21 matches found
EUVD-2021-24819
Malware in sbrugna...
EUVD-2023-30086
Malicious code in bioql PyPI...
PT-2025-35314
Name of the Vulnerable Software and Affected Versions: Sitecore Experience Manager XM versions 9.0 through 9.3, 10.0 through 10.4 Sitecore Experience Platform XP versions 9.0 through 9.3, 10.0 through 10.4 Description: This issue involves the use of externally-controlled input to select classes o...
CVE-2025-34139
A vulnerability exists in Sitecore Experience Manager XM, Experience Platform XP, Experience Commerce XC, and Managed Cloud that could allow an unauthenticated attacker to read arbitrary files. This vulnerability affects all Experience Platform topologies XM, XP, XC from 8.0 Initial Release throu...
CVE-2015-10142
Sitecore Experience Platform XP prior to 8.0 Initial Release rev. 141212 and Content Management System CMS prior to 7.2 Update-3 rev. 141226 and prior to 7.5 Update-1 rev. 150130 contain a vulnerability that may allow an attacker to download files under the web root of the site when the name of t...
CVE-2022-4979
Mode C CVE-2022-4979 affects Sitecore XP 7.5–10.2 and Sitecore CMS 7.2–7.2 Update-6, including Managed Cloud Standard deployments. The vulnerability is a cross‑site scripting (XSS) flaw that could allow an authenticated Sitecore Shell user to execute custom JavaScript code. The issue originates f...
CVE-2022-4979 Sitecore XP 7.5 - 10.2, CMS 7.2, and Managed Cloud XSS
A cross-site scripting XSS vulnerability exists in Sitecore Experience Platform XP 7.5 - 10.2 and CMS 7.2 - 7.2 Update-6 that may allow authenticated Sitecore Shell users to be tricked into executing custom JS code. Managed Cloud Standard customers who run the affected Sitecore Experience Platfor...
CVE-2025-34138
...
CVE-2025-34138
...
Sitecore 10.4 - Remote Code Execution (RCE)
Exploit Title: Sitecore 10.4 - Remote Code Execution RCE Exploit Author: Yesith Alvarez Vendor Homepage: https://developers.sitecore.com/downloads Version: Sitecore 10.3 - 10.4 CVE : CVE-2025-27218 Link: https://github.com/yealvarez/CVE/blob/main/CVE-2025-27218/exploit.py from requests import...
CVE-2023-26262
An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Sitecore user, a unrestricted language file upload vulnerability exists the can lead to direct code execution on the content management CM server...
CVE-2021-42237
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability...
CVE-2021-38366
Sitecore through 10.1, when Update Center is enabled, allows remote authenticated users to upload arbitrary files and achieve remote code execution by visiting an uploaded .aspx file at an admin/Packages URL...
Mars: insecure deserilize object leads to RCE On Sitecore (CVE-██████████-27218)
This critical vulnerability involved an insecure deserialization issue in Sitecore implementation, which was assigned CVE-2025-27218. The vulnerability allowed remote code execution through unsanitized user input in the ThumbnailsAccessToken header. The vulnerability was remediated by removing...
Sitecore 8.x < 10.4 Arbitrary File Read
Sitecore CMS version 8.x 10.4 are affected by an incorrect path access check vulnerability allowing unauthenticated remote attackers to read arbitrary files on the affected host. No source data...
CVE-2023-33651
CVE-2023-33651 affects Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) from 9.0 Initial Release through 13.0 Initial Release. The vulnerability is in the MVC Device Simulator and allows attackers to bypass authorization rules. The connected PT-Security rep...
CVE-2021-42237
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability...
Sitecore.NET Directory Traversal (CVE-2018-7669)
A directory traversal vulnerability exists in Sitecore.NET. Successful exploitation of this vulnerability would allow a remote attacker to list directories on the affected system...
PT-2019-19909 · Sitecore · Sitecore
Name of the Vulnerable Software and Affected Versions: Sitecore versions prior to 9.1 Description: The issue allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in an HTTP POST parameter, due to the deserialization of untrusted data in the anti CSRF...
CVE-2019-9875
Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1 allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in an HTTP POST parameter. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker...