Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

164 matches found

RedhatCVE
RedhatCVEadded 2026/06/05 7:50 p.m.6 views

CVE-2026-7782

A vulnerability was detected in CodeCanyon Perfex CRM up to 3.4.1. This affects the function Clients::project of the file application/controllers/Clients.php of the component Tenant Handler. The manipulation of the argument ID results in authorization bypass. The attack may be performed from...

6.5CVSS6.2AI score0.00211EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/05/06 8:22 p.m.7 views

CVE-2026-7783

A flaw has been found in CodeCanyon Perfex CRM up to 3.4.1. This vulnerability affects the function AbstractKanban::applySortQuery of the file application/services/AbstractKanban.php of the component Admin Kanban Endpoint. This manipulation of the argument this causes sql injection. It is possibl...

6.5CVSS6.4AI score0.00241EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/05 12:30 a.m.7 views

EUVD-2026-27155

A flaw has been found in CodeCanyon Perfex CRM up to 3.4.1. This vulnerability affects the function AbstractKanban::applySortQuery of the file application/services/AbstractKanban.php of the component Admin Kanban Endpoint. This manipulation of the argument this causes sql injection. It is possibl...

6.5CVSS6.4AI score0.00241EPSS
Exploits0References5
EUVD
EUVDadded 2026/05/05 12:30 a.m.7 views

EUVD-2026-27153

A vulnerability was detected in CodeCanyon Perfex CRM up to 3.4.1. This affects the function Clients::project of the file application/controllers/Clients.php of the component Tenant Handler. The manipulation of the argument ID results in authorization bypass. The attack may be performed from...

6.5CVSS5.5AI score0.00211EPSS
Exploits0References5
NVD
NVDadded 2026/05/05 12:16 a.m.11 views

CVE-2026-7783

A flaw has been found in CodeCanyon Perfex CRM up to 3.4.1. This vulnerability affects the function AbstractKanban::applySortQuery of the file application/services/AbstractKanban.php of the component Admin Kanban Endpoint. This manipulation of the argument this causes sql injection. It is possibl...

6.5CVSS0.00241EPSS
Exploits0References4
CNNVD
CNNVDadded 2026/05/05 12:0 a.m.10 views

CodeCanyon Perfex CRM 注入漏洞

CodeCanyon Perfex CRM is a self-hosted customer relationship management software developed by CodeCanyon. Versions of CodeCanyon Perfex CRM 3.4.1 and earlier had a SQL injection vulnerability. This vulnerability stemmed from the operation of the Admin Kanban endpoint in the...

6.5CVSS6.7AI score0.00241EPSS
Exploits0References2
NVD
NVDadded 2026/05/04 11:16 p.m.14 views

CVE-2026-7782

A vulnerability was detected in CodeCanyon Perfex CRM up to 3.4.1. This affects the function Clients::project of the file application/controllers/Clients.php of the component Tenant Handler. The manipulation of the argument ID results in authorization bypass. The attack may be performed from...

6.5CVSS0.00211EPSS
Exploits0References4
CVE
CVEadded 2026/05/04 11:15 p.m.16 views

CVE-2026-7783

CodeCanyon Perfex CRM up to v3.4.1 has a SQL injection in AbstractKanban::applySortQuery (Admin Kanban Endpoint: application/services/AbstractKanban.php). Attackers can remotely trigger via the affected function argument manipulation. The exploit has been published and may be used. Affected compo...

6.5CVSS6.4AI score0.00241EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/05/04 11:15 p.m.1 views

CVE-2026-7783

A flaw has been found in CodeCanyon Perfex CRM up to 3.4.1. This vulnerability affects the function AbstractKanban::applySortQuery of the file application/services/AbstractKanban.php of the component Admin Kanban Endpoint. This manipulation of the argument this causes sql injection. It is possibl...

6.5CVSS5.6AI score0.00241EPSS
Exploits0References4Affected Software1
Cvelist
Cvelistadded 2026/05/04 11:15 p.m.33 views

CVE-2026-7783 CodeCanyon Perfex CRM Admin Kanban Endpoint AbstractKanban.php applySortQuery sql injection

A flaw has been found in CodeCanyon Perfex CRM up to 3.4.1. This vulnerability affects the function AbstractKanban::applySortQuery of the file application/services/AbstractKanban.php of the component Admin Kanban Endpoint. This manipulation of the argument this causes sql injection. It is possibl...

