CVE-2026-9747

Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server...

PT-2026-48293

Name of the Vulnerable Software and Affected Versions MongoDB Server affected versions not specified Description An issue exists where the use of fromRouter:true and runtimeConstants.userRoles can cause aggregations to crash the MongoDB server. Recommendations At the moment, there is no informati...

SQL Injection

Overview shopware/core is a Shopware platform is the core for all Shopware ecommerce products. Affected versions of this package are vulnerable to SQL Injection through the aggregations object. An attacker can manipulate the SQL queries and potentially access or alter data by injecting malicious...

GHSA-8G35-7RMW-7F59 Shopware Vulnerable to Blind SQL-injection in DAL aggregations

Impact The Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the “aggregations” object. The ‘name’ field in this...

SQL Injection

Overview shopware/platform is a Shopware e-commerce core. Affected versions of this package are vulnerable to SQL Injection through the aggregations object. An attacker can manipulate the SQL queries and potentially access or alter data by injecting malicious SQL code into the name field...

Shopware Vulnerable to Blind SQL-injection in DAL aggregations

Impact The Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the “aggregations” object. The ‘name’ field in this...

CVE-2024-42357 Shopware vulnerable to blind SQL-injection in DAL aggregations

Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the...

GHSA-P6W9-R443-R752 Shopware vulnerable to blind SQL-injection in DAL aggregations

Impact The Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the “aggregations” object. The ‘name’ field in this...

Shopware vulnerable to blind SQL-injection in DAL aggregations

Impact The Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the “aggregations” object. The ‘name’ field in this...

Shopware 安全漏洞

Shopware is a suite of open source e-commerce software from the German company Shopware. A security vulnerability exists in Shopware versions 6.6.5.1 and 6.5.8.13 and earlier, which stems from the search function in its application API, where the name field in the aggregations object is susceptib...

PT-2024-29893 · Shopware · Shopware

Name of the Vulnerable Software and Affected Versions: Shopware versions prior to 6.6.5.1 Shopware versions prior to 6.5.8.13 Description: The Shopware application API contains a search functionality that enables users to search through information stored within their Shopware instance. The...

GHSA-QMP9-2XWJ-M6M9 Blind SQL injection in shopware

Impact The Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the “aggregations” object. The ‘name’ field in this...

CVE-2024-22406

Shopware is an open headless commerce platform. The Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the “aggregations...

CVE-2024-22406 Blind SQL-injection in DAL aggregations in Shopware

Shopware is an open headless commerce platform. The Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the “aggregations...

PT-2024-19396 · Shopware · Shopware

Name of the Vulnerable Software and Affected Versions: Shopware versions prior to 6.5.7.4 Shopware versions 6.1, 6.2, 6.3, and 6.4 Description: The Shopware application API contains a search functionality that enables users to search through information stored within their Shopware instance. The...

Shopware SQL Injection Vulnerability

Shopware is a suite of open source e-commerce software from the German company Shopware. A SQL injection vulnerability exists in Shopware 6.5.7.3 and earlier versions, which stems from a SQL injection vulnerability in the name field of the aggregations object...

CVE-2023-23933 Issue in Anomaly Detection with document and field level rules in numerical feature aggregations

OpenSearch Anomaly Detection identifies atypical data and receives automatic notifications. There is an issue with the application of document and field level restrictions in the Anomaly Detection plugin, where users with the Anomaly Detector role can read aggregated numerical data e.g. averages,...

CVE-2023-23933 Issue in Anomaly Detection with document and field level rules in numerical feature aggregations

OpenSearch Anomaly Detection identifies atypical data and receives automatic notifications. There is an issue with the application of document and field level restrictions in the Anomaly Detection plugin, where users with the Anomaly Detector role can read aggregated numerical data e.g. averages,...

Sustainability at Akamai: An Efficient Platform Powered by Energy Aggregation

If I had a dollar for every time I heard "2020 was an unprecedented year", I could fund a clean energy project myself. And while we're tired of hearing it, it's true. Among the pandemic, U.S. presidential election, social justice movements, the finalization of Brexit, and many other new and...

CVE-2019-13419

Search Guard versions before 23.1 had an issue that for aggregations clear text values of anonymised fields were leaked...