21 matches found
CVE-2026-5394
An authenticated administrative user who can import or save DataObject class definitions can inject attacker-controlled composite index metadata and trigger unintended SQL execution in the backend. This issue affects pimcore: 12.3.3...
Use of Incorrectly-Resolved Name or Reference
Overview @cyclonedx/cdxgen is a Creates CycloneDX Software Bill of Materials SBOM from source or container image Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference in path resolution performed in docker.js, before credential selection. An attacker wh...
CVE-2026-5362
An authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document embed editable and cause script execution when the published page is rendered. This issue affects pimcore: v12.3.3...
CVE-2026-5394
An authenticated administrative user who can import or save DataObject class definitions can inject attacker-controlled composite index metadata and trigger unintended SQL execution in the backend. This issue affects pimcore: 12.3.3...
CVE-2026-5362 Pimcore Platform v12.3.3 - Stored XSS in Document Editable Embed rendering
An authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document embed editable and cause script execution when the published page is rendered. This issue affects pimcore: v12.3.3...
PT-2026-35518
Name of the Vulnerable Software and Affected Versions Pimcore version 12.3.3 Description An authenticated administrative user with permissions to import or save DataObject class definitions can inject malicious composite index metadata. This action allows the execution of unintended SQL commands ...
PT-2026-35523
🚨 New zero-day in pimcore | Detected by our AI SAST scanner and disclosed by Oscar Naveda. As a CNA, we assigned the ID CVE-2026-5362. Details: 🔗 https://t.co/iZiXYRAAcM. We have announced 232 CVEs to this date: 🔗 https://t.co/fgMrQcycLm https://t.co/gFxbxDglVo...
SQL Injection
Overview pimcore/pimcore is a content & product management framework CMS/PIM/E-Commerce. Affected versions of this package are vulnerable to SQL Injection via the filter parameter in dependency listing endpoints due to direct concatenation of user-supplied values into RLIKE clauses without...
CVE-2026-27461 Pimcore vulnerable to SQL injection via unsanitized filter value in Dependency Dao RLIKE clause
Pimcore is an Open Source Data & Experience Management Platform. In versions up to and including 11.5.14.1 and 12.3.2, the filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE clauses without sanitization or parameteriz...
EUVD-2026-7398
Pimcore is an Open Source Data & Experience Management Platform. In versions up to and including 11.5.14.1 and 12.3.2, the filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE clauses without sanitization or parameteriz...
CVE-2026-27461
Pimcore is an Open Source Data & Experience Management Platform. In versions up to and including 11.5.14.1 and 12.3.2, the filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE clauses without sanitization or parameteriz...
CVE-2026-27461 Pimcore vulnerable to SQL injection via unsanitized filter value in Dependency Dao RLIKE clause
Pimcore is an Open Source Data & Experience Management Platform. In versions up to and including 11.5.14.1 and 12.3.2, the filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE clauses without sanitization or parameteriz...
PT-2026-21658
Name of the Vulnerable Software and Affected Versions Pimcore versions up to and including 11.5.14.1 Pimcore versions up to and including 12.3.2 Description Pimcore is an Open Source Data & Experience Management Platform. The filter query parameter in the dependency listing endpoints is processed...
EUVD-2012-2441
Malware in sbrugna...
PT-2023-30776 · Umbraco · Umbraco
Name of the Vulnerable Software and Affected Versions: Umbraco versions 10.0.0 through 10.8.0 Umbraco versions 10.8.1 is not affected, but versions prior to 12.3.4 are affected, so the correct range is: Umbraco versions 10.8.2 through 12.3.3 Description: The issue is a cross-site scripting XSS...
PT-2020-5156 · Ruby +2 · Rake +2
Name of the Vulnerable Software and Affected Versions: Rake versions prior to 12.3.3 Description: The issue is related to an OS command injection vulnerability in the Rake::FileList class of the Rake build automation tool. This vulnerability arises from the failure to neutralize special elements...
CVE-2019-2728
Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite subcomponent: Networking. Supported versions that are affected are 12.3.3 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...
Code injection
Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite subcomponent: Networking. Supported versions that are affected are 12.3.3 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...
CVE-2019-2726
The CVE-2019-2726 issue affects Oracle Enterprise Manager Ops Center (subcomponent: Services Integration) within the Oracle Enterprise Manager Products Suite. Affected version is 12.3.3. The vulnerability allows a low-privileged, network-accessible attacker (via HTTP) to potentially cause a hang ...
Oracle Enterprise Manager Ops Center Component Remote Vulnerability
Oracle Enterprise Manager Products Suite is a set of Oracle's on-premise management platform. Enterprise Manager Ops Center is one of the enterprise data center monitoring and management components. A security vulnerability exists in the Framework subcomponent of the Enterprise Manager Ops Center...