Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

platform

Source -

NVDADPCNA

CNA CVEs -

54

ADP CVEs -

5

CISA CVEs -

0

NVD CVEs -

35
Related CVEsRelated VendorsRelated AssignersReports
76Vulnerabilities found

CVE-2026-48009
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.27% / 19.14%
||
7 Day CHG~0.00%
Published-17 Jul, 2026 | 17:58
Updated-17 Jul, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Shopware: Admin Account Takeover via User Recovery Hash Exposure

Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, a low-privilege admin user with user_recovery:read ACL can take over any admin account by triggering POST /api/_action/user/user-recovery, reading the password recovery hash through POST /api/search/user-recovery, and using PATCH /api/_action/user/user-recovery/password; the root cause is that src/Core/System/User/Recovery/UserRecoveryDefinition.php exposes the hash field through the Admin API without ApiAware(false) or ReadProtection. This issue is fixed in versions 6.6.10.18 and 6.7.10.1.

Action-Not Available
Vendor-shopware
Product-shopwareplatform
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-48014
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 14.16%
||
7 Day CHG~0.00%
Published-17 Jul, 2026 | 17:56
Updated-17 Jul, 2026 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Shopware: Admin API ACL Bypass in Order State Transition Endpoints

Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, the order state transition features /api/_action/order/{orderId}/state/{transition} and similar transaction and delivery transition routes in src/Core/Checkout/Order/Api/OrderActionController.php do not declare PlatformRequest::ATTRIBUTE_ACL or perform an explicit privilege check, so AclAnnotationValidator exits when route ACL metadata is absent and low-privileged users without order:update, order_transaction:update, or order_delivery:update can trigger StateMachineRegistry::transition() writes in SYSTEM_SCOPE. This issue is fixed in versions 6.6.10.18 and 6.7.10.1.

Action-Not Available
Vendor-shopware
Product-shopwareplatform
CWE ID-CWE-862
Missing Authorization
CVE-2026-48010
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.26% / 17.95%
||
7 Day CHG~0.00%
Published-17 Jul, 2026 | 17:55
Updated-18 Jul, 2026 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Shopware: Privilege escalation: non-admin user with user:create ACL can create admin accounts

Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, UserController::upsertUser() in src/Core/Framework/Api/Controller/UserController.php writes raw user data in SYSTEM_SCOPE without filtering the admin field, so a non-admin API user with user:create or user:update ACL permission can set admin: true on new or existing users; IntegrationController::upsertIntegration() contains an isAdmin() check for the same field, but UserController was missing this check. This issue is fixed in versions 6.6.10.18 and 6.7.10.1.

Action-Not Available
Vendor-shopware
Product-shopwareplatform
CWE ID-CWE-269
Improper Privilege Management
CVE-2026-48016
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.24% / 14.80%
||
7 Day CHG~0.00%
Published-17 Jul, 2026 | 17:54
Updated-17 Jul, 2026 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Shopware: Unauthorized Payment Trigger for Foreign Orders via /store-api/handle-payment

Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, the Store API endpoint /store-api/handle-payment in src/Core/Checkout/Payment/SalesChannel/HandlePaymentMethodRoute.php accepts a user-controlled orderId and forwards it to src/Core/Checkout/Payment/PaymentProcessor.php without verifying order ownership or guest-order authentication, allowing a normal customer or guest context to trigger the payment flow for another user's order while /store-api/order enforces the expected ownership model. This issue is fixed in versions 6.6.10.18 and 6.7.10.1.

Action-Not Available
Vendor-shopware
Product-shopwareplatform
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-48015
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.28% / 19.82%
||
7 Day CHG~0.00%
Published-17 Jul, 2026 | 17:53
Updated-17 Jul, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Shopware: Stored XSS via SVG file upload — no SVG sanitization

Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, SVG files are in the allowed_extensions whitelist in src/Core/Framework/Resources/config/packages/shopware.yaml and can be uploaded via the media manager without SVG content sanitization in the upload pipeline from MediaUploadController to FileSaver to TypeDetector, allowing malicious SVG JavaScript such as onload, <script>, and <foreignObject> to execute in the Shopware domain when the uploaded SVG is viewed. This issue is fixed in versions 6.6.10.18 and 6.7.10.1.

