43 matches found
EUVD-2026-11663
Shopware is an open commerce platform. /api/info/config route exposes information about licenses. This vulnerability is fixed in 7.8.1 and 6.10.15...
CVE-2026-32142 shopware/commercial: `/api/_info/config` route exposes information about licenses
Shopware is an open commerce platform. /api/info/config route exposes information about licenses. This vulnerability is fixed in 7.8.1 and 6.10.15...
EUVD-2026-11642
Shopware is an open commerce platform. /api/info/config route exposes information about active security fixes. This vulnerability is fixed in 2.0.16, 3.0.12, and 4.0.7...
PT-2026-25031
Shopware is an open commerce platform. /api/ info/config route exposes information about active security fixes. This vulnerability is fixed in 2.0.16, 3.0.12, and 4.0.7...
PT-2026-25040
CVE-2026-32142 Shopware is an open commerce platform. /api/ info/config route exposes information about licenses. This vulnerability is fixed in 7.8.1 and 6.10.15. https://t.co/miVHOhaAoF...
User Impersonation
Overview shopware/platform is a Shopware e-commerce core. Affected versions of this package are vulnerable to User Impersonation in the app registration process. An attacker can gain unauthorized access to sensitive API credentials by exploiting the ability to update the shop-url during...
CVE-2026-31888
Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, the Store API login endpoint POST /store-api/account/login returns different error codes depending on whether the submitted email address belongs to a registered customer CHECKOUTCUSTOMERAUTHBADCREDENTIALS or is unknown...
CVE-2026-25878
FroshAdminer is the Adminer plugin for Shopware Platform. Prior to 2.2.1, the Adminer route /admin/adminer was accessible without Shopware admin authentication. The route was configured with authrequired=false and performed no session validation, exposing the Adminer UI to unauthenticated users...
CVE-2026-25878
FroshAdminer is the Adminer plugin for Shopware Platform. Prior to 2.2.1, the Adminer route /admin/adminer was accessible without Shopware admin authentication. The route was configured with authrequired=false and performed no session validation, exposing the Adminer UI to unauthenticated users...
CVE-2026-25878 FroshAdminer Adminer UI is accessible without admin session
FroshAdminer is the Adminer plugin for Shopware Platform. Prior to 2.2.1, the Adminer route /admin/adminer was accessible without Shopware admin authentication. The route was configured with authrequired=false and performed no session validation, exposing the Adminer UI to unauthenticated users...
CVE-2026-25878
FroshAdminer (Shopware Platform) vulnerable in versions prior to 2.2.1 where the Adminer UI at /admin/adminer was exposed without Shopware admin authentication due to auth_required=false and no session validation. This allowed unauthenticated access to the Adminer UI, with a potentially limited i...
CVE-2026-25878 FroshAdminer Adminer UI is accessible without admin session
FroshAdminer is the Adminer plugin for Shopware Platform. Prior to 2.2.1, the Adminer route /admin/adminer was accessible without Shopware admin authentication. The route was configured with authrequired=false and performed no session validation, exposing the Adminer UI to unauthenticated users...
CVE-2026-25878 FroshAdminer Adminer UI is accessible without admin session
FroshAdminer is the Adminer plugin for Shopware Platform. Prior to 2.2.1, the Adminer route /admin/adminer was accessible without Shopware admin authentication. The route was configured with authrequired=false and performed no session validation, exposing the Adminer UI to unauthenticated users...
PT-2026-7163
Name of the Vulnerable Software and Affected Versions FroshAdminer versions prior to 2.2.1 Description The Adminer route '/admin/adminer' within the FroshAdminer plugin for Shopware Platform was accessible without requiring Shopware admin authentication. The route was configured without...
Arbitrary Code Injection
Overview shopware/platform is a Shopware e-commerce core. Affected versions of this package are vulnerable to Arbitrary Code Injection in the map function, where closures and arrays are not properly checked against the allow list. Note: This is a regression of the fix to CVE-2023-2017. Remediatio...
Server-side Request Forgery (SSRF)
Overview shopware/platform is a Shopware e-commerce core. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the PDF generation process. An attacker can cause the server to send HTTP requests to internal or external resources by submitting specially crafted I...
EUVD-2021-1570
Malware in sbrugna...
EUVD-2024-2597
Malicious code in bioql PyPI...
EUVD-2024-1097
Malicious code in bioql PyPI...
EUVD-2023-0338
Malicious code in bioql PyPI...