[HIGH] Shopware Vulnerable to Blind SQL-injection in DAL aggregations

PKSA-m54b-2v2z-x1bs CVE-2025-27892 GHSA-8g35-7rmw-7f59

Affected version: <=6.6.10.2|=6.7.0.0-rc1

Reported by:
GitHub

[MEDIUM] Shopware 6 allows attackers to check for registered accounts through the store-api

PKSA-dbxn-psgm-2qmr CVE-2025-30150 GHSA-hh7j-6x3q-f52h

Affected version: =6.7.0.0-rc1|<=6.6.10.2

Reported by:
GitHub