Vulnerabilities > Sitecore > Experience Platform > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-06-17 | CVE-2023-35813 | Unspecified vulnerability in Sitecore products Multiple Sitecore products allow remote code execution. | 9.8 |
2023-05-23 | CVE-2023-27068 | Deserialization of Untrusted Data vulnerability in Sitecore Experience Platform Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote attackers to run arbitrary code via ValidationResult.aspx. | 9.8 |
2021-11-05 | CVE-2021-42237 | Deserialization of Untrusted Data vulnerability in Sitecore Experience Platform Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. | 10.0 |
2019-06-06 | CVE-2019-11080 | Deserialization of Untrusted Data vulnerability in Sitecore Experience Platform Sitecore Experience Platform (XP) prior to 9.1.1 is vulnerable to remote code execution via deserialization, aka TFS # 293863. | 9.0 |