Vulnerabilidades em shopware
57 resultadosCVE-2023-34098MEDIUMDependency configuration exposed in ShopwareEPSS 0.5%CVE-2022-24744LOWInsufficient Session Expiration in shopwareEPSS 0.5%CVE-2026-23498HIGHShopware Improper Control of Generation of Code in Twig rendered viewsEPSS 0.4%CVE-2024-42354MEDIUMShopware vulnerable to Improper Access Control with ManyToMany associations in store-apiEPSS 0.4%CVE-2024-22407MEDIUMBroken Access Control order API in ShopwareEPSS 0.4%CVE-2024-22408HIGHServer-Side Request Forgery (SSRF) in Shopware Flow BuilderEPSS 0.4%CVE-2025-7954MEDIUMRace Condition in Shopware Voucher SubmissionEPSS 0.4%CVE-2025-30151HIGHShopware allows Denial Of Service via password lengthEPSS 0.3%CVE-2025-30150MEDIUMShopware 6 allows attackers to check for registered accounts through the store-apiEPSS 0.3%CVE-2023-23941HIGHSwagPayPal payment not sent to PayPal correctlyEPSS 0.3%CVE-2026-31889HIGHShopware has a potential take over of app credentialsEPSS 0.3%CVE-2025-32378MEDIUMShopware's default newsletter opt-in settings allow for mass sign-up abuseEPSS 0.2%CVE-2026-31887HIGHShopware unauthenticated data extraction possible through store-api.order endpointEPSS 0.2%CVE-2026-48011LOWShopware: Timing-attack on admin panel allowing enumeration of administrator usernamesEPSS 0.2%CVE-2026-31888MEDIUMShopware has user enumeration via distinct error codes on Store API login endpointEPSS 0.2%CVE-2026-32142MEDIUMshopware/commercial: `/api/_info/config` route exposes information about licensesEPSS 0.2%CVE-2025-67648HIGHShopware's inproper input validation can lead to Reflected XSS through Storefront Login PageEPSS 0.2%