3 matches found
CVE-2025-30150
creationtimestamp| type| source ---|---|--- 2025-04-08 17:22:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmcygffhzi2f 2025-04-08 18:10:51+00:00| seen| https://t.me/cvedetector/22460...
CVE-2025-30150 Shopware 6 allows attackers to check for registered accounts through the store-api
Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Through the store-api it is possible as a attacker to check if a specific e-mail address has an account in the shop. Using the store-api endpoint /store-api/account/recovery-password you get the response, which indicates...
CVE-2025-30150
CVE-2025-30150 affects Shopware 6 platforms. The vulnerability allows an attacker using the store-api to determine whether an email address is registered by querying /store-api/account/recovery-password ; responses differentiate between found vs not found accounts, enabling information exposure. ...