Action-Not Available
Vendor-shopware
Product-shopwareplatform
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-48008
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.26% / 17.95%
||
7 Day CHG~0.00%
Published-17 Jul, 2026 | 17:47
Updated-17 Jul, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Shopware: Privilege Escalation via Sync API Integration Admin Flag Bypass

Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, a non-admin API user with integration:create ACL privilege can escalate to full administrator by creating an integration with admin: true through the Sync API POST /api/_action/sync; the regular integration endpoint POST /api/integration blocks this, but SyncController::sync() routes writes through SyncService to EntityWriter::upsert(), and src/Core/Framework/Integration/IntegrationDefinition.php lacks WriteProtection on the admin field. This issue is fixed in versions 6.6.10.18 and 6.7.10.1.

Action-Not Available
Vendor-shopware
Product-shopwareplatform
CWE ID-CWE-862
Missing Authorization
CVE-2026-56769
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-6.3||MEDIUM
EPSS-0.22% / 12.04%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 18:05
Updated-14 Jul, 2026 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Huly Platform - Server-Side Request Forgery via /import Endpoint

Huly Platform through 0.7.423, fixed in commit 68cbf8a contains an authenticated server-side request forgery vulnerability in the /import endpoint of front pod that allows workspace users to make arbitrary server requests. Attackers can exploit this by supplying malicious URLs to fetch internal services, exfiltrate responses, and replay credentials against backend systems.

Action-Not Available
Vendor-hcengineering
Product-platform
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-31889
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-8.9||HIGH
EPSS-0.27% / 18.54%
||
7 Day CHG~0.00%
Published-11 Mar, 2026 | 18:56
Updated-16 Mar, 2026 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Shopware has a potential take over of app credentials

Shopware is an open commerce platform. Prior to 6.6.10.15 and 6.7.8.1, a vulnerability in the Shopware app registration flow that could, under specific conditions, allow attackers to take over the communication channel between a shop and an app. The legacy app registration flow used HMAC‑based authentication without sufficiently binding a shop installation to its original domain. During re‑registration, the shop-url could be updated without proving control over the previously registered shop or domain. This made targeted hijacking of app communication feasible if an attacker possessed the relevant app‑side secret. By abusing app re‑registration, an attacker could redirect app traffic to an attacker‑controlled domain and potentially obtain API credentials intended for the legitimate shop. This vulnerability is fixed in 6.6.10.15 and 6.7.8.1.

Action-Not Available
Vendor-shopwareshopware
Product-shopwarecoreplatform
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2026-31888
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.22% / 12.23%
||
7 Day CHG~0.00%
Published-11 Mar, 2026 | 18:53
Updated-16 Mar, 2026 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Shopware has user enumeration via distinct error codes on Store API login endpoint

Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, the Store API login endpoint (POST /store-api/account/login) returns different error codes depending on whether the submitted email address belongs to a registered customer (CHECKOUT__CUSTOMER_AUTH_BAD_CREDENTIALS) or is unknown (CHECKOUT__CUSTOMER_NOT_FOUND). The "not found" response also echoes the probed email address. This allows an unauthenticated attacker to enumerate valid customer accounts. The storefront login controller correctly unifies both error paths, but the Store API does not — indicating an inconsistent defense. This vulnerability is fixed in 6.7.8.1 and 6.6.10.15.

Action-Not Available
Vendor-shopwareshopware
Product-shopwarecoreplatform
CWE ID-CWE-204
Observable Response Discrepancy
CVE-2026-31887
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-8.9||HIGH
EPSS-0.24% / 14.67%
||
7 Day CHG~0.00%
Published-11 Mar, 2026 | 18:49
Updated-16 Mar, 2026 | 20:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Shopware unauthenticated data extraction possible through store-api.order endpoint

Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, an insufficient check on the filter types for unauthenticated customers allows access to orders of other customers. This is part of the deepLinkCode support on the store-api.order endpoint. This vulnerability is fixed in 6.7.8.1 and 6.6.10.15.

