Pimcore Latest Vulnerabilities
Latest vulnerabilities published by pimcore
Vulnerability Published:
๐๏ธ Published
- Anytime
Sort By:
๐๏ธ Published Date
- Descending
HTML Injection Vulnerability in Pimcore's Admin Classic Bundle
CVE-2025-30166PimcoreAdmin-ui-classic-bundle1.8LOWSQL Injection Vulnerability in Pimcore Data Management Platform
CVE-2025-27617PimcorePimcore6.3MEDIUMUser Enumeration Vulnerability in Pimcore Backend UI
CVE-2025-24980PimcoreAdmin-ui-classic-bundle6.9MEDIUMSQL Injection Vulnerability in Pimcore Customer Data Framework
CVE-2024-11956PimcoreCustomer-data-framework๐พ๐ก5.1MEDIUMCross-Site Scripting Vulnerability in Pimcore Search Document Component
CVE-2024-11954PimcorePimcore๐พ๐ก5.1MEDIUMStored XSS vulnerability in Pricing Rules (pimcore versions 10.5.19 and lower)
CVE-2023-2332PimcorePimcore/pimcore4.8MEDIUMPassword Management Vulnerability in Pimcore Data and Experience Management Platform
CVE-2024-49370PimcorePimcore4.9MEDIUMPimcore Admin Bundle Vulnerability
CVE-2024-41109PimcoreAdmin-ui-classic-bundle6.3MEDIUMPimcore Thumbnail Generation Vulnerability
CVE-2024-32871PimcorePimcore7.5HIGHPreviews Vulnerability in Pimcore Allows Unauthorized Access to Confidential Information
CVE-2024-29197PimcorePimcore๐พ๐ก6.5MEDIUMPotential Security Vulnerability in Pimcore's Admin Classic Bundle
CVE-2024-25625PimcoreAdmin-ui-classic-bundle9.3CRITICALPimcore Fixes Tag Management Vulnerability in Admin Classic Bundle
CVE-2024-24822PimcoreAdmin-ui-classic-bundle6.5MEDIUMPimcore Admin Classic Bundle SQL Injection in Admin download files as zip
CVE-2024-23646PimcoreAdmin-ui-classic-bundle8.8HIGHPimcore Admin Classic Bundle host header injection in the password reset
CVE-2024-23648pimcoreadmin-ui-classic-bundle8.8HIGHPimcore Customer Data Framework Improper Access Control allows unprivileged user to access GDPR extracts
CVE-2024-21667pimcorecustomer-data-framework6.5MEDIUMPimcore Customer Data Framework Improper Access Control allows unprivileged user to access customers duplicates list
CVE-2024-21666pimcorecustomer-data-framework6.5MEDIUMPimcore Ecommerce Framework Bundle Improper Access Control allows unprivileged user to access back-office orders list
CVE-2024-21665pimcoreecommerce-framework-bu...4.3MEDIUMPimcore missing token/header to prevent CSRF
CVE-2023-49076pimcorecustomer-data-framework6.5MEDIUMPimcore Admin UI has Two Factor Authentication disabled for non admin security firewalls
CVE-2023-49075pimcoreadmin-ui-classic-bundle7.2HIGHFull Path Disclosure via re-export document in pimcore/admin-ui-classic-bundle
CVE-2023-47636PimcoreAdmin-ui-classic-bundle5.3MEDIUMSQL Injection in Admin Grid Filter API in Pimcore
CVE-2023-47637PimcorePimcoreEPSS 69%8.8HIGHPimcore Admin Classic Bundle Cross-site Scripting (XSS) in PDF previews
CVE-2023-46722PimcoreAdmin-ui-classic-bundle6.1MEDIUMCross-site Scripting (XSS) - Stored in pimcore/pimcore
CVE-2023-5873PimcorePimcore/pimcore5.4MEDIUMUnverified Password Change in pimcore/admin-ui-classic-bundle
CVE-2023-5844PimcorePimcore/admin-ui-class...4.3MEDIUMExcessive Data Query Operations in a Large Data Table in pimcore/demo
CVE-2023-5192PimcorePimcore/demo6.1MEDIUM