Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 138 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2026-27461 Pimcore vulnerable to SQL injection via unsanitized filter value in Dependency Dao RLIKE clause pimcorepimcore 中危 -2026-02-24 02:50:48 Deep Dive
CVE-2026-23496 Pimcore Web2Print Tools Bundle "Favourite Output Channel Configuration" Missing Function Level Authorization pimcorepimcore Medium 5.4 2026-01-15 16:58:39 Deep Dive
CVE-2026-23494 Pimcore is Missing Function Level Authorization on "Static Routes" Listing pimcorepimcore Medium 4.3 2026-01-15 16:52:59 Deep Dive
CVE-2026-23495 Pimcore's Admin Classic Bundle is Missing Function Level Authorization on "Predefined Properties" Listing pimcorepimcore Medium 4.3 2026-01-15 16:47:07 Deep Dive
CVE-2026-23493 Pimcore ENV Variables and Cookie Informations are exposed in http_error_log pimcorepimcore High 8.6 2026-01-15 16:38:24 Deep Dive
CVE-2026-23492 Pimcore has a Blind SQL Injection in Admin Search Find API due to an incomplete fix for CVE-2023-30848 pimcorepimcore High 8.8 2026-01-14 18:21:55 Deep Dive
CVE-2025-30166 Pimcore's Admin Classic Bundle allows HTML Injection pimcoreadmin-ui-classic-bundle--2025-04-08 11:07:07 Deep Dive
CVE-2025-27617 Pimcore Vulnerable to SQL Injection in getRelationFilterCondition pimcorepimcore 中危 -2025-03-11 15:35:52 Deep Dive
CVE-2025-24980 Pimcore Admin Classic Bundle allows user enumeration pimcoreadmin-ui-classic-bundle 中危 -2025-02-07 19:56:10 Deep Dive
CVE-2024-11956 Pimcore customer-data-framework list sql injection Pimcorecustomer-data-framework Medium 4.7 2025-01-28 13:46:28 Deep Dive
CVE-2024-11954 Pimcore Search Document cross site scripting -Pimcore Low 2.4 2025-01-28 13:14:43 Deep Dive
CVE-2023-2332 Stored Cross-site Scripting (XSS) in pimcore/pimcore pimcorepimcore/pimcore--2024-11-15 10:57:20 Deep Dive
CVE-2024-49370 Change-Password via Portal-Profile sets PimcoreBackendUser password without hashing pimcorepimcore--2024-10-23 15:10:34 Deep Dive
CVE-2024-41109 Pimcore vulnerable to disclosure of system and database information behind /admin firewall pimcoreadmin-ui-classic-bundle Medium 6.3 2024-07-30 14:43:14 Deep Dive
CVE-2024-32871 Pimcore Vulnerable to Flooding Server with Thumbnail files pimcorepimcore High 7.5 2024-06-04 14:43:21 Deep Dive
CVE-2024-29197 Pimcore Preview Documents are not restricted to logged in users anymore pimcorepimcore Medium 6.5 2024-03-26 15:10:42 Deep Dive
CVE-2024-25625 Pimcore Host Header Injection in user invitation link pimcoreadmin-ui-classic-bundle High 8.1 2024-02-19 15:41:29 Deep Dive
CVE-2024-24822 Pimcore Admin Classic Bundle permissions are not getting checked when working with tags pimcoreadmin-ui-classic-bundle Medium 6.5 2024-02-07 17:17:59 Deep Dive
CVE-2024-23646 Pimcore Admin Classic Bundle SQL Injection in Admin download files as zip pimcoreadmin-ui-classic-bundle High 8.8 2024-01-24 19:41:50 Deep Dive
CVE-2024-23648 Pimcore Admin Classic Bundle host header injection in the password reset pimcoreadmin-ui-classic-bundle High 8.8 2024-01-24 18:05:45 Deep Dive