| CVE-2026-31889 |
unknown |
— |
— |
3mo ago |
Shopware vulnerable to a potential take over of app credentials |
|
| CVE-2026-31888 |
unknown |
— |
— |
3mo ago |
Shopware has user enumeration via distinct error codes on Store API login endpoint |
|
| CVE-2026-31887 |
unknown |
— |
— |
3mo ago |
Shopware: Unauthenticated data extraction possible through store-api.order endpoint |
|
| CVE-2026-23498 |
unknown |
— |
— |
4mo ago |
Shopware Has Improper Control of Generation of Code in Twig rendered views |
|
| CVE-2025-32378 |
unknown |
— |
— |
1y ago |
Shopware default newsletter opt-in settings allow for mass sign-up abuse |
|
| CVE-2025-27892 |
unknown |
— |
— |
1y ago |
Shopware Vulnerable to Blind SQL-injection in DAL aggregations |
|
| CVE-2025-30151 |
unknown |
— |
— |
1y ago |
Shopware allows Denial Of Service via password length |
|
| CVE-2025-30150 |
unknown |
— |
— |
1y ago |
Shopware 6 allows attackers to check for registered accounts through the store-api |
|
| CVE-2024-42357 |
unknown |
— |
— |
2y ago |
Shopware vulnerable to blind SQL-injection in DAL aggregations |
|
| CVE-2024-42356 |
unknown |
— |
— |
2y ago |
Shopware vulnerable to Server Side Template Injection in Twig using Context functions |
|
| CVE-2024-42355 |
unknown |
— |
— |
2y ago |
Shopware vulnerable to Server Side Template Injection in Twig using deprecation silence tag |
|
| CVE-2024-42354 |
unknown |
— |
— |
2y ago |
Shopware vulnerable to Improper Access Control with ManyToMany associations in store-api |
|
| CVE-2024-31447 |
unknown |
— |
— |
2y ago |
Shopware Improper Session Handling in store-api account logout |
|
| CVE-2024-22407 |
unknown |
— |
— |
2y ago |
Broken Access Control order API in Shopware |
|
| CVE-2024-22406 |
unknown |
— |
— |
2y ago |
Blind SQL injection in shopware |
|
| CVE-2023-2017 |
unknown |
— |
— |
3y ago |
Shopware Has Improper Control of Generation of Code in Twig rendered views |
|
| CVE-2023-22734 |
unknown |
— |
— |
3y ago |
Shopware has Improper Input Validation issue in newsletter subscription |
|
| CVE-2023-22732 |
unknown |
— |
— |
3y ago |
Shopware has Insufficient Session Expiration in Administration |
|
| CVE-2023-22733 |
unknown |
— |
— |
3y ago |
Shopware's log module vulnerable to Improper Output Neutralization |
|
| CVE-2023-22731 |
unknown |
— |
— |
3y ago |
Shopware vulnerable to Improper Control of Generation of Code in Twig rendered views |
|
| CVE-2023-22730 |
unknown |
— |
— |
3y ago |
Shopware vulnerable to Improper Input Validation of Clearance sale in cart |
|
| CVE-2020-13997 |
unknown |
— |
— |
4y ago |
Shopware database password is leaked to an unauthenticated users |
|
| CVE-2022-24872 |
unknown |
— |
— |
4y ago |
Improper Access Control in Shopware |
|
| CVE-2022-24871 |
unknown |
— |
— |
4y ago |
Server-Side Request Forgery (SSRF) in Shopware |
|
| CVE-2022-24748 |
unknown |
— |
— |
4y ago |
Incorrect Authentication in shopware |
|
| CVE-2022-24747 |
unknown |
— |
— |
4y ago |
HTTP caching is marking private HTTP headers as public in Shopware |
|
| CVE-2022-24746 |
unknown |
— |
— |
4y ago |
HTML injection possibility in voucher code form in Shopware |
|
| CVE-2022-24744 |
unknown |
— |
— |
4y ago |
Shopware user session is not logged out if the password is reset via password recovery |
|
| CVE-2021-37709 |
unknown |
— |
— |
5y ago |
Insecure direct object reference of log files of the Import/Export feature |
|
| CVE-2021-37708 |
unknown |
— |
— |
5y ago |
Command injection in mail agent settings |
|
| CVE-2021-37707 |
unknown |
— |
— |
5y ago |
Manipulation of product reviews via API |
|
| CVE-2021-37710 |
unknown |
— |
— |
5y ago |
Cross-Site Scripting via SVG media files |
|
| CVE-2021-37711 |
unknown |
— |
— |
5y ago |
Authenticated server-side request forgery in file upload via URL. |
|