Filter
AND
-Infinity
0
Trending
SuiteCRMAn issue was discovered in SuiteCRM 7.12.7. Authenticated users can use CRM functions to upload mali…
8.8
First published (updated )
SuiteCRMAn issue was discovered in SuiteCRM 7.12.7. Authenticated users can recover an arbitrary field of a …
8.1
First published (updated )
SugarCRMPath Traversal: '\..\filename' in salesagility/suitecrm
8.8
First published (updated )
SugarCRMCode Injection in salesagility/suitecrm
8.8
EPSS
0.05%
First published (updated )
SugarCRMCross-site Scripting (XSS) - Stored in salesagility/suitecrm-core
7.6
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
SugarCRMCross-site Scripting (XSS) - Stored in salesagility/suitecrm
8.9
First published (updated )
SugarCRMImproper Access Control in salesagility/suitecrm
8.1
First published (updated )
SugarCRMSuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vulnerable to privilege escalation.
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
SugarCRMAuthenticated SQL injection in AM_ProjectTemplates controller in SuiteCRM
8.8
EPSS
0.07%
First published (updated )
SugarCRMAuthenticated Blind SQL Injection in DeleteRelationShip in SuiteCRM
8.8
First published (updated )
SugarCRMCross-Site Request Forgery (CSRF) in salesagility/suitecrm-core
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
SugarCRMSuiteCRM has wrong deletion permission checks on API delete call
7.7
First published (updated )
SugarCRMPath Traversal: '\..\filename' in salesagility/suitecrm
8.8
EPSS
0.05%
First published (updated )
SugarCRMCode Injection in salesagility/suitecrm
8.8
EPSS
0.05%
First published (updated )
SugarCRMSuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opp…
7.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
SugarCRMSuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PHP Object Injection.
8.8
First published (updated )
SugarCRMSuiteCRM through 7.11.11 allows PHAR Deserialization.
7.2
First published (updated )
SugarCRMSuiteCRM before 7.12.3 and 8.x before 8.0.2 allows remote code execution.
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
SugarCRMSuiteCRM - Account Takeover in Password Reset Functionality
8
First published (updated )
SugarCRMSuiteCRM v7.11.23 was discovered to allow remote code execution via a crafted payload injected into …
7.2
First published (updated )
SugarCRMSuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Authenticated users with…
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.