Pimcore Latest Vulnerabilities
Latest vulnerabilities published by pimcore
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
Stored XSS vulnerability in Pricing Rules (pimcore versions 10.5.19 and lower)
CVE-2023-2332PimcorePimcore/pimcore4.8MEDIUM- CVE-2024-49370PimcorePimcore4.9MEDIUM
Pimcore Admin Bundle Vulnerability
CVE-2024-41109PimcoreAdmin-ui-classic-bundle6.3MEDIUMPimcore Thumbnail Generation Vulnerability
CVE-2024-32871PimcorePimcore7.5HIGHPreviews Vulnerability in Pimcore Allows Unauthorized Access to Confidential Information
CVE-2024-29197PimcorePimcoreπΎπ‘6.5MEDIUMPotential Security Vulnerability in Pimcore's Admin Classic Bundle
CVE-2024-25625PimcoreAdmin-ui-classic-bundle8.1HIGHPimcore Fixes Tag Management Vulnerability in Admin Classic Bundle
CVE-2024-24822PimcoreAdmin-ui-classic-bundle6.5MEDIUMPimcore Admin Classic Bundle SQL Injection in Admin download files as zip
CVE-2024-23646pimcoreadmin-ui-classic-bundle8.8HIGHPimcore Admin Classic Bundle host header injection in the password reset
CVE-2024-23648pimcoreadmin-ui-classic-bundle8.8HIGHPimcore Customer Data Framework Improper Access Control allows unprivileged user to access GDPR extracts
CVE-2024-21667pimcorecustomer-data-framework6.5MEDIUMPimcore Customer Data Framework Improper Access Control allows unprivileged user to access customers duplicates list
CVE-2024-21666pimcorecustomer-data-framework6.5MEDIUMPimcore Ecommerce Framework Bundle Improper Access Control allows unprivileged user to access back-office orders list
CVE-2024-21665pimcoreecommerce-framework-bu...4.3MEDIUMPimcore missing token/header to prevent CSRF
CVE-2023-49076pimcorecustomer-data-framework6.5MEDIUMPimcore Admin UI has Two Factor Authentication disabled for non admin security firewalls
CVE-2023-49075pimcoreadmin-ui-classic-bundle7.2HIGHSQL Injection in Admin Grid Filter API in Pimcore
CVE-2023-47637PimcorePimcore8.8HIGHFull Path Disclosure via re-export document in pimcore/admin-ui-classic-bundle
CVE-2023-47636PimcoreAdmin-ui-classic-bundle5.3MEDIUMPimcore Admin Classic Bundle Cross-site Scripting (XSS) in PDF previews
CVE-2023-46722PimcoreAdmin-ui-classic-bundle6.1MEDIUMCross-site Scripting (XSS) - Stored in pimcore/pimcore
CVE-2023-5873pimcorepimcore/pimcore5.4MEDIUMUnverified Password Change in pimcore/admin-ui-classic-bundle
CVE-2023-5844PimcorePimcore/admin-ui-class...4.3MEDIUMExcessive Data Query Operations in a Large Data Table in pimcore/demo
CVE-2023-5192PimcorePimcore/demo6.1MEDIUMCross-site Scripting (XSS) in pimcore admin-ui-classic-bundle translations
CVE-2023-42817PimcoreAdmin-ui-classic-bundle5.4MEDIUMCross-site Scripting (XSS) - Reflected in pimcore/pimcore
CVE-2023-4453PimcorePimcore/pimcore6.4MEDIUMPimcore Path Traversal Vulnerability in AssetController:importServerFilesAction
CVE-2023-38708PimcorePimcore6.3MEDIUMCross-site Scripting (XSS) - Stored in pimcore/customer-data-framework
CVE-2023-4145PimcorePimcore/customer-data-...6.5MEDIUMCross-site Scripting (XSS) - Reflected in pimcore/pimcore
CVE-2023-3822PimcorePimcore/pimcore6MEDIUM