8 matches found
CVE-2025-53691
CVE-2025-53691 is a Sitecore vulnerability: insecure deserialization in Sitecore Experience Manager (XM) and Experience Platform (XP) can lead to Remote Code Execution (RCE). Affected: XM 9.0–9.3 and 10.0–10.4; XP 9.0–9.3 and 10.0–10.4. Root cause: untrusted data deserialization using insecure pa...
Sitecore XM/XP/XC Hardcoded Credentials
Sitecore XM, XP and XC version 9.x = 9.3 or version 10.x 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access administrative API over HTTP. No source data...
CVE-2025-34510 Sitecore XM, XC, and XP Post-Auth RCE via Zip Slip
Sitecore Experience Manager XM, Experience Platform XP, and Experience Commerce XC versions 9.0 through 9.3 and 10.0 through 10.4 are affected by a Zip Slip vulnerability. A remote, authenticated attacker can exploit this issue by sending a crafted HTTP request to upload a ZIP archive containing...
CVE-2025-34510 Sitecore XM, XC, and XP Post-Auth RCE via Zip Slip
Sitecore Experience Manager XM, Experience Platform XP, and Experience Commerce XC versions 9.0 through 9.3 and 10.0 through 10.4 are affected by a Zip Slip vulnerability. A remote, authenticated attacker can exploit this issue by sending a crafted HTTP request to upload a ZIP archive containing...
CVE-2025-34509 Sitecore XM and XP Hardcoded Credentials
Sitecore Experience Manager XM and Experience Platform XP versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access...
Sitecore XM/XP Remote Code Execution
Sitecore XM and XP versions before 10.4 KB1002844 suffer from a deserialization vulnerability through a specially forged request enabling an unauthenticated attacker to execute arbitrary commands. No source data...
CVE-2025-27218
Sitecore Experience Manager XM and Experience Platform XP 10.4 before KB1002844 allow remote code execution through insecure deserialization...
CVE-2023-26262
An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Sitecore user, a unrestricted language file upload vulnerability exists the can lead to direct code execution on the content management CM server...