| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-21667 | Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access GDPR extracts | pimcore | customer-data-framework | Medium | 6.5 | 2024-01-11 01:05:36 | Deep Dive |
| CVE-2024-21666 | Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access customers duplicates list | pimcore | customer-data-framework | Medium | 6.5 | 2024-01-11 00:45:45 | Deep Dive |
| CVE-2024-21665 | Pimcore Ecommerce Framework Bundle Improper Access Control allows unprivileged user to access back-office orders list | pimcore | ecommerce-framework-bundle | Medium | 4.3 | 2024-01-11 00:39:49 | Deep Dive |
| CVE-2023-49076 | Pimcore missing token/header to prevent CSRF | pimcore | customer-data-framework | Medium | 4.3 | 2023-11-30 05:42:13 | Deep Dive |
| CVE-2023-49075 | Pimcore Admin UI has Two Factor Authentication disabled for non admin security firewalls | pimcore | admin-ui-classic-bundle | High | 8.4 | 2023-11-28 04:33:24 | Deep Dive |
| CVE-2023-47636 | Full Path Disclosure via re-export document in pimcore/admin-ui-classic-bundle | pimcore | admin-ui-classic-bundle | Medium | 5.3 | 2023-11-15 19:18:15 | Deep Dive |
| CVE-2023-47637 | SQL Injection in Admin Grid Filter API in Pimcore | pimcore | pimcore | High | 8.8 | 2023-11-15 19:13:03 | Deep Dive |
| CVE-2023-46722 | Pimcore Admin Classic Bundle Cross-site Scripting (XSS) in PDF previews | pimcore | admin-ui-classic-bundle | Medium | 6.1 | 2023-10-31 15:36:50 | Deep Dive |
| CVE-2023-5873 | Cross-site Scripting (XSS) - Stored in pimcore/pimcore | pimcore | pimcore/pimcore | 中危 | - | 2023-10-31 08:06:45 | Deep Dive |
| CVE-2023-5844 | Unverified Password Change in pimcore/admin-ui-classic-bundle | pimcore | pimcore/admin-ui-classic-bundle | 中危 | - | 2023-10-30 10:08:50 | Deep Dive |
| CVE-2023-5192 | Excessive Data Query Operations in a Large Data Table in pimcore/demo | pimcore | pimcore/demo | 中危 | - | 2023-09-26 07:34:27 | Deep Dive |
| CVE-2023-42817 | Cross-site Scripting (XSS) in pimcore admin-ui-classic-bundle translations | pimcore | admin-ui-classic-bundle | Medium | 5.4 | 2023-09-25 18:57:34 | Deep Dive |
| CVE-2023-4453 | Cross-site Scripting (XSS) - Reflected in pimcore/pimcore | pimcore | pimcore/pimcore | 中危 | - | 2023-08-21 09:22:04 | Deep Dive |
| CVE-2023-38708 | Pimcore Path Traversal Vulnerability in AssetController:importServerFilesAction | pimcore | pimcore | Medium | 6.3 | 2023-08-04 00:12:33 | Deep Dive |
| CVE-2023-4145 | Cross-site Scripting (XSS) - Stored in pimcore/customer-data-framework | pimcore | pimcore/customer-data-framework | 中危 | - | 2023-08-03 16:04:11 | Deep Dive |
| CVE-2023-3822 | Cross-site Scripting (XSS) - Reflected in pimcore/pimcore | pimcore | pimcore/pimcore | 中危 | - | 2023-07-21 14:52:06 | Deep Dive |
| CVE-2023-3821 | Cross-site Scripting (XSS) - Stored in pimcore/pimcore | pimcore | pimcore/pimcore | 中危 | - | 2023-07-21 14:50:40 | Deep Dive |
| CVE-2023-3820 | SQL Injection in pimcore/pimcore | pimcore | pimcore/pimcore | 高危 | - | 2023-07-21 14:44:45 | Deep Dive |
| CVE-2023-3819 | Exposure of Sensitive Information to an Unauthorized Actor in pimcore/pimcore | pimcore | pimcore/pimcore | 中危 | - | 2023-07-21 14:37:57 | Deep Dive |
| CVE-2023-3673 | SQL Injection in pimcore/pimcore | pimcore | pimcore/pimcore | 高危 | - | 2023-07-14 12:19:04 | Deep Dive |