CVE-2026-41249
- EPSS 0.43%
- Veröffentlicht 04.06.2026 19:26:46
- Zuletzt bearbeitet 08.06.2026 20:17:00
CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow (`.github/workflows/static.yml`) uses the `pull_request_target` trigger but dangerously checks out the unverified code from the pu...
CVE-2026-23959
- EPSS 0.38%
- Veröffentlicht 22.01.2026 01:57:58
- Zuletzt bearbeitet 17.02.2026 16:13:17
CoreShop is a Pimcore enhanced eCommerce solution. An error-based SQL Injection vulnerability was identified in versions prior to 4.1.9 in the `CustomerTransformerController` within the CoreShop admin panel. The affected endpoint improperly interpola...
CVE-2026-22242
- EPSS 0.39%
- Veröffentlicht 08.01.2026 09:59:24
- Zuletzt bearbeitet 12.01.2026 16:42:51
CoreShop is a Pimcore enhanced eCommerce solution. Prior to version 4.1.8, a blind SQL injection vulnerability exists in the application that allows an authenticated administrator-level user to extract database contents using boolean-based or time-ba...