Action-Not Available
Vendor-shopwareshopware
Product-shopwarecoreplatform
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-57212
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.25% / 16.39%
||
7 Day CHG~0.00%
Published-04 Dec, 2025 | 00:00
Updated-05 Dec, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect access control in the component ApiOrderService.java of platform v1.0.0 allows attackers to access sensitive information via a crafted request.

Action-Not Available
Vendor-fuyang_lipengjunn/a
Product-platformn/a
CWE ID-CWE-284
Improper Access Control
CVE-2025-57213
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.25% / 16.39%
||
7 Day CHG~0.00%
Published-04 Dec, 2025 | 00:00
Updated-05 Dec, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect access control in the component orderService.queryObject of platform v1.0.0 allows attackers to access sensitive information via a crafted request.

Action-Not Available
Vendor-fuyang_lipengjunn/a
Product-platformn/a
CWE ID-CWE-284
Improper Access Control
CVE-2025-57210
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.25% / 16.39%
||
7 Day CHG~0.00%
Published-04 Dec, 2025 | 00:00
Updated-05 Dec, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect access control in the component ApiPayController.java of platform v1.0.0 allows attackers to access sensitive information via unspecified vectors.

Action-Not Available
Vendor-fuyang_lipengjunn/a
Product-platformn/a
CWE ID-CWE-284
Improper Access Control
CVE-2025-13265
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.56% / 42.80%
||
7 Day CHG+0.05%
Published-17 Nov, 2025 | 05:32
Updated-28 Nov, 2025 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
lsfusion platform ZipUtils.java unpackFile path traversal

A weakness has been identified in lsfusion platform up to 6.1. This vulnerability affects the function unpackFile of the file server/src/main/java/lsfusion/server/physics/dev/integration/external/to/file/ZipUtils.java. This manipulation causes path traversal. It is possible to initiate the attack remotely.

Action-Not Available
Vendor-lsfusionlsfusion
Product-platformplatform
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-13262
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.57% / 43.56%
||
7 Day CHG+0.05%
Published-17 Nov, 2025 | 04:02
Updated-25 Nov, 2025 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
lsfusion platform UploadFileRequestHandler.java UploadFileRequestHandler path traversal

A vulnerability was determined in lsfusion platform up to 6.1. Affected by this vulnerability is the function UploadFileRequestHandler of the file platform/web-client/src/main/java/lsfusion/http/controller/file/UploadFileRequestHandler.java. Executing manipulation of the argument sid can lead to path traversal. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.

Action-Not Available
Vendor-lsfusionlsfusion
Product-platformplatform
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-13261
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.69% / 48.54%
||
7 Day CHG+0.06%
Published-17 Nov, 2025 | 03:32
Updated-25 Nov, 2025 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
lsfusion platform DownloadFileRequestHandler.java DownloadFileRequestHandler path traversal

A vulnerability was found in lsfusion platform up to 6.1. Affected is the function DownloadFileRequestHandler of the file web-client/src/main/java/lsfusion/http/controller/file/DownloadFileRequestHandler.java. Performing manipulation of the argument Version results in path traversal. Remote exploitation of the attack is possible. The exploit has been made public and could be used.

Action-Not Available
Vendor-lsfusionlsfusion
Product-platformplatform
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-10822
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.33% / 24.60%
||
7 Day CHG~0.00%
Published-22 Sep, 2025 | 23:32
Updated-03 Oct, 2025 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
fuyang_lipengjun platform queryAll SysSmsLogController improper authorization

A vulnerability has been found in fuyang_lipengjun platform 1.0. The impacted element is the function SysSmsLogController of the file /sys/smslog/queryAll. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-fuyang_lipengjunfuyang_lipengjun
Product-platformplatform
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-285
Improper Authorization
CVE-2025-10821
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.33% / 24.60%
||
7 Day CHG~0.00%
Published-22 Sep, 2025 | 23:02
Updated-03 Oct, 2025 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
fuyang_lipengjun platform queryAll TopicCategoryController improper authorization

A flaw has been found in fuyang_lipengjun platform 1.0. The affected element is the function TopicCategoryController of the file /topiccategory/queryAll. This manipulation causes improper authorization. The attack is possible to be carried out remotely. The exploit has been published and may be used.

