58 matches found
CVE-2026-32100
Shopware exposes information about active security fixes via the /api/_info/config route. This CVE affects Shopware (open commerce platform) and is mitigated by upgrading to versions 2.0.16, 3.0.12, or 4.0.7. The vulnerability is listed with CVSS v3.1 base score 5.3 (Medium) and indicates informa...
Shopware 安全漏洞
Shopware is a set of open-source e-commerce software developed by the German company Shopware GmbH. Versions prior to Shopware 6.7.8.1 and 6.6.10.15 contained security vulnerabilities. These vulnerabilities stemmed from insufficient checks on the filter types of unverified customers, which could...
Shopware vulnerable to MediaVisibilityRestrictionSubscriber bypass when reading media entities by aggregating fields individually
In Shopware core and platform versions before 6.6.10.7 and 6.7.3.1, media visibility restrictions applied by MediaVisibilityRestrictionSubscriber are not enforced for aggregation API requests. Authorization filters are only injected during standard entity reads; aggregation queries can be...
EUVD-2025-35210
Shopware vulnerable to MediaVisibilityRestrictionSubscriber bypass when reading media entities by aggregating fields individually...
EUVD-2021-1658
Malware in sbrugna...
EUVD-2021-1932
Malware in sbrugna...
EUVD-2023-1803
Malicious code in bioql PyPI...
EUVD-2025-10293
Malicious code in bioql PyPI...
EUVD-2023-1353
Malicious code in bioql PyPI...
EUVD-2022-1388
Malicious code in bioql PyPI...
EUVD-2022-3854
Malicious code in bioql PyPI...
EUVD-2022-1666
Malicious code in bioql PyPI...
EUVD-2022-2661
Malicious code in bioql PyPI...
EUVD-2022-4630
Malicious code in bioql PyPI...
EUVD-2023-1231
Malicious code in bioql PyPI...
Shopware 安全漏洞
Shopware is a suite of open source e-commerce software from the German company Shopware. A security vulnerability exists in Shopware that stems from insufficient cleanup of the cdatabaseschema field in the installation interface, which could lead to stored cross-site scripting...
CVE-2023-2017
Server-side Template Injection SSTI in Shopware 6 = v6.4.20.0, v6.5.0.0-rc1 = v6.5.0.0-rc4, affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with access to a Twig environment without the Sandbox extension to bypass the validation checks in...
CVE-2022-24744
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions user sessions are not logged out if the password is reset via password recovery. This issue has been resolved in version 6.4.8.1. For older versions of 6.1, 6.2, and 6.3...
CVE-2022-36101
Shopware is an open source e-commerce software. In affected versions the request for the customer detail view in the backend administration contained sensitive data like the hashed password and the session ID. These fields are now explicitly unset in version 5.7.15. Users are advised to update an...
CVE-2022-24747
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. Affected versions of shopware do no properly set sensitive HTTP headers to be non-cacheable. If there is an HTTP cache between the server and client then headers may be exposed via HTTP...