Shopware < 6.5.8.13 - SQL Injection

The Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the "aggregations" object. The name field in this "aggregations" ...

CVE-2024-27892

creationtimestamp| type| source ---|---|--- 2026-06-04 23:47:54+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnisq5n6hz25 2026-06-05 05:12:35+00:00| seen| https://bsky.app/profile/hugovalters.bsky.social/post/3mnjeupitk72c...

CVE-2021-27892

SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation. ConnectSecure on Windows is affected...

CVE-2025-27892

Shopware prior to version 6.5.8.13 is affected by a SQL injection vulnerability in the /api/search/order endpoint. NOTE: this issue exists because of a CVE-2024-22406 and CVE-2024-42357 regression...

CVE-2025-27892

Shopware prior to version 6.5.8.13 is affected by a SQL injection vulnerability in the /api/search/order endpoint. NOTE: this issue exists because of a CVE-2024-22406 and CVE-2024-42357 regression...

CVE-2025-27892

Shopware

CVE-2025-27892

Shopware prior to version 6.5.8.13 is affected by a SQL injection vulnerability in the /api/search/order endpoint. NOTE: this issue exists because of a CVE-2024-22406 and CVE-2024-42357 regression...

CVE-2023-27892

creationtimestamp| type| source ---|---|--- 2023-05-03 00:30:30+00:00| seen| Telegram/nb9grZdfWya8cDzZks4pGNvKlFnauelNDQlfU-3mXTXtA...

CVE-2023-27892

Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.7.0 allow a global buffer overflow via crafted messages. Flaws in cfconfirmExecTx in ethereumcontracts.c can be used to reveal arbitrary microcontroller memory on the device screen or crash the device. With...

CVE-2023-27892

CVE-2023-27892 affects ShapeShift KeepKey hardware wallet firmware prior to 7.7.0. It stems from insufficient length checks that allow a global buffer overflow via crafted messages. The issue involves flaws in cf_confirmExecTx() within ethereum_contracts.c, which can reveal arbitrary microcontrol...

CVE-2022-27892

creationtimestamp| type| source ---|---|--- 2023-02-16 18:12:25+00:00| seen| https://t.me/cibsecurity/58320...

CVE-2022-27892

Palantir Gotham versions prior to 3.22.11.2 are affected by an unauthenticated endpoint that can exhaust the Gotham dispatch service memory. The issue is triggered by an endpoint that accepts unvalidated input to log or process arbitrary payloads, enabling memory exhaustion on the Gotham dispatch...

CVE-2022-27892 Palantir Gotham included an endpoint that would log arbitrary sized payloads.

Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would have allowed an attacker to exhaust the memory of the Gotham dispatch service...

CVE-2021-27892

CVE-2021-27892 affects SSH Tectia Client and Server on Windows (before 6.4.19) and ConnectSecure on Windows. The issue is a local privilege escalation. CVSS details in the initial data show CVSS‑v3.1 base score 7.8 (LOCAL, Privileges Required: LOW, User Interaction: NONE; Confidentiality/Integrit...

CVE-2020-27892

CVE-2020-27892 affects TI CC2538 devices running Z-Stack 3.0.1. The Zigbee protocol stack fails to correctly process ZCL Discover Commands Received/Generated Response messages, causing a crash in zclParseInDiscCmdsRspCmd(). The NVD entry lists CVSS v2/3 base scores of 5.0 (MEDIUM) and 7.5 (HIGH) ...