Action-Not Available
Vendor-fuyang_lipengjunfuyang_lipengjun
Product-platformplatform
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-285
Improper Authorization
CVE-2025-10820
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.34% / 25.81%
||
7 Day CHG~0.00%
Published-22 Sep, 2025 | 22:32
Updated-03 Oct, 2025 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
fuyang_lipengjun platform queryAll TopicController improper authorization

A vulnerability was detected in fuyang_lipengjun platform 1.0. Impacted is the function TopicController of the file /topic/queryAll. The manipulation results in improper authorization. The attack can be executed remotely. The exploit is now public and may be used.

Action-Not Available
Vendor-fuyang_lipengjunfuyang_lipengjun
Product-platformplatform
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-285
Improper Authorization
CVE-2025-10819
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.34% / 25.81%
||
7 Day CHG~0.00%
Published-22 Sep, 2025 | 22:32
Updated-03 Oct, 2025 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
fuyang_lipengjun platform queryAll UserCouponController improper authorization

A security vulnerability has been detected in fuyang_lipengjun platform 1.0. This issue affects the function UserCouponController of the file /usercoupon/queryAll. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

Action-Not Available
Vendor-fuyang_lipengjunfuyang_lipengjun
Product-platformplatform
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-285
Improper Authorization
CVE-2025-10676
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.33% / 24.60%
||
7 Day CHG~0.00%
Published-18 Sep, 2025 | 16:02
Updated-03 Oct, 2025 | 17:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
fuyang_lipengjun platform queryAll BrandController improper authorization

A weakness has been identified in fuyang_lipengjun platform 1.0. Affected is the function BrandController of the file /brand/queryAll. Executing manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.

Action-Not Available
Vendor-fuyang_lipengjunfuyang_lipengjun
Product-platformplatform
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-285
Improper Authorization
CVE-2025-10675
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.33% / 24.60%
||
7 Day CHG~0.00%
Published-18 Sep, 2025 | 16:02
Updated-03 Oct, 2025 | 17:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
fuyang_lipengjun platform queryAll AttributeController improper authorization

A security flaw has been discovered in fuyang_lipengjun platform 1.0. This impacts the function AttributeController of the file /attribute/queryAll. Performing manipulation results in improper authorization. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.

Action-Not Available
Vendor-fuyang_lipengjunfuyang_lipengjun
Product-platformplatform
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-285
Improper Authorization
CVE-2025-10674
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.33% / 24.60%
||
7 Day CHG~0.00%
Published-18 Sep, 2025 | 15:32
Updated-03 Oct, 2025 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
fuyang_lipengjun platform queryAll AttributeCategoryController improper authorization

A vulnerability was identified in fuyang_lipengjun platform 1.0. This affects the function AttributeCategoryController of the file /attributecategory/queryAll. Such manipulation leads to improper authorization. The attack may be launched remotely. The exploit is publicly available and might be used.

Action-Not Available
Vendor-fuyang_lipengjunfuyang_lipengjun
Product-platformplatform
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-285
Improper Authorization
CVE-2025-10086
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 21.52%
||
7 Day CHG~0.00%
Published-08 Sep, 2025 | 06:02
Updated-09 Oct, 2025 | 20:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
fuyang_lipengjun platform AdPositionController queryAll improper authorization

A weakness has been identified in fuyang_lipengjun platform 1.0.0. This issue affects the function queryAll of the file /adposition/queryAll of the component AdPositionController. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. Affects another part than CVE-2025-9936.

