Lucene search
+L

902 matches found

UbuntuCve
UbuntuCve
added 2026/04/17 9:16 p.m.7 views

CVE-2026-23500

Dolibarr is an enterprise resource planning ERP and customer relationship management CRM software package. In versions prior to 23.0.0 , the ODT to PDF conversion process in odf.php concatenates the MAINODTASPDF configuration constant directly into a shell command passed to exec without...

9.4CVSS5.9AI score0.00922EPSS
Exploits3References1
NVD
NVD
added 2026/04/14 4:16 p.m.5 views

CVE-2026-38527

A Server-Side Request Forgery SSRF in the /settings/webhooks/create component of Webkul Krayin CRM v2.2.x allows attackers to scan internal resources via supplying a crafted POST request...

8.5CVSS0.00249EPSS
Exploits1References2
NCSC
NCSC
added 2026/04/14 12:55 p.m.8 views

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several SAP products, including SAP Supplier Relationship Management, SAP BusinessObjects Business Intelligence Platform, SAP NetWeaver Application Server Java and ABAP, SAP Landscape Transformation, SAP Business Planning and Consolidation, SAP Business Warehouse,...

9.9CVSS5.9AI score0.00501EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2026/04/14 12:6 a.m.2 views

CVE-2026-0512 Cross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management (SICF Handler in SRM Catalog)

Due to a Cross-Site Scripting XSS vulnerability in the SAP Supplier Relationship Management SICF Handler in SRM Catalog, an unauthenticated attacker could craft a malicious URL, that if accessed by a victim, results in execution of malicious content within the victim's browser. This could allow t...

6.1CVSS6AI score0.00226EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/14 12:6 a.m.3 views

CVE-2026-0512

Due to a Cross-Site Scripting XSS vulnerability in the SAP Supplier Relationship Management SICF Handler in SRM Catalog, an unauthenticated attacker could craft a malicious URL, that if accessed by a victim, results in execution of malicious content within the victim's browser. This could allow t...

6.1CVSS6AI score0.00226EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/04/14 12:6 a.m.9 views

CVE-2026-0512

CVE-2026-0512 describes a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management (SICF Handler in SRM Catalog). An unauthenticated attacker can craft a malicious URL that, when accessed by a victim, leads to execution of malicious content in the victim’s browser. Rep...

6.1CVSS6AI score0.00226EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/14 12:6 a.m.3 views

EUVD-2026-22138

Due to a Cross-Site Scripting XSS vulnerability in the SAP Supplier Relationship Management SICF Handler in SRM Catalog, an unauthenticated attacker could craft a malicious URL, that if accessed by a victim, results in execution of malicious content within the victim's browser. This could allow t...

6.1CVSS6AI score0.00226EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.6 views

PT-2026-32550

Due to a Cross-Site Scripting XSS vulnerability in the SAP Supplier Relationship Management SICF Handler in SRM Catalog, an unauthenticated attacker could craft a malicious URL, that if accessed by a victim, results in execution of malicious content within the victim's browser. This could allow t...

6.1CVSS6AI score0.00226EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.9 views

SAP Supplier Relationship Management(SRM) 跨站脚本漏洞

SAP Supplier Relationship Management SRM is a supplier relationship management solution developed by the German company SAP. This product automates procurement and purchasing processes both within the enterprise and between suppliers. It also provides features such as invoice generation. However,...

6.1CVSS5.7AI score0.00226EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/02 9:30 a.m.9 views

EUVD-2026-18139

A vulnerability was determined in SourceCodester Simple Customer Relationship Management System 1.0. This issue affects some unknown processing of the file /create-ticket.php of the component Create Ticket. This manipulation of the argument Description causes cross site scripting. Remote...

5.1CVSS4.5AI score0.00191EPSS
Exploits0References6
NVD
NVD
added 2026/04/02 7:15 a.m.9 views

CVE-2026-5325

A vulnerability was determined in SourceCodester Simple Customer Relationship Management System 1.0. This issue affects some unknown processing of the file /create-ticket.php of the component Create Ticket. This manipulation of the argument Description causes cross site scripting. Remote...

