CVE-2026-40098

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the shared wishlist add-to-cart endpoint authorizes access with a public...

CVE-2023-47392

An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the carts of other users via sending a crafted add order request...

CVE-2025-0176

A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /user/addcart.php. The manipulation of the argument id/qty leads to sql injection. The attack may be initiated...

PT-2024-27078 · WordPress · Build App Online

Name of the Vulnerable Software and Affected Versions: Build App Online plugin for WordPress versions up to, and including, 1.0.21 Description: The issue is due to missing authentication checking in the set user cart function with the user id header value, allowing unauthenticated attackers to lo...