902 matches found
CVE-2026-23500
Dolibarr is an enterprise resource planning ERP and customer relationship management CRM software package. In versions prior to 23.0.0 , the ODT to PDF conversion process in odf.php concatenates the MAINODTASPDF configuration constant directly into a shell command passed to exec without...
CVE-2026-38527
A Server-Side Request Forgery SSRF in the /settings/webhooks/create component of Webkul Krayin CRM v2.2.x allows attackers to scan internal resources via supplying a crafted POST request...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several SAP products, including SAP Supplier Relationship Management, SAP BusinessObjects Business Intelligence Platform, SAP NetWeaver Application Server Java and ABAP, SAP Landscape Transformation, SAP Business Planning and Consolidation, SAP Business Warehouse,...
CVE-2026-0512 Cross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management (SICF Handler in SRM Catalog)
Due to a Cross-Site Scripting XSS vulnerability in the SAP Supplier Relationship Management SICF Handler in SRM Catalog, an unauthenticated attacker could craft a malicious URL, that if accessed by a victim, results in execution of malicious content within the victim's browser. This could allow t...
CVE-2026-0512
Due to a Cross-Site Scripting XSS vulnerability in the SAP Supplier Relationship Management SICF Handler in SRM Catalog, an unauthenticated attacker could craft a malicious URL, that if accessed by a victim, results in execution of malicious content within the victim's browser. This could allow t...
CVE-2026-0512
CVE-2026-0512 describes a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management (SICF Handler in SRM Catalog). An unauthenticated attacker can craft a malicious URL that, when accessed by a victim, leads to execution of malicious content in the victim’s browser. Rep...
EUVD-2026-22138
Due to a Cross-Site Scripting XSS vulnerability in the SAP Supplier Relationship Management SICF Handler in SRM Catalog, an unauthenticated attacker could craft a malicious URL, that if accessed by a victim, results in execution of malicious content within the victim's browser. This could allow t...
PT-2026-32550
Due to a Cross-Site Scripting XSS vulnerability in the SAP Supplier Relationship Management SICF Handler in SRM Catalog, an unauthenticated attacker could craft a malicious URL, that if accessed by a victim, results in execution of malicious content within the victim's browser. This could allow t...
SAP Supplier Relationship Management(SRM) 跨站脚本漏洞
SAP Supplier Relationship Management SRM is a supplier relationship management solution developed by the German company SAP. This product automates procurement and purchasing processes both within the enterprise and between suppliers. It also provides features such as invoice generation. However,...
EUVD-2026-18139
A vulnerability was determined in SourceCodester Simple Customer Relationship Management System 1.0. This issue affects some unknown processing of the file /create-ticket.php of the component Create Ticket. This manipulation of the argument Description causes cross site scripting. Remote...
CVE-2026-5325
A vulnerability was determined in SourceCodester Simple Customer Relationship Management System 1.0. This issue affects some unknown processing of the file /create-ticket.php of the component Create Ticket. This manipulation of the argument Description causes cross site scripting. Remote...
CVE-2026-5325
CVE-2026-5325 affects SourceCodester Simple Customer Relationship Management System 1.0. The issue lies in the Create Ticket component, specifically in /create-ticket.php where manipulating the Description argument causes cross-site scripting . Remote exploitation is possible, and the exploit has...
CVE-2026-5325 SourceCodester Simple Customer Relationship Management System Create Ticket create-ticket.php cross site scripting
A vulnerability was determined in SourceCodester Simple Customer Relationship Management System 1.0. This issue affects some unknown processing of the file /create-ticket.php of the component Create Ticket. This manipulation of the argument Description causes cross site scripting. Remote...
SourceCodester Simple Customer Relationship Management System 代码注入漏洞
SourceCodester Simple Customer Relationship Management System is a simple customer relationship management system developed under open source by SourceCodester. Version 1.0 of the SourceCodester Simple Customer Relationship Management System contains a code injection vulnerability. This...
CVE-2026-4623
A security vulnerability has been detected in DefaultFuction Jeson-Customer-Relationship-Management-System up to 1b4679c4d06b90d31dd521c2b000bfdec5a36e00. This affects an unknown function of the file /api/System.php of the component API Module. The manipulation of the argument url leads to...
Improper Control of Dynamically-Managed Code Resources
Overview graphiti is an Easily build jsonapi.org-compatible APIs Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources via the Graphiti::Util::ValidationResponseallvalid? method recursively calls model.sendname. An attacker can execute arbitrar...
CVE-2026-4623 DefaultFuction Jeson-Customer-Relationship-Management-System API Module System.php server-side request forgery
A security vulnerability has been detected in DefaultFuction Jeson-Customer-Relationship-Management-System up to 1b4679c4d06b90d31dd521c2b000bfdec5a36e00. This affects an unknown function of the file /api/System.php of the component API Module. The manipulation of the argument url leads to...
CVE-2026-4623 DefaultFuction Jeson-Customer-Relationship-Management-System API Module System.php server-side request forgery
A security vulnerability has been detected in DefaultFuction Jeson-Customer-Relationship-Management-System up to 1b4679c4d06b90d31dd521c2b000bfdec5a36e00. This affects an unknown function of the file /api/System.php of the component API Module. The manipulation of the argument url leads to...
Graphiti 安全漏洞
Graphiti is a framework developed by Zep for building temporal context graphs for AI agents. Versions of Graphiti prior to 1.10.2 contained security vulnerabilities. These vulnerabilities stemmed from the JSONAPI writing feature not verifying the relationship names provided by users, which could...
CVE-2026-33286 Graphiti Affected by Arbitrary Method Execution via Unvalidated Relationship Names
Graphiti is a framework that sits on top of models and exposes them via a JSON:API-compliant interface. Versions prior to 1.10.2 have an arbitrary method execution vulnerability that affects Graphiti's JSONAPI write functionality. An attacker can craft a malicious JSONAPI payload with arbitrary...