CVE-2026-33656

EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, EspoCRM's built-in formula scripting engine allowing updating attachment's sourceId thus allowing an authenticated admin to overwrite the sourceId field on Attachment entities. Because sourceId is...

CVE-2026-33656

EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, EspoCRM's built-in formula scripting engine allowing updating attachment's sourceId thus allowing an authenticated admin to overwrite the sourceId field on Attachment entities. Because sourceId is...

CVE-2026-33656

EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, EspoCRM's built-in formula scripting engine allowing updating attachment's sourceId thus allowing an authenticated admin to overwrite the sourceId field on Attachment entities. Because sourceId is...

CVE-2026-33656 EspoCRM vulnerable to authenticated RCE via Formula with path traversal in attachment `sourceId`, exploitable by admin user

EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, EspoCRM's built-in formula scripting engine allowing updating attachment's sourceId thus allowing an authenticated admin to overwrite the sourceId field on Attachment entities. Because sourceId is...

CVE-2026-33656 EspoCRM vulnerable to authenticated RCE via Formula with path traversal in attachment `sourceId`, exploitable by admin user

EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, EspoCRM's built-in formula scripting engine allowing updating attachment's sourceId thus allowing an authenticated admin to overwrite the sourceId field on Attachment entities. Because sourceId is...

CVE-2026-33656

CVE-2026-33656 (EspoCRM) affects EspoCRM versions prior to 9.3.4. The vulnerability arises from the formula engine allowing updating Attachment.sourceId, which is concatenated into a file path in EspoUploadDir::getFilePath() without sanitization. This enables an authenticated admin to redirect fi...

EUVD-2026-25081

EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, EspoCRM's built-in formula scripting engine allowing updating attachment's sourceId thus allowing an authenticated admin to overwrite the sourceId field on Attachment entities. Because sourceId is...

EspoCRM 路径遍历漏洞

EspoCRM is an open-source, web-based Customer Relationship Management system CRM developed by EspoCRM. This system offers features such as sales automation, community management, and customer support. Versions of EspoCRM prior to 9.3.4 contained a path traversal vulnerability. This vulnerability...

PT-2026-27774

Name of the Vulnerable Software and Affected Versions EspoCRM versions prior to 9.3.4 Description The EspoCRM software contains a flaw due to the formula engine operating outside the field-level restriction layer, allowing writable access to fields marked as read-only, such as Attachment.sourceId...

Improper Authentication

Milvus is vulnerable to Improper Authentication. The vulnerability is due to improper validation of the sourceID header in the Milvus Proxy component, which allows an attacker to bypass authentication and gain full administrative access to the Milvus cluster...

BIT-MILVUS-2025-64513 Milvus Proxy has Critical Authentication Bypass Vulnerability

Milvus is an open-source vector database built for generative AI applications. An unauthenticated attacker can exploit a vulnerability in versions prior to 2.4.24, 2.5.21, and 2.6.5 to bypass all authentication mechanisms in the Milvus Proxy component, gaining full administrative access to the...

PT-2025-46212

Name of the Vulnerable Software and Affected Versions Milvus versions prior to 2.4.24 Milvus versions 2.5.0 through 2.5.20 Milvus versions 2.6.0 through 2.6.4 Description An unauthenticated attacker can bypass authentication mechanisms in the Milvus Proxy component, gaining full administrative...

CVE-2024-8121

creationtimestamp| type| source ---|---|--- 2024-09-04 10:13:13+00:00| seen| https://t.me/cvedetector/4772...

CVE-2023-36485

creationtimestamp| type| source ---|---|--- 2023-12-25 09:31:17+00:00| seen| https://t.me/ctinow/159171...

CVE-2022-29850

creationtimestamp| type| source ---|---|--- 2022-08-26 07:29:37+00:00| seen| https://t.me/cibsecurity/48837...

CVE-2018-1158

creationtimestamp| type| source ---|---|--- 2018-08-23 06:17:37+00:00| seen| https://t.me/mikrotikninja/245 2018-10-08 11:49:42+00:00| seen| https://t.me/sysodmins/3832 2018-10-23 21:02:39+00:00| seen| https://t.me/mtikpro/97 2018-11-01 16:03:49+00:00| seen|...

Unfixed XSS vulnerability at www.daronet.co.il

Security researcher wir3less-hack3r, has submitted on 19/06/2008 a cross-site-scripting XSS vulnerability affecting www.daronet.co.il, which at the time of submission ranked 360893 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 10/06/2009. It ...

Unfixed XSS vulnerability at www.dead-sea.org.il

Security researcher wir3less-hack3r, has submitted on 27/04/2008 a cross-site-scripting XSS vulnerability affecting www.dead-sea.org.il, which at the time of submission ranked 1367080 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 19/06/2008. ...