Vulnerabilities > Pimcore > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-02-19 CVE-2024-25625 Injection vulnerability in Pimcore Admin Classic Bundle
Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore.
network
low complexity
pimcore CWE-74
critical
 9.3
9.3
2024-02-07 CVE-2024-24822 Unspecified vulnerability in Pimcore Admin Classic Bundle
Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore.
network
low complexity
pimcore
critical
 9.1
9.1
2022-10-27 CVE-2022-39365 Code Injection vulnerability in Pimcore
Pimcore is an open source data and experience management platform.
network
low complexity
pimcore CWE-94
critical
 9.8
9.8
2021-12-21 CVE-2021-4139 Unspecified vulnerability in Pimcore
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
network
low complexity
pimcore
critical
 9.0
9.0
2019-11-15 CVE-2019-18985 Improper Restriction of Excessive Authentication Attempts vulnerability in Pimcore
Pimcore before 6.2.2 lacks brute force protection for the 2FA token.
network
low complexity
pimcore CWE-307
critical
 9.8
9.8
2019-11-15 CVE-2019-18981 Inappropriate Encoding for Output Context vulnerability in Pimcore
Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient ID of a notification.
network
low complexity
pimcore CWE-838
critical
 9.8
9.8