Action-Not Available
Vendor-fuyang_lipengjunfuyang_lipengjun
Product-platformplatform
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-285
Improper Authorization
CVE-2025-9936
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.33% / 24.64%
||
7 Day CHG~0.00%
Published-03 Sep, 2025 | 23:02
Updated-09 Oct, 2025 | 20:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
fuyang_lipengjun platform queryAll AdController improper authorization

A vulnerability was identified in fuyang_lipengjun platform 1.0.0. This issue affects the function AdController of the file /ad/queryAll. The manipulation leads to improper authorization. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.

Action-Not Available
Vendor-fuyang_lipengjunfuyang_lipengjun
Product-platformplatform
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-285
Improper Authorization
CVE-2025-7936
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.35% / 27.41%
||
7 Day CHG~0.00%
Published-21 Jul, 2025 | 19:32
Updated-07 Oct, 2025 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
fuyang_lipengjun platform ScheduleJobLogController.java queryPage sql injection

A vulnerability has been found in fuyang_lipengjun platform up to ca9aceff6902feb7b0b6bf510842aea88430796a and classified as critical. Affected by this vulnerability is the function queryPage of the file com/platform/controller/ScheduleJobLogController.java. The manipulation of the argument beanName/methodName leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

Action-Not Available
Vendor-fuyang_lipengjunfuyang_lipengjun
Product-platformplatform
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7935
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.42% / 33.74%
||
7 Day CHG~0.00%
Published-21 Jul, 2025 | 19:02
Updated-09 Oct, 2025 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
fuyang_lipengjun platform SysLogController.java SysLogController sql injection

A vulnerability, which was classified as critical, was found in fuyang_lipengjun platform up to ca9aceff6902feb7b0b6bf510842aea88430796a. Affected is the function SysLogController of the file platform-admin/src/main/java/com/platform/controller/SysLogController.java. The manipulation of the argument key leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

Action-Not Available
Vendor-fuyang_lipengjunfuyang_lipengjun
Product-platformplatform
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7934
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.42% / 33.74%
||
7 Day CHG~0.00%
Published-21 Jul, 2025 | 18:32
Updated-09 Oct, 2025 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
fuyang_lipengjun platform ScheduleJobController.java queryPage sql injection

A vulnerability, which was classified as critical, has been found in fuyang_lipengjun platform up to ca9aceff6902feb7b0b6bf510842aea88430796a. This issue affects the function queryPage of the file platform-schedule/src/main/java/com/platform/controller/ScheduleJobController.java. The manipulation of the argument beanName leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.

Action-Not Available
Vendor-fuyang_lipengjunfuyang_lipengjun
Product-platformplatform
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-1683
Assigner-1E Limited
ShareView Details
Assigner-1E Limited
CVSS Score-7.8||HIGH
EPSS-0.21% / 11.01%
||
7 Day CHG~0.00%
Published-12 Mar, 2025 | 15:25
Updated-30 Jan, 2026 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Symbolic Link Exploit in 1E Client's - Nomad module allows Arbitrary File Deletion

Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged access on a Windows system to delete arbitrary files on the device by exploiting symbolic links.

Action-Not Available
Vendor-1E Ltd
Product-platform1E Client
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-51992
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-4.1||MEDIUM
EPSS-0.32% / 24.33%
||
7 Day CHG~0.00%
Published-11 Nov, 2024 | 19:17
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Method Exposure Vulnerability in Modals in orchid/platform

Orchid is a @laravel package that allows for rapid application development of back-office applications, admin/user panels, and dashboards. This vulnerability is a method exposure issue (CWE-749: Exposed Dangerous Method or Function) in the Orchid Platform’s asynchronous modal functionality, affecting users of Orchid Platform version 8 through 14.42.x. Attackers could exploit this vulnerability to call arbitrary methods within the `Screen` class, leading to potential brute force of database tables, validation checks against user credentials, and disclosure of the server’s real IP address. The issue has been patched in the latest release, version 14.43.0, released on November 6, 2024. Users should upgrade to version 14.43.0 or later to address this vulnerability. If upgrading to version 14.43.0 is not immediately possible, users can mitigate the vulnerability by implementing middleware to intercept and validate requests to asynchronous modal endpoints, allowing only approved methods and parameters.

