| CVE-2014-2921 |
high |
— |
8.5 |
|
|
|
12y ago |
Pimcore Vulnerable to PHP Object Injection Attacks |
| CVE-2026-45704 |
high |
— |
8.0 |
|
|
|
7d ago |
Pimcore has a CustomReports Share Bypass |
| CVE-2026-45260 |
high |
— |
8.0 |
|
|
|
7d ago |
Pimcore: Missing Authorization in WebDAV MOVE via unchecked asset move handling |
| CVE-2026-45162 |
high |
— |
8.0 |
|
|
|
7d ago |
Pimcore has Unsafe PHP Deserialization in Multiple Locations Without allowed_classes Restriction |
| CVE-2026-44739 |
high |
— |
8.0 |
|
|
|
8d ago |
Pimcore Vulnerable to SQL Injection in Custom Reports Column Configuration |
| CVE-2026-5394 |
high |
— |
8.0 |
|
|
|
1mo ago |
Pimcore Platform - SQL Injection in DataObject composite index handling during class definition import/save |
| CVE-2026-45703 |
medium |
— |
5.5 |
|
|
|
7d ago |
Pimcore has a WordExport Authorization Bypass for Unauthorized Document Export |
| CVE-2026-5362 |
medium |
5.4 |
5.4 |
|
|
|
1mo ago |
Pimcore has an authenticated Cross-site Scripting issue |
| CVE-2024-11954 |
unknown |
— |
1.0 |
|
|
|
1y ago |
Pimcore Authenticated Stored Cross-Site Scripting (XSS) Via Search Document |
| CVE-2018-14058 |
unknown |
— |
1.0 |
|
|
|
4y ago |
Pimcore SQLi Vulnerability |
| CVE-2018-14057 |
unknown |
— |
1.0 |
|
|
|
4y ago |
Pimcore CSRF Vulnerability |
| CVE-2018-14059 |
unknown |
— |
1.0 |
|
|
|
4y ago |
Pimcore XSS Vulnerability |
| CVE-2019-10867 |
unknown |
— |
1.0 |
|
|
|
4y ago |
Pimcore Unserialize Remote Code Execution |
| CVE-2026-27461 |
unknown |
— |
— |
|
|
|
3mo ago |
Pimcore vulnerable to SQL injection via unsanitized filter value in Dependency Dao RLIKE clause |
| CVE-2026-23494 |
unknown |
— |
— |
|
|
|
5mo ago |
Pimcore is Vulnerable to Broken Access Control: Missing Function Level Authorization on "Static Routes" Listing |
| CVE-2026-23493 |
unknown |
— |
— |
|
|
|
5mo ago |
Pimcore ENV Variables and Cookie Informations are exposed in http_error_log |
| CVE-2026-23492 |
unknown |
— |
— |
|
|
|
5mo ago |
Pimcore Has an Incomplete Patch for CVE-2023-30848 |
| CVE-2025-27617 |
unknown |
— |
— |
|
|
|
1y ago |
Pimcore Vulnerable to SQL Injection in getRelationFilterCondition |
| CVE-2024-32871 |
unknown |
— |
— |
|
|
|
2y ago |
Flooding Server with Thumbnail files |
| CVE-2023-47637 |
unknown |
— |
— |
|
|
|
3y ago |
Pimcore SQL Injection in Admin Grid Filter API through Multiselect::getFilterConditionExt() |
| CVE-2023-5873 |
unknown |
— |
— |
|
|
|
3y ago |
Pimcore Cross-site Scripting vulnerability |
| CVE-2023-4453 |
unknown |
— |
— |
|
|
|
3y ago |
Pimcore Cross-site Scripting (XSS) vulnerability in DataObject datetime fields |
| CVE-2023-38708 |
unknown |
— |
— |
|
|
|
3y ago |
Pimcore Path Traversal Vulnerability in AssetController:importServerFilesAction |
