EUVD-2023-30086

Malicious code in bioql PyPI...

CVE-2025-34139

A vulnerability exists in Sitecore Experience Manager XM, Experience Platform XP, Experience Commerce XC, and Managed Cloud that could allow an unauthenticated attacker to read arbitrary files. This vulnerability affects all Experience Platform topologies XM, XP, XC from 8.0 Initial Release throu...

CVE-2022-4979 Sitecore XP 7.5 - 10.2, CMS 7.2, and Managed Cloud XSS

A cross-site scripting XSS vulnerability exists in Sitecore Experience Platform XP 7.5 - 10.2 and CMS 7.2 - 7.2 Update-6 that may allow authenticated Sitecore Shell users to be tricked into executing custom JS code. Managed Cloud Standard customers who run the affected Sitecore Experience Platfor...

CVE-2022-4979

Mode C CVE-2022-4979 affects Sitecore XP 7.5–10.2 and Sitecore CMS 7.2–7.2 Update-6, including Managed Cloud Standard deployments. The vulnerability is a cross‑site scripting (XSS) flaw that could allow an authenticated Sitecore Shell user to execute custom JavaScript code. The issue originates f...

CVE-2025-34138

...

CVE-2023-26262

An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Sitecore user, a unrestricted language file upload vulnerability exists the can lead to direct code execution on the content management CM server...

CVE-2021-42237

Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability...

CVE-2021-38366

Sitecore through 10.1, when Update Center is enabled, allows remote authenticated users to upload arbitrary files and achieve remote code execution by visiting an uploaded .aspx file at an admin/Packages URL...

Mars: insecure deserilize object leads to RCE On Sitecore (CVE-██████████-27218)

This critical vulnerability involved an insecure deserialization issue in Sitecore implementation, which was assigned CVE-2025-27218. The vulnerability allowed remote code execution through unsanitized user input in the ThumbnailsAccessToken header. The vulnerability was remediated by removing...

CVE-2023-33651

CVE-2023-33651 affects Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) from 9.0 Initial Release through 13.0 Initial Release. The vulnerability is in the MVC Device Simulator and allows attackers to bypass authorization rules. The connected PT-Security rep...

CVE-2021-42237

Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability...

Sitecore.NET Directory Traversal (CVE-2018-7669)

A directory traversal vulnerability exists in Sitecore.NET. Successful exploitation of this vulnerability would allow a remote attacker to list directories on the affected system...

CVE-2019-9875

Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1 allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in an HTTP POST parameter. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker...