Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

10 matches found

EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2022-1348

Malicious code in bioql PyPI...

6.3CVSS6AI score0.00328EPSS
Exploits0References5
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2022-1697

Malicious code in bioql PyPI...

8.1CVSS8AI score0.00189EPSS
Exploits0References5
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2022-1559

Malicious code in bioql PyPI...

3.5CVSS4.6AI score0.00159EPSS
Exploits0References6
RedhatCVE
RedhatCVEadded 2025/05/23 10:9 a.m.6 views

CVE-2024-31447

Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Starting in version 6.3.5.0 and prior to versions 6.6.1.0 and 6.5.8.8, when a authenticated request is made to POST /store-api/account/logout, the cart will be cleared, but the User won't be logged out. This affects only...

5.3CVSS6.5AI score0.00164EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/23 7:54 a.m.5 views

CVE-2024-42354

Shopware is an open commerce platform. The store-API works with regular entities and not expose all fields for the public API; fields need to be marked as ApiAware in the EntityDefinition. So only ApiAware fields of the EntityDefinition will be encoded to the final JSON. Prior to versions 6.6.5.1...

5.9CVSS6.9AI score0.00424EPSS
Exploits0
RedhatCVE
RedhatCVEadded 2025/05/23 4:45 a.m.5 views

CVE-2023-22734

Shopware is an open source commerce platform based on Symfony Framework and Vue js. The newsletter double opt-in validation was not checked properly, and it was possible to skip the complete double opt in process. As a result operators may have inconsistencies in their newsletter systems. This...

7.5CVSS6.7AI score0.00298EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/22 10:30 p.m.6 views

CVE-2022-24748

Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In versions prior to 6.4.8.2 it is possible to modify customers and to create orders without App Permission. This issue is a result of improper api route checking. Users are advised to upgra...

7.5CVSS6.6AI score0.00222EPSS
Exploits0References1
Github Security Blog
Github Security Blogadded 2025/04/08 4:33 p.m.8 views

Shopware Broken ACL on Document retrieval to access other customers documents

Impact It's possible to guess the deepLinkCode of an Document to open documents of other customers Patches Update to Shopware 6.6.10.3 or 6.5.8.17 Workarounds For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend...

7.1AI score
Exploits0References5Affected Software2
Vulnrichment
Vulnrichmentadded 2022/04/28 2:15 p.m.4 views

CVE-2022-24879 Malfunction of Cross-Site Request Forgery token validation

Shopware is an open source e-commerce software platform. Versions prior to 5.7.9 are vulnerable to malfunction of cross-site request forgery CSRF token validation. Under certain circumstances, the CSRF tokens were not generated anew and not validated correctly. This issue is fixed in version 5.7....

7.5CVSS7.5AI score0.00135EPSS
Exploits0References3
CNVD
CNVDadded 2021/06/25 12:0 a.m.8 views

Shopware Cross-Site Scripting Vulnerability (CNVD-2021-45749)

Shopware is an open source e-commerce platform. A cross-site scripting vulnerability exists in Shopware versions prior to 5.6.10. An attacker can exploit this vulnerability to inject malicious script into Administration to execute client-side code...

4.8CVSS6AI score0.0039EPSS
Exploits0References1
Rows per page
Query Builder