42 matches found
CVE-2026-23498
Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, a regression of CVE-2023-2017 leads to an array and array crafted PHP Closure not checked being against allow list for the map... override. This vulnerability is fixed in 6.7.6.1...
EUVD-2017-1819
Malware in sbrugna...
EUVD-2017-1820
Malware in sbrugna...
EUVD-2025-10291
Malicious code in bioql PyPI...
EUVD-2024-2597
Malicious code in bioql PyPI...
EUVD-2022-1370
Malicious code in bioql PyPI...
EUVD-2022-1666
Malicious code in bioql PyPI...
GHSA-9WRV-G75H-8CCC Improper Access Control in Shopware
Shopware 6 is an open commerce platform based on Symfony Framework and Vue and supported by a worldwide community and more than 1.500 community extensions. Permissions set to sales channel context by admin-api are still useable within normal user session. We recommend updating to the current...
CVE-2022-24872
Shopware CVE-2022-24872 is an improper access‑control issue in the admin-api where permissions set to the sales channel context can be used within a normal user session. Affects Shopware platform (Symfony/Vue) across affected releases; remediation is to update to version 6.4.10.1. For 6.1–6.3, se...
CVE-2022-24745
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions guest sessions are shared between customers when HTTP cache is enabled. This can lead to inconsistent experiences for guest users. Setups with Varnish are not affected b...
CVE-2022-24744
CVE-2022-24744 – Shopware Affected: Shopware (open commerce platform based on Symfony and Vue) where, in affected versions, user sessions remain active after a password reset via the recovery flow. Root cause (as described in security docs): insufficient session expiration management allowing a u...
CVE-2022-24745
CVE-2022-24745 affects Shopware (Shopware platform) when HTTP caching is enabled. The issue allows guest sessions to be shared between customers due to improper handling of HTTP cache headers in affected versions (Varnish setups are not affected). Root cause is related to caching behavior that ex...
CVE-2022-24747 HTTP caching is marking private HTTP headers as public
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. Affected versions of shopware do no properly set sensitive HTTP headers to be non-cacheable. If there is an HTTP cache between the server and client then headers may be exposed via HTTP...
CVE-2018-3122
Vulnerability in the Oracle Retail Open Commerce Platform component of Oracle Retail Applications subcomponent: Integrations. Supported versions that are affected are 6.0, 6.0.1 and 5.3. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise...
CVE-2018-3122
Vulnerability in the Oracle Retail Open Commerce Platform component of Oracle Retail Applications subcomponent: Integrations. Supported versions that are affected are 6.0, 6.0.1 and 5.3. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise...
Design/Logic Flaw
Vulnerability in the Oracle Retail Open Commerce Platform component of Oracle Retail Applications subcomponent: Integrations. Supported versions that are affected are 6.0, 6.0.1 and 5.3. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise...
CVE-2018-3122
Vulnerability in the Oracle Retail Open Commerce Platform component of Oracle Retail Applications subcomponent: Integrations. Supported versions that are affected are 6.0, 6.0.1 and 5.3. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise...
CVE-2018-3122
Vulnerability in the Oracle Retail Open Commerce Platform component of Oracle Retail Applications subcomponent: Integrations. Supported versions that are affected are 6.0, 6.0.1 and 5.3. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise...
CVE-2018-3122
Oracle Retail Open Commerce Platform (subcomponent: Integrations) within Oracle Retail Applications is affected on versions 6.0, 6.0.1 and 5.3. The vulnerability allows a low privileged, network-accessible attacker over HTTP to potentially perform unauthorized create, delete, or modify operations...
CVE-2017-10173
Vulnerability in the Oracle Retail Open Commerce Platform component of Oracle Retail Applications subcomponent: Website. Supported versions that are affected are 5.0, 5.1, 5.2, 5.3, 6.0, 6.1, 15.0 and 15.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via...