CVE Tools

pimcore

Web & CMS Pluginscommercial

99

Cumulative CVEs

18

Monthly snapshots

#49

Peak rank

Top products

admin classic bundle2 admin-ui-classic-bundle2 customer-data-framework2

Latest CVEs

The 15 most recently published vulnerabilities affecting pimcore.

CVE-2026-5362Pimcore Platform v12.3.3 - Stored XSS in Document Editable Embed rendering5.4Apr 27, 2026
CVE-2026-27461Pimcore vulnerable to SQL injection via unsanitized filter value in Dependency Dao RLIKE clause4.9Feb 24, 2026
CVE-2026-23496Pimcore Web2Print Tools Bundle "Favourite Output Channel Configuration" Missing Function Level Authorization5.4Jan 15, 2026
CVE-2026-23494Pimcore is Missing Function Level Authorization on "Static Routes" Listing4.3Jan 15, 2026
CVE-2026-23495Pimcore's Admin Classic Bundle is Missing Function Level Authorization on "Predefined Properties" Listing4.3Jan 15, 2026
CVE-2026-23493Pimcore ENV Variables and Cookie Informations are exposed in http_error_log8.6Jan 15, 2026
CVE-2026-23492Pimcore has a Blind SQL Injection in Admin Search Find API due to an incomplete fix for CVE-2023-308488.8Jan 14, 2026
CVE-2025-30166Pimcore's Admin Classic Bundle allows HTML Injection4.8Apr 8, 2025
CVE-2025-27617Pimcore Vulnerable to SQL Injection in getRelationFilterCondition8.8Mar 11, 2025
CVE-2025-24980Pimcore Admin Classic Bundle allows user enumeration5.3Feb 7, 2025
CVE-2024-11956Pimcore customer-data-framework list sql injection4.7Jan 28, 2025
CVE-2024-11954Pimcore Search Document cross site scripting2.4Jan 28, 2025
CVE-2023-2332Stored Cross-site Scripting (XSS) in pimcore/pimcore4.8Nov 15, 2024
CVE-2024-49370Change-Password via Portal-Profile sets PimcoreBackendUser password without hashing4.9Oct 23, 2024
CVE-2024-41109Pimcore vulnerable to disclosure of system and database information behind /admin firewall6.3Jul 30, 2024