| CVE-2023-3819 |
unknown |
— |
— |
|
|
|
3y ago |
Pimcore vulnerable to Exposure of Sensitive Information to an Unauthorized Actor |
| CVE-2023-3820 |
unknown |
— |
— |
|
|
|
3y ago |
Pimcore vulnerable to SQL Injection in Dataobjects sorting |
| CVE-2023-3822 |
unknown |
— |
— |
|
|
|
3y ago |
Pimcore Cross-site Scripting vulnerability |
| CVE-2023-3821 |
unknown |
— |
— |
|
|
|
3y ago |
Pimcore Cross-site Scripting vulnerability |
| CVE-2023-3673 |
unknown |
— |
— |
|
|
|
3y ago |
Pimcore SQL Injection vulnerability |
| CVE-2023-2984 |
unknown |
— |
— |
|
|
|
3y ago |
Pimcore vulnerable to Pre-Auth Path Traversal in pimcore_log parameter |
| CVE-2023-2983 |
unknown |
— |
— |
|
|
|
3y ago |
Pimcore Privilege Defined With Unsafe Actions vulnerability |
| CVE-2023-2730 |
unknown |
— |
— |
|
|
|
3y ago |
Pimcore Cross-site Scripting vulnerability |
| CVE-2023-2630 |
unknown |
— |
— |
|
|
|
3y ago |
Pimcore Cross-site Scripting (XSS) vulnerability in Admin Translations |
| CVE-2023-2616 |
unknown |
— |
— |
|
|
|
3y ago |
Pimcore Cross-site Scripting (XSS) in Static Routes name field |
| CVE-2023-2614 |
unknown |
— |
— |
|
|
|
3y ago |
Pimcore Cross-site Scripting (XSS) in name field of Custom Reports |
| CVE-2023-2615 |
unknown |
— |
— |
|
|
|
3y ago |
Pimcore Cross-site Scripting (XSS) in Predefined Properties delete |
| CVE-2023-30855 |
unknown |
— |
— |
|
|
|
3y ago |
Pimcore Path Traversal Vulnerability in AdminBundle/Controller/Reports/CustomReportController.php |
| CVE-2023-2361 |
unknown |
— |
— |
|
|
|
3y ago |
Cross-site Scripting (XSS) in pimcore |
| CVE-2023-30852 |
unknown |
— |
— |
|
|
|
3y ago |
Arbitrary File Read in Admin JS CSS files |
| CVE-2023-2340 |
unknown |
— |
— |
|
|
|
3y ago |
Cross-site Scripting (XSS) in DataObject columns grid |
| CVE-2023-2339 |
unknown |
— |
— |
|
|
|
3y ago |
Cross-site Scripting (XSS) in DataObject Any Getter grid operator |
| CVE-2023-2336 |
unknown |
— |
— |
|
|
|
3y ago |
Path Traversal in Asset "import from server" option |
| CVE-2023-2332 |
unknown |
— |
— |
|
|
|
3y ago |
Cross-site Scripting (XSS) in Conditions tab of Pricing Rules |
| CVE-2023-2328 |
unknown |
— |
— |
|
|
|
3y ago |
Cross-site Scripting (XSS) in DataObjects QuantityValue Unit Definition |
| CVE-2023-2327 |
unknown |
— |
— |
|
|
|
3y ago |
Cross-site Scripting (XSS) in pimcore via DataObject Class date fields |
| CVE-2023-2323 |
unknown |
— |
— |
|
|
|
3y ago |
Cross-site Scripting (XSS) in Ecommerce Pricing Rules name field |
| CVE-2023-2322 |
unknown |
— |
— |
|
|
|
3y ago |
Cross-site Scripting (XSS) in Document Properties Parameter |
| CVE-2023-2338 |
unknown |
— |
— |
|
|
|
3y ago |
SQL Injection in AssetController |
| CVE-2023-2342 |
unknown |
