CVE-2025-53693 — CVSS 9.8 (critical): Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Sitecore Sitecore Experience Manager…
CVE-2023-27068 — CVSS 9.8 (critical): Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote attackers to run arbitrary code via…
CVE-2025-53691 — CVSS 8.8 (high): Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Remote Code…
CVE-2019-11080 — CVSS 8.8 (high): Sitecore Experience Platform (XP) prior to 9.1.1 is vulnerable to remote code execution via deserialization, aka TFS # 293863. An…
CVE-2025-34511 — CVSS 8.8 (high): Sitecore PowerShell Extensions, an add-on to Sitecore Experience Manager (XM) and Experience Platform (XP), through version 7.0 is…
CVE-2025-34510 — CVSS 8.8 (high): Sitecore Experience Manager (XM), Experience Platform (XP), and Experience Commerce (XC) versions 9.0 through 9.3 and 10.0 through 10.4 are…
CVE-2023-33652 — CVSS 8.8 (high): Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the…
CVE-2023-33653 — CVSS 8.8 (high): Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the…
CVE-2025-53694 — CVSS 7.5 (high): Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience…
CVE-2023-27067 — CVSS 7.5 (high): Directory Traversal vulnerability in Sitecore Experience Platform through 10.2 allows remote attackers to download arbitrary files via…
CVE-2023-33651 — CVSS 7.5 (high): An issue in the MVC Device Simulator of Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) v9.0…
CVE-2024-46938 — CVSS 7.5 (high): An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8.0 Initial Release…
CVE-2025-34509 — CVSS 7.5 (high): Sitecore Experience Manager (XM) and Experience Platform (XP) versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3…
CVE-2023-26262 — CVSS 7.2 (high): An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Sitecore user, a unrestricted language file upload vulnerability exists…
CVE-2023-27066 — CVSS 6.5 (medium): Directory Traversal vulnerability in Site Core Experience Platform 10.2 and earlier allows authenticated remote attackers to download…
CVE-2016-8855 — CVSS 6.1 (medium): Cross-Site Scripting (XSS) in "/sitecore/client/Applications/List Manager/Taskpages/Contact list" in Sitecore Experience Platform 8.1 rev…
CVE-2019-13493 — CVSS 5.4 (medium): In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged user can modify the…