Lucene search
+L

5 matches found

Snyk
Snyk
added 2025/04/09 1:53 p.m.2 views

Insecure Default Initialization of Resource

Overview shopware/core is a Shopware platform is the core for all Shopware ecommerce products. Affected versions of this package are vulnerable to Insecure Default Initialization of Resource via the default newsletter opt-in settings. An attacker can abuse the system for mass unsolicited newslett...

6.9CVSS7AI score0.0029EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/04/09 12:0 a.m.7 views

Shopware 安全漏洞

Shopware is a suite of open source e-commerce software from the German company Shopware. A security vulnerability exists in Shopware versions prior to 6.6.10.3 and prior to 6.5.8.17, which stems from a default setting that allows unconfirmed bulk news subscriptions...

6.9CVSS6.3AI score0.0029EPSS
Exploits0References1
Snyk
Snyk
added 2025/04/08 4:33 p.m.4 views

SQL Injection

Overview shopware/platform is a Shopware e-commerce core. Affected versions of this package are vulnerable to SQL Injection through the aggregations object. An attacker can manipulate the SQL queries and potentially access or alter data by injecting malicious SQL code into the name field...

7.3CVSS8.1AI score0.11627EPSS
Exploits1References2
OSV
OSV
added 2025/04/08 1:46 p.m.6 views

CVE-2025-30151 Shopware allows Denial Of Service via password length

Shopware is an open commerce platform. It's possible to pass long passwords that leads to Denial Of Service via forms in Storefront forms or Store-API. This vulnerability is fixed in 6.6.10.3 or 6.5.8.17. For older versions of 6.4, corresponding security measures are also available via a plugin...

7.5CVSS6.4AI score0.00393EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/04/08 12:0 a.m.4 views

PT-2025-15898 · Packagist · Shopware/Core +1

Impact It's possible to guess the deepLinkCode of an Document to open documents of other customers Patches Update to Shopware 6.6.10.3 or 6.5.8.17 Workarounds For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend...

4CVSS7.2AI score
Exploits0References6
Rows per page
Query Builder