Known Vulnerabilities for Pimcore CMS/DXP by Pimcore GmbH
Listed below are 4 of the newest known vulnerabilities associated with "Pimcore CMS/DXP" by "Pimcore GmbH".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-41249 json | CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow (`.gi... | Not Provided | 2026-06-04 | 2026-06-08 |
| CVE-2026-11407 json | Pimcore CMS/DXP version 12.3.8 contains a sandbox bypass vulnerability that allows authenticated administrative attackers to ... | Not Provided | 2026-06-17 | 2026-06-18 |
| CVE-2026-5394 json | An authenticated administrative user who can import or save DataObject class definitions can inject attacker-controlled compo... | Not Provided | 2026-04-27 | 2026-05-05 |
| CVE-2026-5362 json | An authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document embed edit... | Not Provided | 2026-04-27 | 2026-04-28 |