Filters
Software
Pimcore PimcoreChange-Password via Portal-Profile sets PimcoreBackendUser password without hashing
8.7
First published (updated )
composer/pimcore/pimcorePimcore Vulnerable to Flooding Server with Thumbnail files
7.5
First published (updated )
composer/pimcore/admin-ui-classic-bundlePimcore Admin Classic Bundle SQL Injection in Admin download files as zip
8.8
EPSS
0.06%
First published (updated )
composer/pimcore/admin-ui-classic-bundlePimcore Admin Classic Bundle host header injection in the password reset
8.8
EPSS
0.09%
First published (updated )
composer/pimcore/admin-ui-classic-bundlePimcore Admin UI has Two Factor Authentication disabled for non admin security firewalls
8.4
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
composer/pimcore/pimcoreSQL Injection in Admin Grid Filter API in Pimcore
8.8
First published (updated )
Pimcore Admin Classic BundleUnverified Password Change in pimcore/admin-ui-classic-bundle
7.2
EPSS
0.05%
First published (updated )
composer/pimcore/pimcorePimcore Path Traversal Vulnerability in AssetController:importServerFilesAction
8.8
First published (updated )
Pimcore PimcoreSQL Injection in pimcore/pimcore
7.2
EPSS
0.05%
First published (updated )
Pimcore PimcoreExposure of Sensitive Information to an Unauthorized Actor in pimcore/pimcore
7.6
EPSS
0.07%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Pimcore PimcorePath Traversal: '\..\filename' in pimcore/pimcore
8.8
First published (updated )
Pimcore PimcorePrivilege Defined With Unsafe Actions in pimcore/pimcore
8.8
First published (updated )
Pimcore Customer Management FrameworkSQL Injection in pimcore/customer-data-framework
7.2
First published (updated )
Pimcore Customer Management FrameworkImproper Neutralization of Formula Elements in a CSV File in pimcore/customer-data-framework
7.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Pimcore PimcorePimcore Path Traversal Vulnerability in AdminBundle/Controller/Reports/CustomReportController.php
7.5
First published (updated )
Pimcore PimcorePimcore SQL Injection Vulnerability in Admin Translations API
8.8
First published (updated )
Pimcore PimcorePimcore vulnerable to SQL Injection in Translation Export API
8.8
First published (updated )
Pimcore PimcorePimcore SQL Injection Vulnerability in Admin Search Find API
8.8
First published (updated )
composer/pimcore/pimcoreCross-site Scripting (XSS) - Generic in pimcore/pimcore
7.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
composer/pimcore/pimcoreSQL Injection in pimcore/pimcore
8.8
First published (updated )
Pimcore PimcorePimcore vulnerable to improper quoting of filters in Custom Reports
8
First published (updated )
Pimcore PimcoreCross-site Scripting (XSS) - Stored in pimcore/pimcore
7.6
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Pimcore PimcoreAn improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitra…
8.8
First published (updated )
Pimcore PimcoreMissing file upload type validation in pimcore/pimcore
8.2
First published (updated )
Pimcore PimcoreSQL injection in GridHelperService.php in pimcore/pimcore
7.5
First published (updated )
Pimcore PimcoreSQL injection in ElementController.php in pimcore/pimcore
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Pimcore PimcoreSQL injection in RecyclebinController.php in pimcore/pimcore
7.5
First published (updated )
Pimcore PimcoreCross-site Scripting (XSS) - Stored in pimcore/pimcore
8.2
First published (updated )
composer/pimcore/pimcoreCross-site Scripting in pimcore/pimcore
7.6
First published (updated )
Pimcore PimcoreCross-site Scripting (XSS) - Stored in pimcore/pimcore
8.1
First published (updated )
Pimcore PimcoreUnrestricted Upload of File with Dangerous Type in pimcore/pimcore
7.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Pimcore PimcoreCross-site Scripting (XSS) - Stored in pimcore/pimcore
7.4
First published (updated )
Pimcore PimcoreImproper Encoding or Escaping of Output in Asset Metadata Component
8
First published (updated )
Pimcore PimcoreImproper Neutralization of Text-Values in Object Version Preview
8
First published (updated )
Pimcore PimcoreImproper Neutralization of Formula Elements in a CSV File in pimcore/pimcore
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Pimcore AdminBundlePimcore AdminBundle 'specificID' SQL Injection
7.5
First published (updated )
Pimcore Customer Management FrameworkPimcore Customer Data Framework 'SegmentAssignmentController.php' Blind SQL Injection
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
composer/pimcore/pimcorePimcore before 6.2.2 allow attackers to brute-force (guess) valid usernames by using the 'forgot pas…
7.5
First published (updated )
composer/pimcore/pimcoreIn Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file v…
8.8
First published (updated )
Pimcore PimcoreAn issue was discovered in Pimcore before 5.7.1. An attacker with classes permission can send a POST…
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.