— |
— |
|
|
|
3y ago |
Cross-site Scripting (XSS) in Website Settings name field |
| CVE-2023-2341 |
unknown |
— |
— |
|
|
|
3y ago |
Cross-site Scripting (XSS) in Admin Login too many attempts notice |
| CVE-2023-2343 |
unknown |
— |
— |
|
|
|
3y ago |
Cross-site Scripting (XSS) in DataObject Classification Store |
| CVE-2023-30850 |
unknown |
— |
— |
|
|
|
3y ago |
SQL Injection in Admin Translations API |
| CVE-2023-30849 |
unknown |
— |
— |
|
|
|
3y ago |
SQL Injection in Translation Export API |
| CVE-2023-30848 |
unknown |
— |
— |
|
|
|
3y ago |
SQL Injection in Admin Search Find API |
| CVE-2023-1703 |
unknown |
— |
— |
|
|
|
3y ago |
pimcore is vulnerable to cross-site scripting in Composite indices key field |
| CVE-2023-1701 |
unknown |
— |
— |
|
|
|
3y ago |
Pimcore vulnerable to Reflected XSS in Predefined Properties module in Settings |
| CVE-2023-1702 |
unknown |
— |
— |
|
|
|
3y ago |
Pimcore Cross-site Scripting in Predefined Asset Metadata module in Settings |
| CVE-2023-1704 |
unknown |
— |
— |
|
|
|
3y ago |
pimcore is vulnerable to cross-site scripting in translate module |
| CVE-2023-28438 |
unknown |
— |
— |
|
|
|
3y ago |
Pimcore vulnerable to improper quoting of filters in Custom Reports |
| CVE-2023-1578 |
unknown |
— |
— |
|
|
|
3y ago |
Pimcore Remote Code Execution vulnerability in Search function |
| CVE-2023-28429 |
unknown |
— |
— |
|
|
|
3y ago |
Pimcore has Cross-site Scripting vulnerability in DataObject tooltip field |
| CVE-2023-1515 |
unknown |
— |
— |
|
|
|
3y ago |
Pimcore vulnerable to Cross-site Scripting (XSS) in Redirects |
| CVE-2023-1517 |
unknown |
— |
— |
|
|
|
3y ago |
Pimcore has Cross site Scripting vulnerability in Schedule tab of Documents |
| CVE-2023-28108 |
unknown |
— |
— |
|
|
|
3y ago |
Improper quoting of columns when calling methods "getByUuid" & "exists" on UUID Model |
| CVE-2023-28106 |
unknown |
— |
— |
|
|
|
3y ago |
Cross-site Scripting (XSS) in UrlSlug Data type |
| CVE-2023-1429 |
unknown |
— |
— |
|
|
|
3y ago |
Cross-site Scripting (XSS) in Document Types |
| CVE-2023-1312 |
unknown |
— |
— |
|
|
|
3y ago |
pimcore is vulnerable to cross-site scripting |
| CVE-2023-1286 |
unknown |
— |
— |
|
|
|
3y ago |
Cross-site Scripting (XSS) in pimcore/pimcore |
| CVE-2023-1116 |
unknown |
— |
— |
|
|
|
3y ago |
Pimcore vulnerable to Cross Site Scripting in Email Blacklist |
| CVE-2023-1117 |
unknown |
— |
— |
|
|
|
3y ago |
Pimcore vulnerable to Cross Site Scripting in image/video thumbnail config |
| CVE-2023-1115 |
unknown |
— |
— |
|
|
|
3y ago |
Pimcore vulnerable to Cross Site Scripting in Documents Link Editable |
| CVE-2023-1067 |
unknown |
— |
— |
|
|
|
3y ago |
Pimcore vulnerable to Cross-site Scripting |
| CVE-2023-0827 |
