Package impact

Packagist / pimcore/admin-ui-classic-bundle

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Flags	OS	Vendor	Published	Description
CVE-2026-44741	high	—	8.0				3d ago	Pimcore Admin Classic Bundle Vulnerable to SQL Injection in Translation Grid Date Filter via Unsanitized Property Parameter
CVE-2026-23495	unknown	—	—				4mo ago	Pimcore's Admin Classic Bundle is Missing Function Level Authorization on "Predefined Properties" Listing
CVE-2025-30166	unknown	—	—				1y ago	Pimcore's Admin Classic Bundle allows HTML Injection
CVE-2025-24980	unknown	—	—				1y ago	Pimcore Admin Classic Bundle allows user enumeration
CVE-2024-41109	unknown	—	—				2y ago	Pimcore vulnerable to disclosure of system and database information behind /admin firewall
CVE-2024-25625	unknown	—	—				2y ago	Pimcore Host Header Injection in user invitation link
CVE-2024-24822	unknown	—	—				2y ago	Pimcore Admin Classic Bundle permissions are not getting checked when working with tags
CVE-2024-23648	unknown	—	—				2y ago	Host header injection in the password reset
CVE-2024-23646	unknown	—	—				2y ago	SQL Injection in Admin download files as zip
CVE-2023-49075	unknown	—	—				3y ago	Pimcore Admin UI has Two Factor Authentication disabled for non admin security firewalls
CVE-2023-47636	unknown	—	—				3y ago	pimcore/admin-ui-classic-bundle Full Path Disclosure via re-export document
CVE-2023-46722	unknown	—	—				3y ago	Pimcore Admin Classic Bundle Cross-site Scripting (XSS) in PDF previews
CVE-2023-5844	unknown	—	—				3y ago	pimcore/admin-ui-classic-bundle Unverified Password Change
CVE-2023-42817	unknown	—	—				3y ago	pimcore/admin-ui-classic-bundle Cross-site Scripting vulnerability in Translations
CVE-2023-37280	unknown	—	—				3y ago	Pimcore admin UI vulnerable to Cross-site Scripting in 2 factor authentication setup page