5.1CVSS0.00191EPSS
Exploits0References5
CVE
CVE
added 2026/04/02 7:0 a.m.23 views

CVE-2026-5325

CVE-2026-5325 affects SourceCodester Simple Customer Relationship Management System 1.0. The issue lies in the Create Ticket component, specifically in /create-ticket.php where manipulating the Description argument causes cross-site scripting . Remote exploitation is possible, and the exploit has...

5.1CVSS4.5AI score0.00191EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/02 7:0 a.m.2 views

CVE-2026-5325 SourceCodester Simple Customer Relationship Management System Create Ticket create-ticket.php cross site scripting

A vulnerability was determined in SourceCodester Simple Customer Relationship Management System 1.0. This issue affects some unknown processing of the file /create-ticket.php of the component Create Ticket. This manipulation of the argument Description causes cross site scripting. Remote...

5.1CVSS4.5AI score0.00191EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.11 views

SourceCodester Simple Customer Relationship Management System 代码注入漏洞

SourceCodester Simple Customer Relationship Management System is a simple customer relationship management system developed under open source by SourceCodester. Version 1.0 of the SourceCodester Simple Customer Relationship Management System contains a code injection vulnerability. This...

5.1CVSS5.7AI score0.00191EPSS
Exploits0References5
NVD
NVD
added 2026/03/24 3:16 a.m.8 views

CVE-2026-4623

A security vulnerability has been detected in DefaultFuction Jeson-Customer-Relationship-Management-System up to 1b4679c4d06b90d31dd521c2b000bfdec5a36e00. This affects an unknown function of the file /api/System.php of the component API Module. The manipulation of the argument url leads to...

7.5CVSS0.00321EPSS
Exploits0References8
Snyk
Snyk
added 2026/03/24 2:33 a.m.3 views

Improper Control of Dynamically-Managed Code Resources

Overview graphiti is an Easily build jsonapi.org-compatible APIs Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources via the Graphiti::Util::ValidationResponseallvalid? method recursively calls model.sendname. An attacker can execute arbitrar...

9.1CVSS6.2AI score0.00632EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/24 1:39 a.m.3 views

CVE-2026-4623 DefaultFuction Jeson-Customer-Relationship-Management-System API Module System.php server-side request forgery

A security vulnerability has been detected in DefaultFuction Jeson-Customer-Relationship-Management-System up to 1b4679c4d06b90d31dd521c2b000bfdec5a36e00. This affects an unknown function of the file /api/System.php of the component API Module. The manipulation of the argument url leads to...

7.5CVSS6.5AI score0.00321EPSS
Exploits0References8
OSV
OSV
added 2026/03/24 1:39 a.m.4 views

CVE-2026-4623 DefaultFuction Jeson-Customer-Relationship-Management-System API Module System.php server-side request forgery

A security vulnerability has been detected in DefaultFuction Jeson-Customer-Relationship-Management-System up to 1b4679c4d06b90d31dd521c2b000bfdec5a36e00. This affects an unknown function of the file /api/System.php of the component API Module. The manipulation of the argument url leads to...

6.9CVSS6.4AI score0.00321EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.8 views

Graphiti 安全漏洞

Graphiti is a framework developed by Zep for building temporal context graphs for AI agents. Versions of Graphiti prior to 1.10.2 contained security vulnerabilities. These vulnerabilities stemmed from the JSONAPI writing feature not verifying the relationship names provided by users, which could...

9.1CVSS6.1AI score0.00632EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/23 11:52 p.m.24 views

CVE-2026-33286 Graphiti Affected by Arbitrary Method Execution via Unvalidated Relationship Names

Graphiti is a framework that sits on top of models and exposes them via a JSON:API-compliant interface. Versions prior to 1.10.2 have an arbitrary method execution vulnerability that affects Graphiti's JSONAPI write functionality. An attacker can craft a malicious JSONAPI payload with arbitrary...

9.1CVSS0.00632EPSS
Exploits0References3
Rows per page
Query Builder