Lucene search
K

8 matches found

CVE
CVE
added 2025/09/03 12:36 p.m.30 views

CVE-2025-53691

CVE-2025-53691 is a Sitecore vulnerability: insecure deserialization in Sitecore Experience Manager (XM) and Experience Platform (XP) can lead to Remote Code Execution (RCE). Affected: XM 9.0–9.3 and 10.0–10.4; XP 9.0–9.3 and 10.0–10.4. Root cause: untrusted data deserialization using insecure pa...

8.8CVSS7.2AI score0.01441EPSS
Exploits3References2Affected Software4
Tenable Nessus
Tenable Nessus
added 2025/06/24 12:0 a.m.9 views

Sitecore XM/XP/XC Hardcoded Credentials

Sitecore XM, XP and XC version 9.x = 9.3 or version 10.x 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access administrative API over HTTP. No source data...

8.8CVSS7.4AI score0.38428EPSS
Exploits8References5
Vulnrichment
Vulnrichment
added 2025/06/17 6:46 p.m.7 views

CVE-2025-34510 Sitecore XM, XC, and XP Post-Auth RCE via Zip Slip

Sitecore Experience Manager XM, Experience Platform XP, and Experience Commerce XC versions 9.0 through 9.3 and 10.0 through 10.4 are affected by a Zip Slip vulnerability. A remote, authenticated attacker can exploit this issue by sending a crafted HTTP request to upload a ZIP archive containing...

8.8CVSS7.5AI score0.09312EPSS
Exploits3References2
Cvelist
Cvelist
added 2025/06/17 6:46 p.m.15 views

CVE-2025-34510 Sitecore XM, XC, and XP Post-Auth RCE via Zip Slip

Sitecore Experience Manager XM, Experience Platform XP, and Experience Commerce XC versions 9.0 through 9.3 and 10.0 through 10.4 are affected by a Zip Slip vulnerability. A remote, authenticated attacker can exploit this issue by sending a crafted HTTP request to upload a ZIP archive containing...

8.8CVSS0.09312EPSS
Exploits3References2
Vulnrichment
Vulnrichment
added 2025/06/17 6:20 p.m.9 views

CVE-2025-34509 Sitecore XM and XP Hardcoded Credentials

Sitecore Experience Manager XM and Experience Platform XP versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access...

7.5CVSS7.3AI score0.38428EPSS
Exploits6References2
Tenable Nessus
Tenable Nessus
added 2025/03/11 12:0 a.m.9 views

Sitecore XM/XP Remote Code Execution

Sitecore XM and XP versions before 10.4 KB1002844 suffer from a deserialization vulnerability through a specially forged request enabling an unauthenticated attacker to execute arbitrary commands. No source data...

5.3CVSS8.1AI score0.6356EPSS
Exploits4References3
Vulnrichment
Vulnrichment
added 2025/02/20 12:0 a.m.9 views

CVE-2025-27218

Sitecore Experience Manager XM and Experience Platform XP 10.4 before KB1002844 allow remote code execution through insecure deserialization...

6AI score0.6356EPSS
Exploits4References1
Vulnrichment
Vulnrichment
added 2023/03/14 12:0 a.m.9 views

CVE-2023-26262

An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Sitecore user, a unrestricted language file upload vulnerability exists the can lead to direct code execution on the content management CM server...

7.2AI score0.01664EPSS
Exploits1References2
Rows per page
Query Builder