Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Packet Storm
Packet Stormadded 2026/04/13 12:0 a.m.134 views

📄 Shopware Improper Control

Shopware versions greater than or equal to 6.7.0.0 and less than 6.7.6.1 has an improper control related to Twig rendered views. CVE-2026-23498: Shopware Has Improper Control of Generation of Code in Twig rendered views Overview | Field | Details | |---|---| | CVE ID | CVE-2026-23498 | | Severity...

7.2CVSS7.2AI score0.00027EPSS
Exploits1
CVE
CVEadded 2026/01/14 6:31 p.m.10 views

CVE-2026-23498

CVE-2026-23498 affects Shopware Open Commerce Platform versions 6.7.0.0–6.7.6.0, where a regression of CVE-2023-2017 allows an array/array-crafted PHP Closure not checked against the allow list during the map(...) override. The issue is triggered in Twig-rendered views and can lead to code genera...

7.2CVSS8.2AI score0.00027EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/01/14 6:31 p.m.2 views

CVE-2026-23498 Shopware Improper Control of Generation of Code in Twig rendered views

Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, a regression of CVE-2023-2017 leads to an array and array crafted PHP Closure not checked being against allow list for the map... override. This vulnerability is fixed in 6.7.6.1...

7.2CVSS6.4AI score0.00027EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/01/14 6:31 p.m.19 views

CVE-2026-23498 Shopware Improper Control of Generation of Code in Twig rendered views

Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, a regression of CVE-2023-2017 leads to an array and array crafted PHP Closure not checked being against allow list for the map... override. This vulnerability is fixed in 6.7.6.1...

7.2CVSS0.00027EPSS
Exploits1References2
Github Security Blog
Github Security Blogadded 2026/01/14 4:54 p.m.6 views

Shopware Has Improper Control of Generation of Code in Twig rendered views

Impact We fixed with CVE-2023-2017 Twig filters to only be executed with allowed functions. However there was a regression that lead to an array and array crafted PHP Closure not checked being against allow list for the map... override Patches Patched in 6.7.6.1 Workarounds Install the security...

7.2CVSS6.8AI score0.00027EPSS
Exploits1References5Affected Software2
OSV
OSVadded 2026/01/14 4:54 p.m.2 views

GHSA-7CW6-7H3H-V8PF Shopware Has Improper Control of Generation of Code in Twig rendered views

Impact We fixed with CVE-2023-2017 Twig filters to only be executed with allowed functions. However there was a regression that lead to an array and array crafted PHP Closure not checked being against allow list for the map... override Patches Patched in 6.7.6.1 Workarounds Install the security...

7.2CVSS6.7AI score0.00027EPSS
Exploits1References5
Rows per page
Query Builder