Action-Not Available
Vendor-orchidsoftware
Product-platform
CWE ID-CWE-749
Exposed Dangerous Method or Function
CVE-2024-7211
Assigner-1E Limited
ShareView Details
Assigner-1E Limited
CVSS Score-4.7||MEDIUM
EPSS-0.24% / 15.10%
||
7 Day CHG~0.00%
Published-01 Aug, 2024 | 16:49
Updated-18 Jun, 2025 | 18:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The Duende Identity Server based component in 1E Platform may allow URL redirections to untrusted websites.

The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users. Note: 1E Platform's component utilizing the third-party Duende Identity Server has been updated with the patch that includes the fix.

Action-Not Available
Vendor-1E Ltd
Product-platform1E Platform
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-34089
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.46% / 37.08%
||
7 Day CHG~0.00%
Published-06 May, 2024 | 00:00
Updated-28 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.14 P3 (6.14.0.3) is also a fixed release.

Action-Not Available
Vendor-archerirmn/aarcher
Product-archern/aplatform
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-34091
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.51% / 39.81%
||
7 Day CHG~0.00%
Published-06 May, 2024 | 00:00
Updated-18 Mar, 2025 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed in the background of the application and renders content inaccessible. 6.14 P3 (6.14.0.3) is also a fixed release.

Action-Not Available
Vendor-archerirmn/aarcher
Product-archern/aplatform
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-26312
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.41% / 32.85%
||
7 Day CHG~0.00%
Published-06 May, 2024 | 00:00
Updated-18 Mar, 2025 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Archer Platform 6 before 2024.03 contains a sensitive information disclosure vulnerability. An authenticated attacker could potentially obtain access to sensitive information via a popup warning message.

Action-Not Available
Vendor-archerirmn/aarcher
Product-archern/aplatform
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-45824
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.44% / 35.65%
||
7 Day CHG~0.00%
Published-25 Mar, 2024 | 18:15
Updated-22 Aug, 2024 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OroPlatform's pinned entity creation form shows pages of other users

OroPlatform is a PHP Business Application Platform (BAP). A logged in user can access page state data of pinned pages of other users by pageId hash. This vulnerability is fixed in 5.1.4.

Action-Not Available
Vendor-oroinc
Product-platform
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-26310
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.39% / 31.13%
||
7 Day CHG~0.00%
Published-21 Feb, 2024 | 00:00
Updated-18 Mar, 2025 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Archer Platform 6.8 before 6.14 P2 (6.14.0.2) contains an improper access control vulnerability. A remote authenticated malicious user could potentially exploit this to gain access to API information that should only be accessible with extra privileges.

Action-Not Available
Vendor-archerirmn/aarcher
Product-archern/aplatform
CWE ID-CWE-284
Improper Access Control
CVE-2023-50166
Assigner-Pegasystems Inc.
ShareView Details
Assigner-Pegasystems Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.34% / 25.80%
||
7 Day CHG~0.00%
Published-31 Jan, 2024 | 17:26
Updated-11 Jun, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pega Platform from 8.5.4 to 8.8.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter.

Action-Not Available
Vendor-pegaPegasystems
Product-platformPega Platform
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-50165
Assigner-Pegasystems Inc.
ShareView Details
Assigner-Pegasystems Inc.
CVSS Score-8.5||HIGH
EPSS-0.34% / 25.95%
||
7 Day CHG~0.00%
Published-31 Jan, 2024 | 17:21
Updated-17 Oct, 2024 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pega Platform versions 8.2.1 to Infinity 23.1.0 are affected by an Generated PDF issue that could expose file contents.

Action-Not Available
Vendor-pegaPegasystems
Product-platformPega Platform
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-41951
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.95% / 57.16%
||
7 Day CHG~0.00%
Published-27 Nov, 2023 | 20:27
Updated-03 Aug, 2024 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OroPlatform vulnerable to path traversal during temporary file manipulations

OroPlatform is a PHP Business Application Platform (BAP) designed to make development of custom business applications easier and faster. Path Traversal is possible in `Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName`. With this method, an attacker can pass the path to a non-existent file, which will allow writing the content to a new file that will be available during script execution. This vulnerability has been fixed in version 5.0.9.

