Lucene search
K

4 matches found

OSV
OSV
added 2026/01/15 4:52 p.m.4 views

CVE-2026-23494 Pimcore is Missing Function Level Authorization on "Static Routes" Listing

Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the application fails to enforce proper server-side authorization checks on the API endpoint responsible for reading or listing static routes. In Pimcore, static routes are custom URL patterns defined vi...

4.3CVSS5.6AI score0.00319EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/01/15 4:52 p.m.3 views

CVE-2026-23494 Pimcore is Missing Function Level Authorization on "Static Routes" Listing

Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the application fails to enforce proper server-side authorization checks on the API endpoint responsible for reading or listing static routes. In Pimcore, static routes are custom URL patterns defined vi...

4.3CVSS6.2AI score0.00319EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-3005

Malicious code in bioql PyPI...

9.1CVSS9.1AI score0.00873EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2021/05/04 5:42 p.m.73 views

Bypass of fix for CVE-2020-26231, Twig sandbox escape

Impact A bypass of CVE-2020-26231 fixed in 1.0.470/471 and 1.1.1 was discovered that has the same impact as CVE-2020-26231 & CVE-2020-15247: An authenticated backend user with the cms.managepages, cms.managelayouts, or cms.managepartials permissions who would normally not be permitted to provide...

5.2CVSS1AI score0.00262EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder