Lucene search

K

CorreosExpress – Shipping Management – Tags Security Vulnerabilities

nvd
nvd

CVE-2024-36418

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in connectors allows an authenticated user to perform a remote code execution attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

8.5CVSS

0.0004EPSS

2024-06-10 09:15 PM
6
cve
cve

CVE-2024-36418

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in connectors allows an authenticated user to perform a remote code execution attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

8.5CVSS

8.7AI Score

0.0004EPSS

2024-06-10 09:15 PM
24
nvd
nvd

CVE-2024-27814

This issue was addressed through improved state management. This issue is fixed in watchOS 10.5. A person with physical access to a device may be able to view contact information from the lock...

0.0004EPSS

2024-06-10 09:15 PM
5
nvd
nvd

CVE-2024-27830

This issue was addressed through improved state management. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the...

0.0004EPSS

2024-06-10 09:15 PM
2
cve
cve

CVE-2024-27830

This issue was addressed through improved state management. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the...

5.8AI Score

0.0004EPSS

2024-06-10 09:15 PM
24
cve
cve

CVE-2024-27814

This issue was addressed through improved state management. This issue is fixed in watchOS 10.5. A person with physical access to a device may be able to view contact information from the lock...

5.5AI Score

0.0004EPSS

2024-06-10 09:15 PM
22
nvd
nvd

CVE-2024-23251

An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. An attacker with physical access may be able to leak Mail account...

0.0004EPSS

2024-06-10 09:15 PM
2
cve
cve

CVE-2024-23251

An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. An attacker with physical access may be able to leak Mail account...

5.4AI Score

0.0004EPSS

2024-06-10 09:15 PM
21
cvelist
cvelist

CVE-2024-36419 SuiteCRM-Core Host Header Injection in /legacy

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. A vulnerability in versions prior to 8.6.1 allows for Host Header Injection when directly accessing the /legacy route. Version 8.6.1 contains a patch for the...

4.3CVSS

0.001EPSS

2024-06-10 09:15 PM
vulnrichment
vulnrichment

CVE-2024-36419 SuiteCRM-Core Host Header Injection in /legacy

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. A vulnerability in versions prior to 8.6.1 allows for Host Header Injection when directly accessing the /legacy route. Version 8.6.1 contains a patch for the...

4.3CVSS

7.4AI Score

0.001EPSS

2024-06-10 09:15 PM
vulnrichment
vulnrichment

CVE-2024-27830

This issue was addressed through improved state management. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the...

5.7AI Score

0.0004EPSS

2024-06-10 08:56 PM
cvelist
cvelist

CVE-2024-27830

This issue was addressed through improved state management. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the...

0.0004EPSS

2024-06-10 08:56 PM
2
cvelist
cvelist

CVE-2024-27814

This issue was addressed through improved state management. This issue is fixed in watchOS 10.5. A person with physical access to a device may be able to view contact information from the lock...

0.0004EPSS

2024-06-10 08:56 PM
3
vulnrichment
vulnrichment

CVE-2024-27814

This issue was addressed through improved state management. This issue is fixed in watchOS 10.5. A person with physical access to a device may be able to view contact information from the lock...

5.4AI Score

0.0004EPSS

2024-06-10 08:56 PM
cvelist
cvelist

CVE-2024-23251

An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. An attacker with physical access may be able to leak Mail account...

0.0004EPSS

2024-06-10 08:56 PM
3
vulnrichment
vulnrichment

CVE-2024-23251

An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. An attacker with physical access may be able to leak Mail account...

5.3AI Score

0.0004EPSS

2024-06-10 08:56 PM
nuclei
nuclei

Analytics Insights for Google Analytics 4 < 6.3 - Open Redirect

The plugin is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an...

6.7AI Score

0.001EPSS

2024-06-10 08:19 PM
2
cvelist
cvelist

CVE-2024-36418 SuiteCRM authenticated RCE using connectors

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in connectors allows an authenticated user to perform a remote code execution attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

8.5CVSS

0.0004EPSS

2024-06-10 08:16 PM
10
nuclei
nuclei

Payment Gateway for Telcell < 2.0.4 - Open Redirect

The plugin does not validate the api_url parameter before redirecting the user to its value, leading to an Open Redirect...

6.8AI Score

EPSS

2024-06-10 08:16 PM
osv
osv

CVE-2024-36417

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, an unverified IFrame can be added some some inputs, which could allow for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

9CVSS

8.7AI Score

0.001EPSS

2024-06-10 08:15 PM
nvd
nvd

CVE-2024-36414

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the connectors file verification allows for a server-side request forgery attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

6.5CVSS

0.0005EPSS

2024-06-10 08:15 PM
3
cve
cve

CVE-2024-36416

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a deprecated v4 API example with no log rotation allows denial of service by logging excessive data. Versions 7.14.4 and 8.6.1 contain a fix for this...

8.6CVSS

8.4AI Score

0.0005EPSS

2024-06-10 08:15 PM
24
nvd
nvd

CVE-2024-36416

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a deprecated v4 API example with no log rotation allows denial of service by logging excessive data. Versions 7.14.4 and 8.6.1 contain a fix for this...

