15 matches found
CVE-2026-31889
Shopware is an open commerce platform. Prior to 6.6.10.15 and 6.7.8.1, a vulnerability in the Shopware app registration flow that could, under specific conditions, allow attackers to take over the communication channel between a shop and an app. The legacy app registration flow used HMAC‑based...
User Impersonation
Overview shopware/core is a Shopware platform is the core for all Shopware ecommerce products. Affected versions of this package are vulnerable to User Impersonation in the app registration process. An attacker can gain unauthorized access to sensitive API credentials by exploiting the ability to...
User Impersonation
Overview shopware/platform is a Shopware e-commerce core. Affected versions of this package are vulnerable to User Impersonation in the app registration process. An attacker can gain unauthorized access to sensitive API credentials by exploiting the ability to update the shop-url during...
CVE-2026-31889
Shopware is an open commerce platform. Prior to 6.6.10.15 and 6.7.8.1, a vulnerability in the Shopware app registration flow that could, under specific conditions, allow attackers to take over the communication channel between a shop and an app. The legacy app registration flow used HMAC‑based...
GHSA-C4P7-RWRG-PF6P Shopware vulnerable to a potential take over of app credentials
Summary We identified and fixed a vulnerability in the Shopware app registration flow that could, under specific conditions, allow attackers to take over the communication channel between a shop and an app. By abusing app re‑registration, an attacker could redirect app traffic to an...
Shopware vulnerable to a potential take over of app credentials
Summary We identified and fixed a vulnerability in the Shopware app registration flow that could, under specific conditions, allow attackers to take over the communication channel between a shop and an app. By abusing app re‑registration, an attacker could redirect app traffic to an...
CVE-2026-31889 Shopware has a potential take over of app credentials
Shopware is an open commerce platform. Prior to 6.6.10.15 and 6.7.8.1, a vulnerability in the Shopware app registration flow that could, under specific conditions, allow attackers to take over the communication channel between a shop and an app. The legacy app registration flow used HMAC‑based...
CVE-2026-31889
Shopware prior to versions 6.6.10.15 and 6.7.8.1 had a vulnerability in the app registration flow where the legacy HMAC‑based authentication did not sufficiently bind a shop installation to its domain. During re‑registration, the shop‑url could be updated without proving control of the previously...
CVE-2026-31889
Shopware is an open commerce platform. Prior to 6.6.10.15 and 6.7.8.1, a vulnerability in the Shopware app registration flow that could, under specific conditions, allow attackers to take over the communication channel between a shop and an app. The legacy app registration flow used HMAC‑based...
CVE-2026-31889 Shopware has a potential take over of app credentials
Shopware is an open commerce platform. Prior to 6.6.10.15 and 6.7.8.1, a vulnerability in the Shopware app registration flow that could, under specific conditions, allow attackers to take over the communication channel between a shop and an app. The legacy app registration flow used HMAC‑based...
CVE-2026-31889 Shopware has a potential take over of app credentials
Shopware is an open commerce platform. Prior to 6.6.10.15 and 6.7.8.1, a vulnerability in the Shopware app registration flow that could, under specific conditions, allow attackers to take over the communication channel between a shop and an app. The legacy app registration flow used HMAC‑based...
PT-2026-24795
Shopware is an open commerce platform. Prior to 6.6.10.15 and 6.7.8.1, a vulnerability in the Shopware app registration flow that could, under specific conditions, allow attackers to take over the communication channel between a shop and an app. The legacy app registration flow used HMAC‑based...
Setup of Discovery Connection Azure
By: fuzzy borders Are you having trouble trying to get your Azure assets into your InsightVM security console? In this blog post, we wanted to bring additional insight into leveraging the Azure Discovery Connection with InsightVM. This blog post is brought to you by the Fuzzy Borders project, who...
Gundog - Guided Hunting In Microsoft 365 Defender
Gundog provides you with guided hunting in Microsoft 365 Defender. Especially if not only for Email and Endpoint Alerts at the moment. Functionality You provide an AlertID you might received via Email notification and gundog will then hunt for as much as possible associated data. It does not give...
PSMDATP - PowerShell Module For Managing Microsoft Defender Advanced Threat Protection
Welcome to the Microsoft Defender Advanced Threat Protection PowerShell module! This module is a collection of easy-to-use cmdlets and functions designed to make it easy to interface with the Microsoft Defender Advanced Threat Protection API. Motivation I created this PowerShell module for MDATP...