Filter

Versions

10.3.0
6
1.4.9
2
1.5.0
2
2.1.0
2
10.5.15
1
10.5.19
1
11.0.0
1
2.2.0
1
4.0.0
1
5.2.3
1
6.0.0
1
6.2.3
1
6.7.2
1

composer/pimcore/pimcorePimcore before 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient…

critical
9.8
First published (updated )
CVE-2019-18981

Pimcore PimcorePimcore before 6.2.2 lacks brute force protection for the 2FA token.

critical
9.8
First published (updated )
CVE-2019-18985

Pimcore PimcoreRCE vulnerability in Pimcore/Mail & Dynamic Text Layout

critical
9.8
First published (updated )
CVE-2022-39365

Pimcore PimcoreCross-site Scripting (XSS) - Stored in pimcore/pimcore

critical
9
First published (updated )
CVE-2021-4139

Pimcore PimcorePath Traversal: '\..\filename' in pimcore/pimcore

high
8.8
First published (updated )
CVE-2023-2984

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Pimcore PimcorePrivilege Defined With Unsafe Actions in pimcore/pimcore

high
8.8
First published (updated )
CVE-2023-2983

composer/pimcore/pimcoreSQL Injection in pimcore/pimcore

high
8.8
First published (updated )
CVE-2023-2338

Pimcore PimcoreSQL Injection in pimcore/pimcore

high
8.8
First published (updated )
CVE-2022-0258

Pimcore PimcoreImproper Neutralization of Formula Elements in a CSV File in pimcore/pimcore

high
8.8
First published (updated )
CVE-2021-37702

Pimcore PimcoreSQL Injection

high
8.8
First published (updated )
CVE-2021-23405

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

composer/pimcore/pimcoreIn Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file v…

high
8.8
First published (updated )
CVE-2019-16317

Pimcore PimcoreMalicious File Upload

high
8.8
First published (updated )
CVE-2019-16318

Pimcore PimcoreAn issue was discovered in Pimcore before 5.7.1. An attacker with classes permission can send a POST…

high
8.8
First published (updated )
CVE-2019-10867

composer/pimcore/pimcoreCSRF

high
8.8
First published (updated )
CVE-2018-14057

Pimcore PimcoreSQL injection in ElementController.php in pimcore/pimcore

high
8.8
First published (updated )
CVE-2022-1339

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

composer/pimcore/pimcorePimcore Path Traversal Vulnerability in AssetController:importServerFilesAction

high
8.8
First published (updated )
CVE-2023-38708

Pimcore PimcoreAn improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitra…

high
8.8
First published (updated )
CVE-2023-25240

Pimcore PimcoreSQL Injection in pimcore/pimcore

high
8.8
First published (updated )
CVE-2023-1578

Pimcore PimcorePimcore SQL Injection Vulnerability in Admin Translations API

high
8.8
First published (updated )
CVE-2023-30850

Pimcore PimcorePimcore SQL Injection Vulnerability in Admin Search Find API

high
8.8
First published (updated )
CVE-2023-30848

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Pimcore PimcorePimcore vulnerable to SQL Injection in Translation Export API

high
8.8
First published (updated )
CVE-2023-30849

composer/pimcore/pimcoreSQL Injection in Admin Grid Filter API in Pimcore

high
8.8
First published (updated )
CVE-2023-47637

Pimcore PimcoreChange-Password via Portal-Profile sets PimcoreBackendUser password without hashing

high
8.7
First published (updated )
CVE-2024-49370

Pimcore PimcoreCross-site Scripting (XSS) - Stored in pimcore/pimcore

high
8.2
First published (updated )
CVE-2022-0894

Pimcore PimcoreMissing file upload type validation in pimcore/pimcore

high
8.2
First published (updated )
CVE-2023-23937

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Pimcore PimcoreCross-site Scripting (XSS) - Stored in pimcore/pimcore

high
8.1
First published (updated )
CVE-2022-0251

Pimcore PimcoreSQL injection in pimcore

high
8.1
First published (updated )
CVE-2022-31092

Pimcore PimcoreImproper Neutralization of Text-Values in Object Version Preview

high
8
First published (updated )
CVE-2021-39166

Pimcore PimcoreImproper Encoding or Escaping of Output in Asset Metadata Component

high
8
First published (updated )
CVE-2021-39170

Pimcore PimcorePimcore vulnerable to improper quoting of filters in Custom Reports

high
8
First published (updated )
CVE-2023-28438

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203