CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

54 matches found

Vulnrichment•added 2026/01/15 4:47 p.m.•2 views

CVE-2026-23495 Pimcore's Admin Classic Bundle is Missing Function Level Authorization on "Predefined Properties" Listing

Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. Prior to 2.2.3 and 1.7.16, the API endpoint for listing Predefined Properties in the Pimcore platform lacks adequate server-side authorization checks. Predefined Properties are configurable metadata definitions e.g., name, key, typ...

4.3CVSS6.3AI score0.00001EPSS

Exploits1References4

Cvelist•added 2026/01/15 4:47 p.m.•16 views

CVE-2026-23495 Pimcore's Admin Classic Bundle is Missing Function Level Authorization on "Predefined Properties" Listing

4.3CVSS0.00001EPSS

Exploits1References4

CVE•added 2026/01/15 4:47 p.m.•10 views

CVE-2026-23495

The CVE-2026-23495 affects Pimcore’s Admin Classic Bundle. The API endpoint that lists Predefined Properties (metadata definitions used across documents, assets, and objects) lacked proper server-side authorization prior to Pimcore versions 2.2.3 and 1.7.16. An authenticated backend user without ...

4.3CVSS6.3AI score0.00001EPSS

Exploits1References4Affected Software1

OSV•added 2026/01/15 4:47 p.m.•2 views

CVE-2026-23495 Pimcore's Admin Classic Bundle is Missing Function Level Authorization on "Predefined Properties" Listing

4.3CVSS6.5AI score0.00001EPSS

Exploits1References6

Positive Technologies•added 2026/01/15 12:0 a.m.•3 views

PT-2026-3075

4.3CVSS6.6AI score0.00001EPSS

Exploits1References5

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-2943

Malicious code in bioql PyPI...

8.4CVSS7.2AI score0.00013EPSS

Exploits0References6

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-2340

Malicious code in bioql PyPI...

6.3CVSS6.4AI score0.0005EPSS

Exploits1References6

RedhatCVE•added 2025/05/23 7:28 a.m.•7 views

CVE-2024-24822

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Prior to version 1.3.3, an attacker can create, delete etc. tags without having the permission to do so. A fix is available in version 1.3.3. As a workaround, one may apply the patch manually...

9.1CVSS6.6AI score0.00003EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 2:14 a.m.•7 views

CVE-2023-49075

The Admin Classic Bundle provides a Backend UI for Pimcore. AdminBundle\Security\PimcoreUserTwoFactorCondition introduced in v11 disable the two factor authentication for all non-admin security firewalls. An authenticated user can access the system without having to provide the two factor...

8.4CVSS6.9AI score0.00013EPSS

Exploits0References1

CNVD•added 2025/04/18 12:0 a.m.•0 views

Pimcore Admin Classic Bundle Cross-Site Scripting Vulnerability

Pimcore Admin Classic Bundle is a Pimcore open source a core bundle of Pimcore. The Pimcore Admin Classic Bundle suffers from a cross-site scripting vulnerability that stems from HTML injection, which can be exploited by an attacker to steal session cookies...

4.8CVSS5.4AI score0.00001EPSS

Exploits0References1

Cvelist•added 2025/04/08 11:7 a.m.•21 views

CVE-2025-30166 Pimcore's Admin Classic Bundle allows HTML Injection

Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page...

1.8CVSS0.00001EPSS

Exploits0References2

CNNVD•added 2025/04/08 12:0 a.m.•1 views

Pimcore Admin Classic Bundle 跨站脚本漏洞

4.8CVSS6AI score0.00001EPSS

Exploits0References4

RedhatCVE•added 2025/02/05 7:39 a.m.•7 views

CVE-2024-23648

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The password reset functionality sends to the the user requesting a password change an email containing an URL to reset its password. The URL sent contains a unique token, valid during 24 hours, allowing the user to res...

8.8CVSS6.7AI score0.00025EPSS

Exploits1References1

NVD•added 2024/07/30 3:15 p.m.•18 views

CVE-2024-41109

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Navigating to /admin/index/statistics with a logged in Pimcore user exposes information about the Pimcore installation, PHP version, MYSQL version, installed bundles and all database tables and their row count in the...

6.5CVSS0.0005EPSS

Exploits1References4

Vulnrichment•added 2024/07/30 2:43 p.m.•20 views

CVE-2024-41109 Pimcore vulnerable to disclosure of system and database information behind /admin firewall

6.3CVSS6.5AI score0.0005EPSS

Exploits1References4

OSV•added 2024/07/30 2:43 p.m.•12 views

CVE-2024-41109 Pimcore vulnerable to disclosure of system and database information behind /admin firewall

6.3CVSS6.3AI score0.0005EPSS

Exploits1References6

CVE•added 2024/07/30 2:43 p.m.•53 views

CVE-2024-41109

Summary: CVE-2024-41109 affects Pimcore’s Admin UI Classic Bundle. Affected component is the Admin/IndexController statistics endpoint (/admin/index/statistics), where a logged-in Pimcore user can access detailed system information (Pimcore installation data, PHP/MYSQL versions, installed bundles...

6.5CVSS6.1AI score0.0005EPSS

Exploits1References4Affected Software1

NVD•added 2024/02/19 4:15 p.m.•10 views

CVE-2024-25625

Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. A potential security vulnerability has been discovered in pimcore/admin-ui-classic-bundle prior to version 1.3.4. The vulnerability involves a Host Header Injection in the invitationLinkAction function of the UserController,...

9.3CVSS8.2AI score0.00029EPSS

Exploits1References2