CVE-2026-3641

The Appmax WordPress plugin (up to version 1.0.3) exposes a public REST API webhook at /webhook-system that lacks webhook signature verification or authentication. The plugin directly processes untrusted input from the 'event' and 'data' parameters, enabling unauthenticated attackers to alter Woo...

Shopware Licensing Issue Vulnerability

Shopware is a suite of open source e-commerce software from the German company Shopware.Shopware suffers from an authorization issue vulnerability that stems from incorrect api routing checks. An attacker could exploit this vulnerability to modify customers and create orders without application...

Incorrect Authentication in shopware

Impact Modify Customers, create Orders without App Permission Patches We recommend updating to the current version 6.4.8.2. You can get the update to 6.4.8.2 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/en/download/shopware-6 Workarounds For older...

Privilege Escalation

shopware/core is vulnerable to Privilege Escalation. The The vulnerability exists due to lack of validate API library which allows to an attacker to modify customers and create orders without permission...

Shopware 授权问题漏洞

Shopware is a suite of open source e-commerce software from the German company Shopware.Shopware suffers from an authorization issue vulnerability that stems from incorrect api routing checks. An attacker could exploit this vulnerability to modify customers and create orders without application...