Vulnerabilities > Shopware > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-08-08 CVE-2024-42355 Code Injection vulnerability in Shopware
Shopware, an open ecommerce platform, has a new Twig Tag `sw_silent_feature_call` which silences deprecation messages while triggered in this tag.
network
low complexity
shopware CWE-94
critical
 9.8
9.8
2024-08-08 CVE-2024-42357 SQL Injection vulnerability in Shopware
Shopware is an open commerce platform.
network
low complexity
shopware CWE-89
critical
 9.8
9.8
2024-01-16 CVE-2024-22406 SQL Injection vulnerability in Shopware
Shopware is an open headless commerce platform.
network
low complexity
shopware CWE-89
critical
 9.8
9.8
2023-01-17 CVE-2023-22732 Insufficient Session Expiration vulnerability in Shopware
Shopware is an open source commerce platform based on Symfony Framework and Vue js.
network
low complexity
shopware CWE-613
critical
 9.8
9.8
2021-08-16 CVE-2021-37708 OS Command Injection vulnerability in Shopware
Shopware is an open source eCommerce platform.
network
low complexity
shopware CWE-78
critical
 9.8
9.8
2017-04-21 CVE-2016-3109 Improper Input Validation vulnerability in Shopware
The backend/Login/load/ script in Shopware before 5.1.5 allows remote attackers to execute arbitrary code.
network
low complexity
shopware CWE-20
critical
 10.0
10