Yuma AI – Unauthenticated personal data and order information disclosure

23/04/2026

A vulnerability was identified in Yuma AI Chat AI (a chatbot), a SaaS solution integrated into multiple e-commerce websites. Chat AI allows any unauthenticated user to retrieve sensitive order information including purchased items and shipping addresses belonging to arbitrary customers, simply by providing a customer email address or an order number.

Joshua Martinelle Thu, 04/23/2026 – 09:22
– Read more

Monday	08:00 - 17:00
Tuesday	08:00 - 17:00
Wednesday	08:00 - 17:00
Thursday	08:00 - 17:00
Friday	08:00 - 17:00

Yuma AI – Unauthenticated personal data and order information disclosure

Latest article

3 practical ways AI threat detection improves enterprise cyber resilience

North Korean Hackers Use Fake IT Worker Scheme to Infiltrate Companies and Evade Sanctions

[R1] Nessus Versions 10.11.4 and 10.12.0 Fixes Arbitrary File Deletion

It pays to be a forever student

EDITOR PICKS

3 practical ways AI threat detection improves enterprise cyber resilience

North Korean Hackers Use Fake IT Worker Scheme to Infiltrate Companies...

[R1] Nessus Versions 10.11.4 and 10.12.0 Fixes Arbitrary File Deletion

POPULAR POSTS

Threats to users of adult websites in 2018

The World’s Most Popular Coding Language Happens to be Most Hackers’...

IT threat evolution Q2 2019

POPULAR CATEGORY

3 practical ways AI threat detection improves enterprise cyber resilience

North Korean Hackers Use Fake IT Worker Scheme to Infiltrate Companies...

[R1] Nessus Versions 10.11.4 and 10.12.0 Fixes Arbitrary File Deletion