CVE Tools

sitecore

Web & CMS Pluginscommercial

17

Cumulative CVEs

6

Monthly snapshots

#100

Peak rank

Top products

experience platform (xp)5 experience manager4 experience commerce4

Latest CVEs

The 15 most recently published vulnerabilities affecting sitecore.

CVE-2025-53692Sitecore Experience Platform Cross-Site Scripting Vulnerability7.1Sep 21, 2025
CVE-2025-53690Sitecore Products ViewState Deserialization VulnerabilityKEV9.0Sep 3, 2025
CVE-2025-53691Sitecore Experience Remote Code Execution through Insecure Deserialization8.8Sep 3, 2025
CVE-2025-53693HTML Cache Poisoning through Unsafe Reflections9.8Sep 3, 2025
CVE-2025-53694Information Disclosure in ItemServices API7.5Sep 3, 2025
CVE-2025-34511Sitecore PowerShell Extension RCE via Unrestricted Upload8.8Jun 17, 2025
CVE-2025-34510Sitecore XM, XC, and XP Post-Auth RCE via Zip Slip8.8Jun 17, 2025
CVE-2025-34509Sitecore XM and XP Hardcoded Credentials7.5Jun 17, 2025
CVE-2025-27218Sitecore Experience Manager (XM) and Experience Platform (XP) 10.4 before KB1002844 allow remote code execution through insecure deserialization.5.3Feb 20, 2025
CVE-2024-46938An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can...7.5Sep 15, 2024
CVE-2023-35813Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3.9.8Jun 17, 2023
CVE-2023-33653Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /Applications/Content%20Manager/Execute.aspx?cmd=conver...8.8Jun 6, 2023
CVE-2023-33652Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /sitecore/shell/Invoke.aspx.8.8Jun 6, 2023
CVE-2023-33651An issue in the MVC Device Simulator of Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) v9.0 Initial Release to v13.0 Initial Release allows attackers to by...7.5Jun 6, 2023
CVE-2023-27068Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote attackers to run arbitrary code via ValidationResult.aspx.9.8May 23, 2023