Lucene search
+L

4 matches found

NVD
NVD
added 3 hours ago6 views

CVE-2026-48008

Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, a non-admin API user with integration:create ACL privilege can escalate to full administrator by creating an integration with admin: true through the Sync API POST /api/action/sync; the regular integration endpoint POST...

6.5CVSS0.00034EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/04 7:23 p.m.17 views

Shopware: Privilege Escalation via Sync API Integration Admin Flag Bypass

Summary A non-admin API user with integration:create ACL privilege can escalate to full administrator by creating an integration with admin: true through the Sync API POST /api/action/sync. The regular integration endpoint POST /api/integration correctly blocks this, but the Sync API bypasses the...

6.5CVSS5.9AI score0.00034EPSS
Exploits0References4Affected Software2
SUSE CVE
SUSE CVE
added 2023/02/15 5:29 a.m.4 views

SUSE CVE-2014-3177

Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3176...

10CVSS9.7AI score0.03883EPSS
Exploits0References4
OSV
OSV
added 2014/08/27 1:55 a.m.4 views

UBUNTU-CVE-2014-3176

Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3177...

10CVSS7.7AI score0.09758EPSS
Exploits0References4
Rows per page
Query Builder