Lucene search
K

7 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2024-2460

Malicious code in bioql PyPI...

9.8CVSS6.4AI score0.00863EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/02/05 2:32 a.m.8 views

CVE-2024-42355

Shopware, an open ecommerce platform, has a new Twig Tag swsilentfeaturecall which silences deprecation messages while triggered in this tag. Prior to versions 6.6.5.1 and 6.5.8.13, it accepts as parameter a string the feature flag name to silence, but this parameter is not escaped properly and...

9.8CVSS6.9AI score0.00863EPSS
Exploits0References1
NVD
NVD
added 2024/08/08 3:15 p.m.24 views

CVE-2024-42355

Shopware, an open ecommerce platform, has a new Twig Tag swsilentfeaturecall which silences deprecation messages while triggered in this tag. Prior to versions 6.6.5.1 and 6.5.8.13, it accepts as parameter a string the feature flag name to silence, but this parameter is not escaped properly and...

9.8CVSS0.00863EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/08/08 2:49 p.m.28 views

CVE-2024-42355 Shopware vulnerable to Server Side Template Injection in Twig using deprecation silence tag

Shopware, an open ecommerce platform, has a new Twig Tag swsilentfeaturecall which silences deprecation messages while triggered in this tag. Prior to versions 6.6.5.1 and 6.5.8.13, it accepts as parameter a string the feature flag name to silence, but this parameter is not escaped properly and...

8.3CVSS0.00863EPSS
Exploits0References5
CVE
CVE
added 2024/08/08 2:49 p.m.52 views

CVE-2024-42355

Shopware is vulnerable to Server-Side Template Injection via the new Twig tag sw_silent_feature_call. The parameter (feature flag name) is not escaped properly, allowing code execution. Affected versions include 6.6.5.0/6.5.x prior to 6.6.5.1 and 6.5.8.13; older 6.2–6.4 can receive protections vi...

9.8CVSS8.3AI score0.00863EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/08/08 2:49 p.m.18 views

CVE-2024-42355 Shopware vulnerable to Server Side Template Injection in Twig using deprecation silence tag

Shopware, an open ecommerce platform, has a new Twig Tag swsilentfeaturecall which silences deprecation messages while triggered in this tag. Prior to versions 6.6.5.1 and 6.5.8.13, it accepts as parameter a string the feature flag name to silence, but this parameter is not escaped properly and...

8.3CVSS6.8AI score0.00863EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/08/08 12:0 a.m.4 views

Shopware 安全漏洞

Shopware is a suite of open source e-commerce software from the German company Shopware. A security vulnerability exists in Shopware versions 6.6.5.1 and 6.5.8.13 and earlier, which stems from the fact that the vulnerability originates from its new Twig tag, which is used to mute discarded...

9.8CVSS7.1AI score0.00863EPSS
Exploits0References6
Rows per page
Query Builder