Pimcore Latest Vulnerabilities
Latest vulnerabilities published by pimcore
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
User Enumeration Vulnerability in Pimcore Backend UI
CVE-2025-24980PimcoreAdmin-ui-classic-bundle6.9MEDIUMSQL Injection Vulnerability in Pimcore Customer Data Framework
CVE-2024-11956PimcoreCustomer-data-frameworkπΎπ‘5.1MEDIUMCross-Site Scripting Vulnerability in Pimcore Search Document Component
CVE-2024-11954PimcorePimcoreπΎπ‘5.1MEDIUMStored XSS vulnerability in Pricing Rules (pimcore versions 10.5.19 and lower)
CVE-2023-2332PimcorePimcore/pimcore4.8MEDIUMPassword Management Vulnerability in Pimcore Data and Experience Management Platform
CVE-2024-49370PimcorePimcore4.9MEDIUMPimcore Admin Bundle Vulnerability
CVE-2024-41109PimcoreAdmin-ui-classic-bundle6.3MEDIUMPimcore Thumbnail Generation Vulnerability
CVE-2024-32871PimcorePimcore7.5HIGHPreviews Vulnerability in Pimcore Allows Unauthorized Access to Confidential Information
CVE-2024-29197PimcorePimcoreπΎπ‘6.5MEDIUMPotential Security Vulnerability in Pimcore's Admin Classic Bundle
CVE-2024-25625PimcoreAdmin-ui-classic-bundle8.1HIGHPimcore Fixes Tag Management Vulnerability in Admin Classic Bundle
CVE-2024-24822PimcoreAdmin-ui-classic-bundle6.5MEDIUMPimcore Admin Classic Bundle SQL Injection in Admin download files as zip
CVE-2024-23646pimcoreadmin-ui-classic-bundle8.8HIGHPimcore Admin Classic Bundle host header injection in the password reset
CVE-2024-23648pimcoreadmin-ui-classic-bundle8.8HIGHPimcore Customer Data Framework Improper Access Control allows unprivileged user to access GDPR extracts
CVE-2024-21667pimcorecustomer-data-framework6.5MEDIUMPimcore Customer Data Framework Improper Access Control allows unprivileged user to access customers duplicates list
CVE-2024-21666pimcorecustomer-data-framework6.5MEDIUMPimcore Ecommerce Framework Bundle Improper Access Control allows unprivileged user to access back-office orders list
CVE-2024-21665pimcoreecommerce-framework-bu...4.3MEDIUMPimcore missing token/header to prevent CSRF
CVE-2023-49076pimcorecustomer-data-framework6.5MEDIUMPimcore Admin UI has Two Factor Authentication disabled for non admin security firewalls
CVE-2023-49075pimcoreadmin-ui-classic-bundle7.2HIGHFull Path Disclosure via re-export document in pimcore/admin-ui-classic-bundle
CVE-2023-47636PimcoreAdmin-ui-classic-bundle5.3MEDIUMSQL Injection in Admin Grid Filter API in Pimcore
CVE-2023-47637PimcorePimcore8.8HIGHPimcore Admin Classic Bundle Cross-site Scripting (XSS) in PDF previews
CVE-2023-46722PimcoreAdmin-ui-classic-bundle6.1MEDIUMCross-site Scripting (XSS) - Stored in pimcore/pimcore
CVE-2023-5873pimcorepimcore/pimcore5.4MEDIUMUnverified Password Change in pimcore/admin-ui-classic-bundle
CVE-2023-5844PimcorePimcore/admin-ui-class...4.3MEDIUMExcessive Data Query Operations in a Large Data Table in pimcore/demo
CVE-2023-5192PimcorePimcore/demo6.1MEDIUMCross-site Scripting (XSS) in pimcore admin-ui-classic-bundle translations
CVE-2023-42817PimcoreAdmin-ui-classic-bundle5.4MEDIUMCross-site Scripting (XSS) - Reflected in pimcore/pimcore
CVE-2023-4453PimcorePimcore/pimcore6.4MEDIUM