Package impact
COMPOSER / pimcore/pimcore
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-45704 | high | — | 8.0 | 2d ago | Pimcore has a CustomReports Share Bypass | |||
| CVE-2026-45260 | high | — | 8.0 | 2d ago | Pimcore: Missing Authorization in WebDAV MOVE via unchecked asset move handling | |||
| CVE-2026-45162 | high | — | 8.0 | 2d ago | Pimcore has Unsafe PHP Deserialization in Multiple Locations Without allowed_classes Restriction | |||
| CVE-2026-44739 | high | — | 8.0 | 3d ago | Pimcore Vulnerable to SQL Injection in Custom Reports Column Configuration | |||
| CVE-2026-5394 | high | — | 8.0 | 1mo ago | Pimcore Platform - SQL Injection in DataObject composite index handling during class definition import/save | |||
| CVE-2026-45703 | medium | — | 5.5 | 2d ago | Pimcore has a WordExport Authorization Bypass for Unauthorized Document Export | |||
| CVE-2026-5362 | medium | 5.4 | 5.4 | 1mo ago | Pimcore has an authenticated Cross-site Scripting issue |