Action-Not Available
Vendor-oroincoroinc
Product-oroplatformplatform
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-5964
Assigner-1E Limited
ShareView Details
Assigner-1E Limited
CVSS Score-9.9||CRITICAL
EPSS-0.83% / 53.41%
||
7 Day CHG~0.00%
Published-06 Nov, 2023 | 12:27
Updated-12 Jun, 2025 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
1E-Exchange-DisplayMessage instruction allows for arbitrary code execution

The 1E-Exchange-DisplayMessageinstruction that is part of the End-User Interaction product pack available on the 1E Exchange does not properly validate the Caption or Message parameters, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This instruction only runs on Windows clients. To remediate this issue DELETE the instruction “Show dialogue with caption %Caption% and message %Message%” from the list of instructions in the Settings UI, and replace it with the new instruction 1E-Exchange-ShowNotification instruction available in the updated End-User Interaction product pack. The new instruction should show as “Show %Type% type notification with header %Header% and message %Message%” with a version of 7.1 or above.

Action-Not Available
Vendor-1E Ltd
Product-platformPlatform
CWE ID-CWE-20
Improper Input Validation
CVE-2023-45163
Assigner-1E Limited
ShareView Details
Assigner-1E Limited
CVSS Score-9.9||CRITICAL
EPSS-0.86% / 54.32%
||
7 Day CHG~0.00%
Published-06 Nov, 2023 | 12:19
Updated-18 Jun, 2025 | 18:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
1E-Exchange-CommandLinePing instruction before v18.1 allows for arbitrary code execution

The 1E-Exchange-CommandLinePing instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the input parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This instruction only runs on Windows clients. To remediate this issue download the updated Network product pack from the 1E Exchange and update the 1E-Exchange-CommandLinePing instruction to v18.1 by uploading it through the 1E Platform instruction upload UI

Action-Not Available
Vendor-1E Ltd
Product-platformPlatform
CWE ID-CWE-20
Improper Input Validation
CVE-2023-45161
Assigner-1E Limited
ShareView Details
Assigner-1E Limited
CVSS Score-9.9||CRITICAL
EPSS-0.83% / 53.41%
||
7 Day CHG~0.00%
Published-06 Nov, 2023 | 12:13
Updated-18 Jun, 2025 | 18:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
1E-Exchange-URLResponseTime instruction before v20.1 allows arbitrary code execution

The 1E-Exchange-URLResponseTime instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the URL parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This instruction only runs on Windows clients. To remediate this issue download the updated Network product pack from the 1E Exchange and update the 1E-Exchange-URLResponseTime instruction to v20.1 by uploading it through the 1E Platform instruction upload UI

Action-Not Available
Vendor-1E Ltd
Product-platformPlatform
CWE ID-CWE-20
Improper Input Validation
CVE-2023-32089
Assigner-Pegasystems Inc.
ShareView Details
Assigner-Pegasystems Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.30% / 21.78%
||
7 Day CHG~0.00%
Published-18 Oct, 2023 | 11:45
Updated-12 Sep, 2024 | 18:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pega Platform versions 8.1 to 8.8.2 are affected by an XSS issue with Pin description

Action-Not Available
Vendor-pegaPegasystems
Product-platformPega Platform
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-32088
Assigner-Pegasystems Inc.
ShareView Details
Assigner-Pegasystems Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.30% / 21.77%
||
7 Day CHG~0.00%
Published-18 Oct, 2023 | 11:42
Updated-12 Sep, 2024 | 18:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with ad-hoc case creation

Action-Not Available
Vendor-pegaPegasystems
Product-platformPega Platform
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-32087
Assigner-Pegasystems Inc.
ShareView Details
Assigner-Pegasystems Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.30% / 21.77%
||
7 Day CHG~0.00%
Published-18 Oct, 2023 | 11:39
Updated-12 Sep, 2024 | 18:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with task creation

