Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2025-53690 KEV |
|
[KEV] Unsafe Deserialization in Sitecore multiple-products (CVE-2025-53690)
vulnerability in Sitecore multiple-products (CVE-2025-53690). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2019-9875 KEV |
|
[KEV] Unsafe Deserialization in Sitecore cms-and-experience-platform-xp (CVE-2019-9875)
vulnerability in Sitecore cms-and-experience-platform-xp (CVE-2019-9875). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2019-9874 KEV |
|
[KEV] Unsafe Deserialization in Sitecore cms-and-experience-platform-xp (CVE-2019-9874)
vulnerability in Sitecore cms-and-experience-platform-xp (CVE-2019-9874). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-42237 KEV |
|
[KEV] Unsafe Deserialization in Sitecore xp (CVE-2021-42237)
vulnerability in Sitecore xp (CVE-2021-42237). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2017-11439 |
|
In Sitecore 8.2, there is reflected XSS in the shell/Applications/Tools/Run Program parameter.
In Sitecore 8.2, there is reflected XSS in the shell/Applications/Tools/Run Program parameter.
|
| CVE-2017-11440 |
|
Path Traversal in path-traversal (CVE-2017-11440)
path traversal in path-traversal (CVE-2017-11440). Confidential information can be exposed externally.
|
| CVE-2017-9356 |
|
Cross-Site Scripting (XSS) in csharp (CVE-2017-9356)
cross-site scripting in csharp (CVE-2017-9356). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-5965 |
|
Vulnerability in sitecore (CVE-2017-5965)
vulnerability in sitecore (CVE-2017-5965). Successful exploitation can lead to full system takeover.
|
| CVE-2017-5966 |
|
Path Traversal in path-traversal (CVE-2017-5966)
path traversal in path-traversal (CVE-2017-5966). Confidential information can be exposed externally.
|
| CVE-2016-8855 |
|
Cross-Site Scripting (XSS) in sitecore (CVE-2016-8855)
cross-site scripting in sitecore (CVE-2016-8855). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.2` or later.
|