CVE-2025-27218
- EPSS 57.65%
- Veröffentlicht 20.02.2025 05:15:15
- Zuletzt bearbeitet 20.02.2025 21:15:26
Sitecore Experience Manager (XM) and Experience Platform (XP) 10.4 before KB1002844 allow remote code execution through insecure deserialization.
CVE-2024-46938
- EPSS 93.43%
- Veröffentlicht 15.09.2024 22:15:09
- Zuletzt bearbeitet 20.09.2024 18:15:10
An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files.
CVE-2023-35813
- EPSS 93.52%
- Veröffentlicht 17.06.2023 23:15:09
- Zuletzt bearbeitet 17.12.2024 17:15:08
Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3.
CVE-2023-33651
- EPSS 0.43%
- Veröffentlicht 06.06.2023 19:15:12
- Zuletzt bearbeitet 08.01.2025 17:15:12
An issue in the MVC Device Simulator of Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) v9.0 Initial Release to v13.0 Initial Release allows attackers to bypass authorization rules.
CVE-2023-26262
- EPSS 10.97%
- Veröffentlicht 14.03.2023 21:15:10
- Zuletzt bearbeitet 27.02.2025 21:15:18
An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Sitecore user, a unrestricted language file upload vulnerability exists the can lead to direct code execution on the content management (CM) server.