shopware/core Security Advisories for v6.6.10.2 (5)
-
[LOW] Shopware default newsletter opt-in settings allow for mass sign-up abuse
PKSA-8vfm-96b7-t9nt CVE-2025-32378 GHSA-4h9w-7vfp-px8m
Affected version: <6.5.8.17|>=6.7.0.0-rc1,<6.7.0.0-rc2|>=6.6.0.0-rc1,<6.6.10.3
Reported by:
GitHub -
[MEDIUM] Shopware Broken ACL on Document retrieval to access other customers documents
PKSA-frt7-rv6d-9v53 GHSA-68wv-g3fw-pq7q
Affected version: <6.5.8.17|>=6.7.0.0-rc1,<6.7.0.0-rc2|>=6.6.0.0,<6.6.10.3
Reported by:
GitHub -
[HIGH] Shopware Vulnerable to Blind SQL-injection in DAL aggregations
PKSA-m54b-2v2z-x1bs CVE-2025-27892 GHSA-8g35-7rmw-7f59
Affected version: <6.5.8.17|>=6.7.0.0-rc1,<6.7.0.0-rc2|>=6.6.0.0,<6.6.10.3
Reported by:
GitHub -
[HIGH] Shopware allows Denial Of Service via password length
PKSA-k472-zz4q-rd5r CVE-2025-30151 GHSA-cgfj-hj93-rmh2
Affected version: <6.5.8.17|>=6.7.0.0-rc1,<6.7.0.0-rc2|>=6.6.0.0,<6.6.10.3
Reported by:
GitHub -
[MEDIUM] Shopware 6 allows attackers to check for registered accounts through the store-api
PKSA-dbxn-psgm-2qmr CVE-2025-30150 GHSA-hh7j-6x3q-f52h
Affected version: <6.5.8.17|>=6.7.0.0-rc1,<6.7.0.0-rc2|>=6.6.0.0,<6.6.10.3
Reported by:
GitHub