📄 Sitecore Experience Manager / Experience Platform 10.1 Shell Upload / Hardcoded Credentials

Proof of concept exploit for a remote code execution vulnerability chain affecting Sitecore Experience Platform versions 10.x combining hardcoded credentials with file upload vulnerabilities for complete system compromise...

CVE-2019-11080

Sitecore Experience Platform XP prior to 9.1.1 is vulnerable to remote code execution via deserialization, aka TFS 293863. An authenticated user with necessary permissions is able to remotely execute OS commands by sending a crafted serialized object...

Exploit for Code Injection in Sitecore Experience_Commerce

CVE-...

Exploit for Deserialization of Untrusted Data in Sitecore Experience_Commerce

PoC exploit for CVE-2025-53690, a vulnerability in a .NET framew...

EUVD-2015-9402

Malware in sbrugna...

EUVD-2016-9680

Malware in sbrugna...

EUVD-2025-26499

Malicious code in bioql PyPI...

EUVD-2023-37809

Malicious code in bioql PyPI...

EUVD-2023-30856

Malicious code in bioql PyPI...

EUVD-2023-30857

Malicious code in bioql PyPI...

EUVD-2025-26500

Malicious code in bioql PyPI...

EUVD-2025-18524

Malicious code in bioql PyPI...

EUVD-2025-26501

Malicious code in bioql PyPI...

EUVD-2025-22720

Malicious code in bioql PyPI...

EUVD-2022-55211

Malicious code in bioql PyPI...

EUVD-2023-37808

Malicious code in bioql PyPI...

EUVD-2025-22719

Malicious code in bioql PyPI...

Sitecore Experience Platform和Sitecore Experience Manager 安全漏洞

Sitecore Experience Platform XP and Sitecore Experience Manager XM are both products of Sitecore, a Danish company.Sitecore Experience Platform is a suite of customer digital experience platforms.Sitecore Sitecore Experience Platform is a customer digital experience platform and Sitecore Experien...

PT-2025-38666

Name of the Vulnerable Software and Affected Versions Sitecore Experience Manager XM versions 9.2 through 10.4 Sitecore Experience Platform XP versions 9.2 through 10.4 Description The software contains an Improper Neutralization of Input During Web Page Generation, which allows for Cross-Site...

📄 Sitecore XP Post-Authentication Remote Code Execution

This Metasploit module exploits Sitecore XP with a path traversal that leads to remote code execution as well as a hardcoded credential vulnerability in the ServicesAPI account to gain a foothold. This module requires Metasploit: https://metasploit.com/download Current source:...