Package impact
COMPOSER / pimcore/pimcore
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-45704 | high | — | 8.0 | 21h ago | Pimcore has a CustomReports Share Bypass | |
| CVE-2026-45260 | high | — | 8.0 | 1d ago | Pimcore: Missing Authorization in WebDAV MOVE via unchecked asset move handling | |
| CVE-2026-45162 | high | — | 8.0 | 1d ago | Pimcore has Unsafe PHP Deserialization in Multiple Locations Without allowed_classes Restriction | |
| CVE-2026-44739 | high | — | 8.0 | 2d ago | Pimcore Vulnerable to SQL Injection in Custom Reports Column Configuration | |
| CVE-2026-5394 | high | — | 8.0 | 1mo ago | Pimcore admin users can trigger SQL Injection | |
| CVE-2026-45703 | medium | — | 5.5 | 21h ago | Pimcore has a WordExport Authorization Bypass for Unauthorized Document Export | |
| CVE-2026-5362 | medium | 5.4 | 5.4 | 1mo ago | Pimcore has an authenticated Cross-site Scripting issue |