments table were callable by an authenticated low-privilege user without the permission required to mutate orders. The order detail actions cancel, mark paid, mark...
CVE-2026-31909 Apache OFBiz: Unauthenticated Shipment Label Image Disclosure
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...
CVE-2026-31909
Technical details (affected component/version, root cause, exploitability, impact specifics, or fixes) are not publicly provided in the supplied documents. Monitor for updates from the referenced sources and vendors for concrete details and remediation guidance.
CVE-2026-31909 Apache OFBiz: Unauthenticated Shipment Label Image Disclosure
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...
PT-2026-35640
https://t.co/N02Fwt6QgR CVE-2026-39540 shipment-tracker-for-woocommerce CVSS Score 6.4 WordPress plugin vulnerability cybersecurity wordpressfirewall wordpresss…...
WordPress Shipment Tracker for Woocommerce plugin <= 1.5.3.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Shipment Tracker for Woocommerce versions = 1.5.3.2...
CVE-2019-7892
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to access shipment settings can execute arbitrary code via server-side request forgery...
Insecure Direct Object Reference (IDOR)
com.liferay.commerce, com.liferay.commerce.order.content.web is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to improper access control on the CommerceOrderPortletcommerceOrderId parameter, which allows an attacker to access shipment addresses from other virtual...
CVE-2025-62241
Insecure Direct Object Reference IDOR vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote authenticated users to from one virtual instance to view the shipment addresses of different virtual instance via the...
GHSA-FHCW-PX4Q-PMVV Liferay Commerce Order Content Web is Vulnerable to Authorization Bypass Through User-Controlled Key
Insecure Direct Object Reference IDOR vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote authenticated users to from one virtual instance to view the shipment addresses of different virtual instance via the...
Liferay Commerce Order Content Web is Vulnerable to Authorization Bypass Through User-Controlled Key
Insecure Direct Object Reference IDOR vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote authenticated users to from one virtual instance to view the shipment addresses of different virtual instance via the...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the comliferaycommerceorderwebinternalportletCommerceOrderPortletcommerceOrderId parameter. An attacker can access shipment addresses belonging to other virtual instances by...
EUVD-2025-34077
Liferay Commerce Order Content Web is Vulnerable to Authorization Bypass Through User-Controlled Key...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the comliferaycommerceorderwebinternalportletCommerceOrderPortletcommerceOrderId parameter. An attacker can access shipment addresses belonging to other virtual instances by...
CVE-2025-62241
Insecure Direct Object Reference IDOR vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote authenticated users to from one virtual instance to view the shipment addresses of different virtual instance via the...
CVE-2025-62241
Insecure Direct Object Reference IDOR vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote authenticated users to from one virtual instance to view the shipment addresses of different virtual instance via the...
CVE-2025-62241
CVE-2025-62241 affects Liferay DXP 2023.Q4.1–2023.Q4.5 and involves an IDOR in the CommerceOrderPortlet_commerceOrderId parameter, allowing an authenticated user to view shipment addresses from other virtual instances. Affected component is com.liferay.commerce, with the underlying issue being im...
CVE-2025-62241
Insecure Direct Object Reference IDOR vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote authenticated users to from one virtual instance to view the shipment addresses of different virtual instance via the...
CVE-2025-62241
Insecure Direct Object Reference IDOR vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote authenticated users to from one virtual instance to view the shipment addresses of different virtual instance via the...
PT-2025-41802
Name of the Vulnerable Software and Affected Versions Liferay DXP versions 2023.Q4.1 through 2023.Q4.5 Description An Insecure Direct Object Reference IDOR issue exists in Liferay DXP that allows authenticated remote users to access shipment addresses from different virtual instances. This occurs...