Filter
-Infinity
0
Trending
composer/pimcore/pimcorePimcore before 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient…
9.8
First published (updated )
composer/pimcore/pimcorePimcore before 6.2.2 lacks brute force protection for the 2FA token.
9.8
First published (updated )
Pimcore E-commerce FrameworkRCE vulnerability in Pimcore/Mail & Dynamic Text Layout
9.8
First published (updated )
composer/pimcore/admin-ui-classic-bundlePimcore Host Header Injection in user invitation link
9.3
EPSS
0.04%
First published (updated )
composer/pimcore/admin-ui-classic-bundlePimcore Admin Classic Bundle permissions are not getting checked when working with tags
9.1
EPSS
0.06%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Pimcore E-commerce FrameworkCross-site Scripting (XSS) - Stored in pimcore/pimcore
First published (updated )
composer/pimcore/admin-ui-classic-bundlePimcore Admin Classic Bundle host header injection in the password reset
8.8
EPSS
0.09%
First published (updated )
composer/pimcore/admin-ui-classic-bundlePimcore Admin Classic Bundle SQL Injection in Admin download files as zip
8.8
EPSS
0.06%
First published (updated )
Pimcore E-commerce FrameworkPath Traversal: '\..\filename' in pimcore/pimcore
8.8
First published (updated )
Pimcore E-commerce FrameworkPrivilege Defined With Unsafe Actions in pimcore/pimcore
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
composer/pimcore/pimcoreSQL Injection in pimcore/pimcore
8.8
First published (updated )
Pimcore E-commerce FrameworkSQL Injection in pimcore/pimcore
8.8
First published (updated )
Pimcore E-commerce FrameworkImproper Neutralization of Formula Elements in a CSV File in pimcore/pimcore
8.8
First published (updated )
composer/pimcore/pimcoreIn Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file v…
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
composer/pimcore/pimcoreAn issue was discovered in Pimcore before 5.7.1. An attacker with classes permission can send a POST…
8.8
First published (updated )
Pimcore E-commerce FrameworkSQL injection in ElementController.php in pimcore/pimcore
8.8
First published (updated )
composer/pimcore/pimcorePimcore Path Traversal Vulnerability in AssetController:importServerFilesAction
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Pimcore E-commerce FrameworkAn improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitra…
8.8
First published (updated )
Pimcore E-commerce FrameworkSQL Injection in pimcore/pimcore
8.8
First published (updated )
composer/pimcore/pimcorePimcore SQL Injection Vulnerability in Admin Translations API
8.8
First published (updated )
composer/pimcore/pimcorePimcore SQL Injection Vulnerability in Admin Search Find API
8.8
First published (updated )
composer/pimcore/pimcorePimcore vulnerable to SQL Injection in Translation Export API
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
composer/pimcore/pimcoreSQL Injection in Admin Grid Filter API in Pimcore
8.8
First published (updated )
Pimcore E-commerce FrameworkChange-Password via Portal-Profile sets PimcoreBackendUser password without hashing
8.7
First published (updated )
composer/pimcore/admin-ui-classic-bundlePimcore Admin UI has Two Factor Authentication disabled for non admin security firewalls
8.4
First published (updated )
Pimcore E-commerce FrameworkCross-site Scripting (XSS) - Stored in pimcore/pimcore
8.2
First published (updated )
Pimcore E-commerce FrameworkMissing file upload type validation in pimcore/pimcore
8.2
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.