62 matches found
CVE-2023-4145
Cross-site Scripting XSS - Stored in GitHub repository pimcore/customer-data-framework prior to 3.4.2...
EUVD-2021-18742
Malware in sbrugna...
EUVD-2023-2229
Malicious code in bioql PyPI...
EUVD-2025-0185
Malicious code in bioql PyPI...
CVE-2024-11956
A vulnerability, which was classified as critical, has been found in Pimcore customer-data-framework up to 4.2.0. Affected by this issue is some unknown functionality of the file /admin/customermanagementframework/customers/list. The manipulation of the argument filterDefinition/filter leads to s...
CVE-2023-35167
Remult is a CRUD framework for full-stack TypeScript. If you used the apiPrefilter option of the @Entity decorator, by setting it to a function that returns a filter that prevents unauthorized access to data, an attacker who knows the id of an entity instance is not authorized to access, can gain...
CVE-2023-2881
Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10...
CVE-2023-2756
SQL Injection in GitHub repository pimcore/customer-data-framework prior to 3.3.10...
CVE-2023-3574
Improper Authorization in GitHub repository pimcore/customer-data-framework prior to 3.4.1...
CVE-2023-2629
Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to 3.3.9...
LlamaIndex 安全漏洞
LlamaIndex is a data framework for LLM applications from the LlamaIndex open source. A security vulnerability exists in LlamaIndex version v0.12.5 that stems from an unhandled thread exception and could lead to a denial of service attack...
Pimcore Customer Data Framework SQL Injection Vulnerability
Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce framework and product information management applications. An SQL injection vulnerability exists in Pimcor...
Duplicate Advisory: pimcore/customer-data-framework vulnerable to SQL Injection: Hibernate
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-q53r-9hh9-w277. This link is maintained to preserve external references. Original Description A vulnerability, which was classified as critical, has been found in Pimcore customer-data-framework up to 4.2.0...
CVE-2024-11956
A vulnerability, which was classified as critical, has been found in Pimcore customer-data-framework up to 4.2.0. Affected by this issue is some unknown functionality of the file /admin/customermanagementframework/customers/list. The manipulation of the argument filterDefinition/filter leads to s...
CVE-2024-11956 Pimcore customer-data-framework list sql injection
A vulnerability, which was classified as critical, has been found in Pimcore customer-data-framework up to 4.2.0. Affected by this issue is some unknown functionality of the file /admin/customermanagementframework/customers/list. The manipulation of the argument filterDefinition/filter leads to s...
CVE-2024-11956 Pimcore customer-data-framework list sql injection
A vulnerability, which was classified as critical, has been found in Pimcore customer-data-framework up to 4.2.0. Affected by this issue is some unknown functionality of the file /admin/customermanagementframework/customers/list. The manipulation of the argument filterDefinition/filter leads to s...
PT-2025-1724 · Pimcore · Pimcore/Customer-Data-Framework
Name of the Vulnerable Software and Affected Versions: Pimcore customer-data-framework versions 4.2.0 and earlier Description: A critical issue has been found in Pimcore customer-data-framework, affecting some unknown functionality of the file "/admin/customermanagementframework/customers/list"...
Pimcore 注入漏洞
Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce framework and product information management applications. An SQL injection vulnerability exists in Pimcor...
Improper Authorization
pimcore/customer-data-framework is vulnerable to Improper Authorization. The vulnerability is due to insufficient permission enforcement for with the /admin/customermanagementframework/gdpr-data/search-data-objects endpoint. An authenticated user without permission to access this endpoint can que...
CVE-2024-21667 Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access GDPR extracts
pimcore/customer-data-framework is the Customer Management Framework for management of customer data within Pimcore. An authenticated and unauthorized user can access the GDPR data extraction feature and query over the information returned, leading to customer data exposure. Permissions are not...