CVE-2026-40603

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes a legacy dashboard route that returns a project's report data to any authenticated member of the same team, even when that user does n...

CVE-2026-44593 esm.sh: Legacy Route Path Traversal Can Lead to RCE

esm.sh is a no-build content delivery network CDN for web development. In 137 and earlier, the legacy router first retrieves a response from legacyServer, parses the incoming request path, and ultimately writes the data to storage via buildStorage.Put. The router concatenates the path components...

CVE-2026-40603

Chartbrew CVE-2026-40603 affects Chartbrew 4.9.0, where a legacy /api/project/dashboard/:brewName route exposes a project’s report data to any authenticated member of the same team, bypassing project-level authorization. This allows a low-privileged same-team user to read another project’s dashbo...

CVE-2026-40603

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes a legacy dashboard route that returns a project's report data to any authenticated member of the same team, even when that user does n...

CVE-2024-36419 SuiteCRM-Core Host Header Injection in /legacy

SuiteCRM is an open-source Customer Relationship Management CRM software application. A vulnerability in versions prior to 8.6.1 allows for Host Header Injection when directly accessing the /legacy route. Version 8.6.1 contains a patch for the issue...

CVE-2024-36419 SuiteCRM-Core Host Header Injection in /legacy

SuiteCRM is an open-source Customer Relationship Management CRM software application. A vulnerability in versions prior to 8.6.1 allows for Host Header Injection when directly accessing the /legacy route. Version 8.6.1 contains a patch for the issue...

CVE-2024-36419

SuiteCRM Core hosts a Host Header Injection vulnerability affecting versions prior to 8.6.1 via direct access to the /legacy route. The issue is addressed in version 8.6.1. The CVE indicates network-level exposure with low impact on confidentiality and integrity and requires no privileges but use...

PT-2024-26986 · Suitecrm · Suitecrm

Name of the Vulnerable Software and Affected Versions: SuiteCRM versions prior to 8.6.1 Description: A vulnerability in SuiteCRM allows for Host Header Injection when directly accessing the "/legacy" route. This issue affects versions prior to 8.6.1. Recommendations: For versions prior to 8.6.1,...

SuiteCRM Security Breach

SuiteCRM is a customer relationship management system from the SuiteCRM team. A security vulnerability exists in SuiteCRM versions prior to 8.6.1 that stems from a host header injection when accessing the /legacy route directly...