Sitecore Experience Platform <= 10.4 - Arbitrary File Read

An issue was discovered in Sitecore Experience Platform XP, Experience Manager XM, and Experience Commerce XC 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files. id: CVE-2024-46938 info: name: Sitecore Experience Platform = 10.4 - Arbitrary File...

Sitecore - Remote Code Execution

Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3. id: CVE-2023-35813 info: name: Sitecore - Remote Code Execution author: DhiyaneshDk,iamnoooob severity: critical description: | Multiple Sitecore...

Exploit for Code Injection in Sitecore Experience_Commerce

CVE-...

Exploit for Deserialization of Untrusted Data in Sitecore Experience_Commerce

PoC exploit for CVE-2025-53690, a vulnerability in a .NET framew...

EUVD-2023-37807

Malicious code in bioql PyPI...

CVE-2025-34139

A vulnerability exists in Sitecore Experience Manager XM, Experience Platform XP, Experience Commerce XC, and Managed Cloud that could allow an unauthenticated attacker to read arbitrary files. This vulnerability affects all Experience Platform topologies XM, XP, XC from 8.0 Initial Release throu...

PT-2025-30894 · Sitecore · Sitecore Experience Platform +2

Name of the Vulnerable Software and Affected Versions: Sitecore Experience Manager XM versions 8.0 Initial Release through 10.4 Initial Release Sitecore Experience Platform XP versions 8.0 Initial Release through 10.4 Initial Release Sitecore Experience Commerce XC versions 8.0 Initial Release...

编号撤回

Sitecore Experience Platform XP and others are products of Sitecore, a Danish company.Sitecore Experience Platform is a suite of customer digital experience platforms.Sitecore Experience Manager XM is a management software. Sitecore Experience Commerce XC is a natively integrated, cloud-enabled...

Sitecore多款产品 安全漏洞

Sitecore Experience Platform XP and others are products of Sitecore, a Danish company.Sitecore Experience Platform is a suite of customer digital experience platforms.Sitecore Experience Manager XM is a management software. Sitecore Experience Commerce XC is a natively integrated, cloud-enabled...

VulnCheck KEV: CVE-2025-34510

Sitecore Experience Manager XM, Experience Platform XP, and Experience Commerce XC versions 9.0 through 9.3 and 10.0 through 10.4 are affected by a Zip Slip vulnerability. A remote, authenticated attacker can exploit this issue by sending a crafted HTTP request to upload a ZIP archive...

EUVD-2025-18525

Sitecore Experience Manager XM, Experience Platform XP, and Experience Commerce XC versions 9.0 through 9.3 and 10.0 through 10.4 are affected by a Zip Slip vulnerability. A remote, authenticated attacker can exploit this issue by sending a crafted HTTP request to upload a ZIP archive containing...

CVE-2025-34510

Sitecore XP, XM, and XC (versions 9.0–9.3 and 10.0–10.4) are affected by Zip Slip leading to RCE. A remote, authenticated attacker can upload a ZIP with path traversal to write arbitrary files and execute code. Public references describe post-auth exploitation chains (including Metasploit modules...

Sitecore多款产品 安全漏洞

Sitecore Experience Platform XP and others are products of Sitecore, a Danish company.Sitecore Experience Platform is a suite of customer digital experience platforms.Sitecore Experience Manager XM is a management software. Sitecore Experience Commerce XC is a natively integrated, cloud-enabled...

VulnCheck KEV: CVE-2024-46938

An issue was discovered in Sitecore Experience Platform XP, Experience Manager XM, and Experience Commerce XC 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files...

CVE-2023-35813

Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3...

CVE-2024-46938

An issue was discovered in Sitecore Experience Platform XP, Experience Manager XM, and Experience Commerce XC 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files...

CVE-2024-46938

An issue was discovered in Sitecore Experience Platform XP, Experience Manager XM, and Experience Commerce XC 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files...

Sitecore多款产品 安全漏洞

Sitecore Experience Platform XP and others are products of Sitecore, a Danish company.Sitecore Experience Platform is a suite of customer digital experience platforms.Sitecore Experience Manager XM is a management software. Sitecore Experience Commerce XC is a natively integrated, cloud-enabled...

CVE-2024-46938

An issue was discovered in Sitecore Experience Platform XP, Experience Manager XM, and Experience Commerce XC 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files...

PT-2024-32289 · Sitecore · Experience Manager +2

Name of the Vulnerable Software and Affected Versions: Sitecore Experience Platform XP, Experience Manager XM, and Experience Commerce XC versions 8.0 through 10.4 Description: An issue was discovered in Sitecore Experience Platform XP, Experience Manager XM, and Experience Commerce XC, allowing ...