EUVD-2020-30887

Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field that allows attackers to inject malicious formulas during export. Attackers can submit crafted payloads like '=10+20+cmd|' /C calc'!A0' in the message field to trigger arbitrary command execution when...

CVE-2026-23492

Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, an incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to perform blind SQL injection. Although CVE-2023-30848 attempted to mitigate SQL injection by removing SQL...

Insufficient Granularity of Access Control

Overview pimcore/pimcore is a content & product management framework CMS/PIM/E-Commerce. Affected versions of this package are vulnerable to Insufficient Granularity of Access Control in the API endpoint responsible for reading or listing static routes. An attacker can access sensitive route...

PT-2026-3077

Name of the Vulnerable Software and Affected Versions Pimcore versions prior to 12.3.1 Pimcore versions prior to 11.5.14 Description The application does not properly enforce server-side authorization checks on the API endpoint responsible for reading or listing static routes. Static routes are...

EUVD-2026-2449

Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, an incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to perform blind SQL injection. Although CVE-2023-30848 attempted to mitigate SQL injection by removing SQL...

CVE-2026-23492

Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, an incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to perform blind SQL injection. Although CVE-2023-30848 attempted to mitigate SQL injection by removing SQL...

PT-2026-2947

Name of the Vulnerable Software and Affected Versions Pimcore versions prior to 12.3.1 Pimcore versions prior to 11.5.14 Description Pimcore is an Open Source Data & Experience Management Platform. An incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to...

Linux Distros Unpatched Vulnerability : CVE-2015-7013

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service memory...

BlackBerry Enterprise Service Cross-Site Scripting Vulnerability (CNVD-2016-02632)

BlackBerry Enterprise Service BES is a next-generation mobile device management platform from BlackBerry Canada. A cross-site scripting vulnerability exists in the index.jsp/loggedOut.jsp file in BES version 12.3.1, which can be exploited by a remote attacker to affect confidentiality, integrity...