CVE-2025-53690

<= 9.0

Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Code

9.0CRITICAL

CVE-2025-53694

>= 9.2 and < 10.4

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Sitecore Experience Manager (XM), Sitecore Ex

7.5HIGH

CVE-2025-53693

>= 9.0 and < 10.4

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Sitecore Experience M

9.8CRITICAL

CVE-2025-53691

>= 9.0 and < 10.4

Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Remo

8.8HIGH

CVE-2025-34511

>= 9.0 and < 10.4

Sitecore PowerShell Extensions, an add-on to Sitecore Experience Manager (XM) and Experience Platform (XP), through version 7.0 is

8.8HIGH

CVE-2025-34510

>= 9.0 and < 10.4

Sitecore Experience Manager (XM), Experience Platform (XP), and Experience Commerce (XC) versions 9.0 through 9.3 and 10.0 through

8.8HIGH

CVE-2025-34509

>= 9.0 and < 10.4

Sitecore Experience Manager (XM) and Experience Platform (XP) versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3

7.5HIGH

CVE-2024-46938

>= 8.0 and <= 10.4

An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8.0 Initial Re

7.5HIGH

CVE-2023-35813

>= 8.2 and <= 10.3

Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Comme

9.8CRITICAL

CVE-2023-33653

all versions

Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execution (RCE) vulnerability via th

8.8HIGH

CVE-2023-33652

all versions

Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execution (RCE) vulnerability via th

8.8HIGH

CVE-2023-33651

>= 9.0 and <= 10.3

An issue in the MVC Device Simulator of Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) v

7.5HIGH

CVE-2023-27068

< 10.2

Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote attackers to run arbitrary code via V

9.8CRITICAL

CVE-2023-27067

<= 10.2

Directory Traversal vulnerability in Sitecore Experience Platform through 10.2 allows remote attackers to download arbitrary files

7.5HIGH

CVE-2023-27066

<= 10.2

Directory Traversal vulnerability in Site Core Experience Platform 10.2 and earlier allows authenticated remote attackers to downl

6.5MEDIUM

CVE-2023-26262

< 10.3

An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Sitecore user, a unrestricted language file upload vulnerabili

7.2HIGH

CVE-2021-42237

all versions

Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possib

9.8CRITICAL

CVE-2019-13493

all versions

In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged user can mo

5.4MEDIUM

CVE-2019-11080

< 9.1.1

Sitecore Experience Platform (XP) prior to 9.1.1 is vulnerable to remote code execution via deserialization, aka TFS # 293863. An

8.8HIGH

CVE-2019-9874

>= 7.5 and <= 8.2

Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CSRF) module in Sitecore CMS 7.0 to 7.2 and Sitecore

9.8CRITICAL

CVE-2016-8855

all versions

Cross-Site Scripting (XSS) in "/sitecore/client/Applications/List Manager/Taskpages/Contact list" in Sitecore Experience Platform

6.1MEDIUM