CVE-2026-44826

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.2, Vvveb CMS does not validate the sign of the quantity parameter on the cart-add endpoint. Submitting a negative integer is accepted by the server and treated as a normal positi...

EUVD-2023-0414

Malicious code in bioql PyPI...

CVE-2023-43739

The 'bookisbn' parameter of the cart.php resource does not validate the characters received and they are sent unfiltered to the database...

GHSA-8R6H-M72V-38FG Shopware vulnerable to Improper Input Validation of Clearance sale in cart

Impact It is possible to put the same line item multiple one in the cart using API, the Cart Validators checked the line item's individuality and the user was able to skip the clearance sale in cart Patches The problem has been fixed with 6.4.18.1 Workarounds For older versions of 6.1, 6.2, and...

CVE-2023-22730

Shopware is an open source commerce platform based on Symfony Framework and Vue js. In affected versions It was possible to put the same line item multiple times in the cart using the AP. The Cart Validators checked the line item's individuality and the user was able to bypass quantity limits in...