7.5CVSS

0.0005EPSS

2024-06-10 08:15 PM
3
cve
cve

CVE-2024-36414

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the connectors file verification allows for a server-side request forgery attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

7.7CVSS

7.6AI Score

0.0005EPSS

2024-06-10 08:15 PM
22
cve
cve

CVE-2024-36417

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, an unverified IFrame can be added some some inputs, which could allow for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

9CVSS

5.4AI Score

0.001EPSS

2024-06-10 08:15 PM
28
osv
osv

CVE-2024-36414

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the connectors file verification allows for a server-side request forgery attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

7.7CVSS

7.6AI Score

0.0005EPSS

2024-06-10 08:15 PM
1
nvd
nvd

CVE-2024-36417

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, an unverified IFrame can be added some some inputs, which could allow for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

9CVSS

0.001EPSS

2024-06-10 08:15 PM
3
nvd
nvd

CVE-2024-36413

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the import module error view allows for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

5.4CVSS

0.0004EPSS

2024-06-10 08:15 PM
4
osv
osv

CVE-2024-36415

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in uploaded file verification in products allows for remote code execution. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.1CVSS

9.5AI Score

0.001EPSS

2024-06-10 08:15 PM
1
osv
osv

CVE-2024-36413

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the import module error view allows for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

8.9CVSS

8.3AI Score

0.0004EPSS

2024-06-10 08:15 PM
cve
cve

CVE-2024-36415

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in uploaded file verification in products allows for remote code execution. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.1CVSS

9.5AI Score

0.001EPSS

2024-06-10 08:15 PM
26
nvd
nvd

CVE-2024-36415

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in uploaded file verification in products allows for remote code execution. Versions 7.14.4 and 8.6.1 contain a fix for this...

8.8CVSS

0.001EPSS

2024-06-10 08:15 PM
3
osv
osv

CVE-2024-36416

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a deprecated v4 API example with no log rotation allows denial of service by logging excessive data. Versions 7.14.4 and 8.6.1 contain a fix for this...

8.6CVSS

8.4AI Score

0.0005EPSS

2024-06-10 08:15 PM
cve
cve

CVE-2024-36413

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the import module error view allows for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

8.9CVSS

8.3AI Score

0.0004EPSS

2024-06-10 08:15 PM
21
nvd
nvd

CVE-2024-36412

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.8CVSS

0.001EPSS

2024-06-10 08:15 PM
9
osv
osv

CVE-2024-36411

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax displayView controller. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.6CVSS

9.7AI Score

0.001EPSS

2024-06-10 08:15 PM
1
cve
cve

CVE-2024-36411

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax displayView controller. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.6CVSS

9.7AI Score

0.001EPSS

2024-06-10 08:15 PM
24
nvd
nvd

CVE-2024-36411

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax displayView controller. Versions 7.14.4 and 8.6.1 contain a fix for this...

8.8CVSS

0.001EPSS

2024-06-10 08:15 PM
1
osv
osv

CVE-2024-36412

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

10CVSS

9.7AI Score

0.001EPSS

2024-06-10 08:15 PM
cve
cve

CVE-2024-36412

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

10CVSS

9.8AI Score

0.001EPSS

2024-06-10 08:15 PM
30
vulnrichment
vulnrichment

CVE-2024-36416 SuiteCRM v4 API Excessive log data DOS

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a deprecated v4 API example with no log rotation allows denial of service by logging excessive data. Versions 7.14.4 and 8.6.1 contain a fix for this...

8.6CVSS

6.8AI Score

0.0005EPSS

2024-06-10 08:03 PM
cvelist
cvelist

CVE-2024-36416 SuiteCRM v4 API Excessive log data DOS

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a deprecated v4 API example with no log rotation allows denial of service by logging excessive data. Versions 7.14.4 and 8.6.1 contain a fix for this...

8.6CVSS

0.0005EPSS

2024-06-10 08:03 PM
3
cvelist
cvelist

CVE-2024-36417 SuiteCRM Stored XSS Vulnerability Allows Code Execution via Malicious iFrame

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, an unverified IFrame can be added some some inputs, which could allow for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

5.7CVSS

0.001EPSS

2024-06-10 07:55 PM
4
vulnrichment
vulnrichment

CVE-2024-36417 SuiteCRM Stored XSS Vulnerability Allows Code Execution via Malicious iFrame

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, an unverified IFrame can be added some some inputs, which could allow for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

5.7CVSS

6.2AI Score

0.001EPSS

2024-06-10 07:55 PM
2
vulnrichment
vulnrichment

CVE-2024-36415 SuiteCRM Improper Control of Filename for Include Statement in PHP and Unrestricted Upload of File with Dangerous content leads to authenticated remote code execution

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in uploaded file verification in products allows for remote code execution. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.1CVSS

7.7AI Score

0.001EPSS

2024-06-10 07:49 PM
cvelist
cvelist

CVE-2024-36415 SuiteCRM Improper Control of Filename for Include Statement in PHP and Unrestricted Upload of File with Dangerous content leads to authenticated remote code execution

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in uploaded file verification in products allows for remote code execution. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.1CVSS

0.001EPSS

2024-06-10 07:49 PM
2
vulnrichment
vulnrichment

CVE-2024-36414 SuiteCRM authenticated Server-Side Request Forgery

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the connectors file verification allows for a server-side request forgery attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

7.7CVSS

6.8AI Score

0.0005EPSS

2024-06-10 07:40 PM
cvelist
cvelist

CVE-2024-36414 SuiteCRM authenticated Server-Side Request Forgery

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the connectors file verification allows for a server-side request forgery attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

7.7CVSS

0.0005EPSS

2024-06-10 07:40 PM
1
cvelist
cvelist

CVE-2024-36413 SuiteCRM authenticated Reflected Cross-Site Scripting

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the import module error view allows for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

8.9CVSS

0.0004EPSS

2024-06-10 07:38 PM
3
vulnrichment
vulnrichment

CVE-2024-36413 SuiteCRM authenticated Reflected Cross-Site Scripting

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the import module error view allows for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

8.9CVSS

6.2AI Score

0.0004EPSS

2024-06-10 07:38 PM
Total number of security vulnerabilities140380