Action-Not Available
Vendor-pegaPegasystems
Product-platformPega Platform
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-45162
Assigner-1E Limited
ShareView Details
Assigner-1E Limited
CVSS Score-9.9||CRITICAL
EPSS-0.64% / 46.68%
||
7 Day CHG~0.00%
Published-13 Oct, 2023 | 12:48
Updated-18 Jun, 2025 | 18:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Blind SQL vulnerability in 1E platform

Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution.  Application of the relevant hotfix remediates this issue. for v8.1.2 apply hotfix Q23166 for v8.4.1 apply hotfix Q23164 for v9.0.1 apply hotfix Q23169 SaaS implementations on v23.7.1 will automatically have hotfix Q23173 applied. Customers with SaaS versions below this are urged to upgrade urgently - please contact 1E to arrange this

Action-Not Available
Vendor-1E Ltd
Product-platform1E Platform
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-36825
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-9.7||CRITICAL
EPSS-1.12% / 62.66%
||
7 Day CHG+0.17%
Published-11 Jul, 2023 | 17:49
Updated-23 Oct, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Orchid Deserialization of Untrusted Data vulnerability leads to Remote Code Execution

Orchid is a Laravel package that allows application development of back-office applications, admin/user panels, and dashboards. A vulnerability present starting in version 14.0.0-alpha4 and prior to version 14.5.0 is related to the deserialization of untrusted data from the `_state` query parameter, which can result in remote code execution. The issue has been addressed in version 14.5.0. Users are advised to upgrade their software to this version or any subsequent versions that include the patch. There are no known workarounds.

Action-Not Available
Vendor-orchidorchidsoftwareorchid
Product-platformplatformplatform
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-22733
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-2.7||LOW
EPSS-0.70% / 49.20%
||
7 Day CHG~0.00%
Published-17 Jan, 2023 | 21:37
Updated-10 Mar, 2025 | 21:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Output Neutralization in Log Module in shopware

Shopware is an open source commerce platform based on Symfony Framework and Vue js. In affected versions the log module would write out all kind of sent mails. An attacker with access to either the local system logs or a centralized logging store may have access to other users accounts. This issue has been addressed in version 6.4.18.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version. Users unable to upgrade may remove from all users the log module ACL rights or disable logging.

Action-Not Available
Vendor-shopwareshopware
Product-shopwareplatform
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2023-22732
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-3.7||LOW
EPSS-0.73% / 50.13%
||
7 Day CHG~0.00%
Published-17 Jan, 2023 | 21:34
Updated-10 Mar, 2025 | 21:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insufficient Session Expiration in Administration in shopware

Shopware is an open source commerce platform based on Symfony Framework and Vue js. The Administration session expiration was set to one week, when an attacker has stolen the session cookie they could use it for a long period of time. In version 6.4.18.1 an automatic logout into the Administration session has been added. As a result the user will be logged out when they are inactive. Users are advised to upgrade. There are no known workarounds for this issue.

Action-Not Available
Vendor-shopwareshopware
Product-shopwareplatform
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2023-22731
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-1.33% / 67.96%
||
7 Day CHG~0.00%
Published-17 Jan, 2023 | 21:31
Updated-10 Mar, 2025 | 21:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Control of Generation of Code in Twig rendered views in shopware

Shopware is an open source commerce platform based on Symfony Framework and Vue js. In a Twig environment **without the Sandbox extension**, it is possible to refer to PHP functions in twig filters like `map`, `filter`, `sort`. This allows a template to call any global PHP function and thus execute arbitrary code. The attacker must have access to a Twig environment in order to exploit this vulnerability. This problem has been fixed with 6.4.18.1 with an override of the specified filters until the integration of the Sandbox extension has been finished. Users are advised to upgrade. Users of major versions 6.1, 6.2, and 6.3 may also receive this fix via a plugin.

Action-Not Available
Vendor-shopwareshopware
Product-shopwareplatform
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
  • Previous
  • 1
  • 2
  • Next