CVE-2026-33740

EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Email/importEml endpoint contains an Insecure Direct Object Reference IDOR vulnerability where the attacker-supplied fileId parameter is used to fetch any attachment directly from...

PT-2022-18135 · Rsa · Archery

Name of the Vulnerable Software and Affected Versions: Archer versions 6.x through 6.9 SP2 P1 6.9.2.1 Description: The issue is related to improper access control on attachments, allowing a remote authenticated malicious user to potentially gain access to files that should only be allowed by extr...