unknown |
— |
— |
|
|
|
3y ago |
Cross-site Scripting in pimcore |
| CVE-2023-25240 |
unknown |
— |
— |
|
|
|
3y ago |
SameSite Attribute vulnerability in pimCore |
| CVE-2023-23937 |
unknown |
— |
— |
|
|
|
3y ago |
Pimcore contains Unrestricted Upload of File with Dangerous Type |
| CVE-2023-0323 |
unknown |
— |
— |
|
|
|
3y ago |
pimcore is vulnerable to cross-site scripting via "title field " in data objects |
| CVE-2022-39365 |
unknown |
— |
— |
|
|
|
4y ago |
RCE vulnerability in Pimcore/Mail & Dynamic Text Layout |
| CVE-2022-3255 |
unknown |
— |
— |
|
|
|
4y ago |
Pimcore vulnerable to cross site scripting |
| CVE-2022-3211 |
unknown |
— |
— |
|
|
|
4y ago |
Pimcore vulnerable to stored stored Cross-site Scripting via`properties` when creating new users |
| CVE-2022-2796 |
unknown |
— |
— |
|
|
|
4y ago |
Pimcore Cross-site Scripting (XSS) |
| CVE-2022-31092 |
unknown |
— |
— |
|
|
|
4y ago |
Improper quoting of columns when using setOrderBy() or setGroupBy() on listing classes in Pimcore |
| CVE-2019-18985 |
unknown |
— |
— |
|
|
|
4y ago |
Pimcore 2FA Vulnerable to Brute Forcing |
| CVE-2019-18982 |
unknown |
— |
— |
|
|
|
4y ago |
Pimcore Cross-site Scripting (XSS) vulnerability |
| CVE-2019-18981 |
unknown |
— |
— |
|
|
|
4y ago |
Pimcore Access Control Issues |
| CVE-2019-18986 |
unknown |
— |
— |
|
|
|
4y ago |
Pimcore Discloses Usernames In Use |
| CVE-2019-18656 |
unknown |
— |
— |
|
|
|
4y ago |
Pimcore XSS Vulnerability |
| CVE-2019-16317 |
unknown |
— |
— |
|
|
|
4y ago |
Pimcore RCE via PHAR upload |
| CVE-2019-16318 |
unknown |
— |
— |
|
|
|
4y ago |
Pimcore Unrestricted Upload of File with Dangerous Type |
| CVE-2022-1429 |
unknown |
— |
— |
|
|
|
4y ago |
SQL Injection found in Pimcore |
| CVE-2022-1351 |
unknown |
— |
— |
|
|
|
4y ago |
Cross-site Scripting in Pimcore |
| CVE-2022-1339 |
unknown |
— |
— |
|
|
|
4y ago |
SQL Injection in Pimcore |
| CVE-2022-1219 |
unknown |
— |
— |
|
|
|
4y ago |
SQL Injection in Pimcore |
| CVE-2022-0911 |
unknown |
— |
— |
|
|
|
4y ago |
Cross-site Scripting in Pimcore |
| CVE-2022-0704 |
unknown |
— |
— |
|
|
|
4y ago |
Cross-site Scripting in Pimcore |
| CVE-2022-0705 |
unknown |
— |
— |
|
|
|
4y ago |
Cross-site Scripting in Pimcore |
| CVE-2022-0894 |
unknown |
— |
— |
|
|
|
4y ago |
Cross-site Scripting in Pimcore |
| CVE-2022-0893 |
unknown |
— |
— |
|
|
|
4y ago |
Cross-site Scripting in Pimcore |
| CVE-2022-0832 |
unknown |
— |
— |
|
|
|
4y ago |
Cross-site Scripting in Pimcore |
| CVE-2022-0831 |
unknown |
— |
— |
|
|
|
4y ago |
Cross-site Scripting in Pimcore |
| CVE-2022-0665 |
unknown |
— |
— |
|
|
|
4y ago |
Path traversal in pimcore |
| CVE-2022-0565 |
unknown |
— |
— |
|
|
|
4y ago |
Cross-site Scripting in pimcore |
