Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

CVE
CVEadded 2025/11/08 1:16 a.m.12 views

CVE-2025-64493

In SuiteCRM versions 8.6.0–8.9.0, an authenticated, blind (time-based) SQL injection exists in the appMetadata operation of the GraphQL API, allowing extraction of arbitrary data without admin access. Affected component: GraphQL API, operation appMetadata. Root cause: improper handling/validation...

6.5CVSS6.5AI score0.00036EPSS
Exploits0References2Affected Software1
EUVD
EUVDadded 2025/11/08 1:16 a.m.1 views

EUVD-2025-38345

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In versions 8.6.0 through 8.9.0, there is an authenticated, blind time-based SQL-injection inside the appMetadata-operation of the GraphQL-API. This allows extraction of arbitrary data from the...

6.5CVSS6.3AI score0.00036EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/11/08 1:16 a.m.2 views

CVE-2025-64493 SuiteCRM is Vulnerable to Authenticated Blind SQL Injection via GraphQL

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In versions 8.6.0 through 8.9.0, there is an authenticated, blind time-based SQL-injection inside the appMetadata-operation of the GraphQL-API. This allows extraction of arbitrary data from the...

6.5CVSS6.5AI score0.00036EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/11/08 1:16 a.m.8 views

CVE-2025-64493 SuiteCRM is Vulnerable to Authenticated Blind SQL Injection via GraphQL

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In versions 8.6.0 through 8.9.0, there is an authenticated, blind time-based SQL-injection inside the appMetadata-operation of the GraphQL-API. This allows extraction of arbitrary data from the...

6.5CVSS0.00036EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/11/06 12:0 a.m.3 views

PT-2025-45526

Name of the Vulnerable Software and Affected Versions SuiteCRM versions 8.6.0 through 8.9.0 Description SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions 8.6.0 through 8.9.0 are susceptible to an authenticated, blind time-based...

6.8CVSS6.7AI score0.00036EPSS
Exploits0References15
ThreatPost
ThreatPostadded 2017/07/13 11:12 a.m.10 views

Google Changes How it Analyzes Misbehaving Mobile Apps

Mobile apps in the Google Play store are categorized by their purpose, i.e., productivity or games. But there is a science to how apps are arranged, in particular around security and privacy features, and especially in holding back those apps whose behaviors pose a risk to mobile users. Google on...

0.1AI score
Exploits0References2
Rows per page
Query Builder