shopware

Top products

The 15 most recently published vulnerabilities affecting shopware.

• CVE-2026-48011Shopware: Timing-attack on admin panel allowing enumeration of administrator usernames3.7Jun 10, 2026
• CVE-2026-32142shopware/commercial: `/api/_info/config` route exposes information about licenses5.3Mar 12, 2026
• CVE-2026-31889Shopware has a potential take over of app credentials8.9Mar 11, 2026
• CVE-2026-31888Shopware has user enumeration via distinct error codes on Store API login endpoint5.3Mar 11, 2026
• CVE-2026-31887Shopware unauthenticated data extraction possible through store-api.order endpoint7.5Mar 11, 2026
• CVE-2026-23498Shopware Improper Control of Generation of Code in Twig rendered views7.2Jan 14, 2026
• CVE-2025-67648Shopware's inproper input validation can lead to Reflected XSS through Storefront Login Page7.1Dec 10, 2025
• CVE-2025-7954Race Condition in Shopware Voucher Submission8.1Aug 6, 2025
• CVE-2025-51541A stored cross-site scripting (XSS) vulnerability exists in the Shopware 6 installation interface at /recovery/install/database-configuration/. The c_database_schema field fails to properly sanitiz...6.1Aug 5, 2025
• CVE-2025-27892Shopware prior to version 6.5.8.13 is affected by a SQL injection vulnerability in the /api/search/order endpoint. NOTE: this issue exists because of a CVE-2024-22406 and CVE-2024-42357 regression.6.8Apr 15, 2025
• CVE-2025-32378Shopware's default newsletter opt-in settings allow for mass sign-up abuse5.3Apr 9, 2025
• CVE-2025-30150Shopware 6 allows attackers to check for registered accounts through the store-api5.3Apr 8, 2025
• CVE-2025-30151Shopware allows Denial Of Service via password length7.5Apr 8, 2025
• CVE-2024-42357Shopware vulnerable to blind SQL-injection in DAL aggregations7.3Aug 8, 2024
• CVE-2024-42356Shopware vulnerable to Server Side Template Injection in Twig using Context functions8.3Aug 8, 2024