Lucene search
+L

6 matches found

NVD
NVD
added yesterday2 views

CVE-2026-45703

Pimcore is an Open Source Data & Experience Management Platform. Prior to 11.5.17 LTS and 12.3.7, the WordExport export flow in bundles/WordExportBundle/src/Controller/TranslationController.php only checks the wordexport feature permission and directly resolves attacker-controlled type/id input...

6.4CVSS0.00089EPSS
Exploits0References2
Cvelist
Cvelist
added yesterday8 views

CVE-2026-44739 Pimcore: SQL Injection in Custom Reports Column Configuration

Pimcore is an Open Source Data & Experience Management Platform. Prior to 11.5.17 LTS and 12.3.6, the columnConfigAction endpoint in bundles/CustomReportsBundle/src/Controller/Reports/CustomReportController.php passes malicious SQL configuration through CustomReportController:columnConfigAction,...

8.7CVSS0.00027EPSS
Exploits0References4
EUVD
EUVD
added yesterday5 views

EUVD-2026-45274

Pimcore is an Open Source Data & Experience Management Platform. Prior to 11.5.17 LTS and 12.3.6, the columnConfigAction endpoint in bundles/CustomReportsBundle/src/Controller/Reports/CustomReportController.php passes malicious SQL configuration through CustomReportController:columnConfigAction,...

8.7CVSS5.8AI score0.00027EPSS
Exploits0References4
CVE
CVE
added yesterday30 views

CVE-2026-45260

Pimcore WebDAV MOVE vulnerability (CVE-2026-45260) enables remote asset deletion/overwrite due to missing authentication in the WebDAV controller and Tree::move() path. The WebDAV endpoint at /asset/webdav{path} proceeds to mutate assets before validating the current user or permissions, and Asse...

8.1CVSS5.3AI score0.00141EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added yesterday4 views

CVE-2026-45703 Pimcore: WordExport Authorization Bypass for Unauthorized Document Export

Pimcore is an Open Source Data & Experience Management Platform. Prior to 11.5.17 LTS and 12.3.7, the WordExport export flow in bundles/WordExportBundle/src/Controller/TranslationController.php only checks the wordexport feature permission and directly resolves attacker-controlled type/id input...

6.4CVSS5.3AI score0.00089EPSS
Exploits0References2
EUVD
EUVD
added yesterday4 views

EUVD-2026-45259

Pimcore is an Open Source Data & Experience Management Platform. Prior to 11.5.17 LTS and 12.3.7, multiple Pimcore locations call PHP's unserialize on data from database columns and filesystem files without the allowedclasses restriction, including lib/Tool/Authentication.php, models/Site/Dao.php...

8CVSS6.3AI score0.00202EPSS
Exploits0References4
Rows per page
Query Builder