6.5CVSS0.00241EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/05/04 10:30 p.m.2 views

CVE-2026-7782

A vulnerability was detected in CodeCanyon Perfex CRM up to 3.4.1. This affects the function Clients::project of the file application/controllers/Clients.php of the component Tenant Handler. The manipulation of the argument ID results in authorization bypass. The attack may be performed from...

6.5CVSS5.5AI score0.00211EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/04 10:30 p.m.4 views

CVE-2026-7782 CodeCanyon Perfex CRM Tenant Clients.php project authorization

A vulnerability was detected in CodeCanyon Perfex CRM up to 3.4.1. This affects the function Clients::project of the file application/controllers/Clients.php of the component Tenant Handler. The manipulation of the argument ID results in authorization bypass. The attack may be performed from...

6.5CVSS6.3AI score0.00211EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/05/04 10:30 p.m.35 views

CVE-2026-7782 CodeCanyon Perfex CRM Tenant Clients.php project authorization

A vulnerability was detected in CodeCanyon Perfex CRM up to 3.4.1. This affects the function Clients::project of the file application/controllers/Clients.php of the component Tenant Handler. The manipulation of the argument ID results in authorization bypass. The attack may be performed from...

6.5CVSS0.00211EPSS
Exploits0References4
CVE
CVEadded 2026/05/04 10:30 p.m.17 views

CVE-2026-7782

CodeCanyon Perfex CRM до v3.4.1 is affected by a vulnerability in the Clients::project function (file: application/controllers/Clients.php) within the Tenant Handler. Manipulating the argument ID causes an authorization bypass. The issue allows a remote attacker to exploit a public exploit, with ...

6.5CVSS6.3AI score0.00211EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/05/04 12:0 a.m.6 views

PT-2026-36932

Name of the Vulnerable Software and Affected Versions CodeCanyon Perfex CRM versions prior to 3.4.2 Description A flaw in the Admin Kanban Endpoint allows for remote SQL injection, which is a technique where malicious SQL statements are inserted into entry fields for execution. The issue exists...

6.5CVSS5.8AI score0.00241EPSS
Exploits0References7
CNNVD
CNNVDadded 2026/05/04 12:0 a.m.8 views

CodeCanyon Perfex CRM 授权问题漏洞

CodeCanyon Perfex CRM is a self-hosted customer relationship management software developed by CodeCanyon. Versions of CodeCanyon Perfex CRM 3.4.1 and earlier contained an authorization vulnerability. This vulnerability stemmed from the operation of the parameter ID in the function Clients::projec...

6.5CVSS6.6AI score0.00211EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/10/15 12:51 a.m.3 views

CVE-2025-60374

Stored Cross-Site Scripting XSS in Perfex CRM chatbot before 3.3.1 allows attackers to inject arbitrary HTML/JavaScript. The payload is executed in the browsers of users viewing the chat, resulting in client-side code execution, potential session token theft, and other malicious actions. A...

6.1CVSS5.8AI score0.00452EPSS
Exploits3References1
EUVD
EUVDadded 2025/10/14 9:30 p.m.3 views

EUVD-2025-34466

Stored Cross-Site Scripting XSS in Perfex CRM chatbot before 3.3.1 allows attackers to inject arbitrary HTML/JavaScript. The payload is executed in the browsers of users viewing the chat, resulting in client-side code execution, potential session token theft, and other malicious actions. A...

5.4CVSS5.4AI score0.00452EPSS
Exploits3References2
NVD
NVDadded 2025/10/14 8:15 p.m.3 views

CVE-2025-60374

Stored Cross-Site Scripting XSS in Perfex CRM chatbot before 3.3.1 allows attackers to inject arbitrary HTML/JavaScript. The payload is executed in the browsers of users viewing the chat, resulting in client-side code execution, potential session token theft, and other malicious actions. A...

6.1CVSS0.00318EPSS
Exploits2References1
Positive Technologies
Positive Technologiesadded 2025/10/14 12:0 a.m.2 views

PT-2025-42183

Stored Cross-Site Scripting XSS in Perfex CRM chatbot before 3.3.1 allows attackers to inject arbitrary HTML/JavaScript. The payload is executed in the browsers of users viewing the chat, resulting in client-side code execution, potential session token theft, and other malicious actions. A...

5.4CVSS5.8AI score0.00452EPSS
Exploits3References2
Rows per page
Query Builder