90 matches found
CVE-2025-30151
Shopware is an open commerce platform. It's possible to pass long passwords that leads to Denial Of Service via forms in Storefront forms or Store-API. This vulnerability is fixed in 6.6.10.3 or 6.5.8.17. For older versions of 6.4, corresponding security measures are also available via a plugin...
GHSA-CGFJ-HJ93-RMH2 Shopware allows Denial Of Service via password length
Impact It's possible to pass long passwords that leads to Denial Of Service via forms in Storefront forms or Store-API. Patches Update to Shopware 6.6.10.3 or 6.5.8.17 Workarounds For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of...
Shopware allows Denial Of Service via password length
Impact It's possible to pass long passwords that leads to Denial Of Service via forms in Storefront forms or Store-API. Patches Update to Shopware 6.6.10.3 or 6.5.8.17 Workarounds For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of...
Shopware 6 allows attackers to check for registered accounts through the store-api
Impact Through the store-api it is possible as a attacker to check if a specific e-mail address has an account in the shop. Using the store-api endpoint /store-api/account/recovery-password you get the response "errors":"status":"404","code":"CHECKOUTCUSTOMERNOTFOUND","title":"Not...
GHSA-HH7J-6X3Q-F52H Shopware 6 allows attackers to check for registered accounts through the store-api
Impact Through the store-api it is possible as a attacker to check if a specific e-mail address has an account in the shop. Using the store-api endpoint /store-api/account/recovery-password you get the response "errors":"status":"404","code":"CHECKOUTCUSTOMERNOTFOUND","title":"Not...
CVE-2025-30150
Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Through the store-api it is possible as a attacker to check if a specific e-mail address has an account in the shop. Using the store-api endpoint /store-api/account/recovery-password you get the response, which indicates...
CVE-2025-30151
Shopware is an open commerce platform. It's possible to pass long passwords that leads to Denial Of Service via forms in Storefront forms or Store-API. This vulnerability is fixed in 6.6.10.3 or 6.5.8.17. For older versions of 6.4, corresponding security measures are also available via a plugin...
CVE-2025-30150 Shopware 6 allows attackers to check for registered accounts through the store-api
Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Through the store-api it is possible as a attacker to check if a specific e-mail address has an account in the shop. Using the store-api endpoint /store-api/account/recovery-password you get the response, which indicates...
CVE-2025-30150 Shopware 6 allows attackers to check for registered accounts through the store-api
Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Through the store-api it is possible as a attacker to check if a specific e-mail address has an account in the shop. Using the store-api endpoint /store-api/account/recovery-password you get the response, which indicates...
CVE-2025-30150
CVE-2025-30150 affects Shopware 6 platforms. The vulnerability allows an attacker using the store-api to determine whether an email address is registered by querying /store-api/account/recovery-password ; responses differentiate between found vs not found accounts, enabling information exposure. ...
CVE-2025-30151 Shopware allows Denial Of Service via password length
Shopware is an open commerce platform. It's possible to pass long passwords that leads to Denial Of Service via forms in Storefront forms or Store-API. This vulnerability is fixed in 6.6.10.3 or 6.5.8.17. For older versions of 6.4, corresponding security measures are also available via a plugin...
CVE-2025-30151 Shopware allows Denial Of Service via password length
Shopware is an open commerce platform. It's possible to pass long passwords that leads to Denial Of Service via forms in Storefront forms or Store-API. This vulnerability is fixed in 6.6.10.3 or 6.5.8.17. For older versions of 6.4, corresponding security measures are also available via a plugin...
Shopware 安全漏洞
Shopware is a suite of open source e-commerce software from the German company Shopware. A security vulnerability exists in Shopware, which stems from a store-api that detects the existence of an e-mail account, which could lead to information disclosure...
GeoServer < 2.23.4 Multiples Vulnerabilities
According to its banner, the version of GeoServer running on the remote host is prior to 2.23.5 or 2.24.0 prior to 2.24.2. It is, therefore, affected by Multiples Vulnerabilities : - An Arbitrary file upload vulnerability in REST Coverage Store API - A Stored Cross-Site Scripting XSS vulnerabilit...
CVE-2024-42354
Shopware is an open commerce platform. The store-API works with regular entities and not expose all fields for the public API; fields need to be marked as ApiAware in the EntityDefinition. So only ApiAware fields of the EntityDefinition will be encoded to the final JSON. Prior to versions 6.6.5.1...
CVE-2024-42354 Shopware vulnerable to Improper Access Control with ManyToMany associations in store-api
Shopware is an open commerce platform. The store-API works with regular entities and not expose all fields for the public API; fields need to be marked as ApiAware in the EntityDefinition. So only ApiAware fields of the EntityDefinition will be encoded to the final JSON. Prior to versions 6.6.5.1...
CVE-2024-42354 Shopware vulnerable to Improper Access Control with ManyToMany associations in store-api
Shopware is an open commerce platform. The store-API works with regular entities and not expose all fields for the public API; fields need to be marked as ApiAware in the EntityDefinition. So only ApiAware fields of the EntityDefinition will be encoded to the final JSON. Prior to versions 6.6.5.1...
CVE-2024-42354
CVE-2024-42354 : Shopware’s store-API could bypass protections because Criteria processing did not properly account for ManyToMany associations . This affects versions prior to the patches in 6.6.5.1 and 6.5.8.13 , with protections not being used as intended. The issue can be triggered by extensi...
CVE-2024-42354 Shopware vulnerable to Improper Access Control with ManyToMany associations in store-api
Shopware is an open commerce platform. The store-API works with regular entities and not expose all fields for the public API; fields need to be marked as ApiAware in the EntityDefinition. So only ApiAware fields of the EntityDefinition will be encoded to the final JSON. Prior to versions 6.6.5.1...
Shopware vulnerable to Improper Access Control with ManyToMany associations in store-api
Impact The store-API works with regular entities and not expose all fields for the public API; fields need to be marked as ApiAware in the EntityDefinition. So only ApiAware fields of the EntityDefinition will be encoded to the final JSON. The processing of the Criteria did not considered...