3 matches found
CVE-2026-31821
Sylius is an Open Source eCommerce Framework on Symfony. The POST /api/v2/shop/orders/tokenValue/items endpoint does not verify cart ownership. An unauthenticated attacker can add items to other registered customers' carts by knowing the cart tokenValue. An attacker who obtains a cart tokenValue...
CVE-2026-31822
Sylius is an Open Source eCommerce Framework on Symfony. A cross-site scripting XSS vulnerability exists in the shop checkout login form handled by the ApiLoginController Stimulus controller. When a login attempt fails, AuthenticationFailureHandler returns a JSON response whose message field is...
PT-2025-3588
Name of the Vulnerable Software and Affected Versions Raptor RDF Syntax Library versions 2.0.16 and earlier Description A heap-based buffer over-read issue occurs when parsing triples with the nquads parser in the raptor ntriples parse term internal function. This issue affects the Raptor RDF...