[HIGH] Shopware Vulnerable to Blind SQL-injection in DAL aggregations

PKSA-fkd6-58gd-wqfz CVE-2025-27892 GHSA-8g35-7rmw-7f59

Affected version: <=6.6.10.2|=6.7.0.0-rc1

Reported by:
GitHub

[MEDIUM] Shopware 6 allows attackers to check for registered accounts through the store-api

PKSA-4xth-xj4w-m8t1 CVE-2025-30150 GHSA-hh7j-6x3q-f52h

Affected version: =6.7.0.0-rc1|<=6.6.10.2

Reported by:
GitHub