Lucene search
K

40 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.10 views

CVE-2026-35451

Twenty is an open source CRM. Prior to 1.20.6, a Stored Cross-Site Scripting XSS vulnerability exists in the BlockNote editor component. Due to a lack of protocol validation in the FileBlock component and insufficient server-side inspection of block content, an attacker can inject a javascript: U...

5.7CVSS5.8AI score0.00244EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.8 views

CVE-2026-46624

Twenty is an open source CRM. From 1.7.7 through 1.16.7, a critical Remote Code Execution RCE vulnerability exists in Twenty CRM via a chained SQL Injection and PostgreSQL COPY TO PROGRAM attack. If Postgres user is a super user then any authenticated user can execute arbitrary OS commands on the...

9.9CVSS6.3AI score0.00483EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.10 views

CVE-2026-44729

Twenty is an open source CRM. In 1.18.0 and earlier, the file serving endpoints in Twenty CRM at /files/ and /file/:fileFolder/:id serve uploaded files using fileStream.piperes without setting any Content-Type, Content-Disposition, or X-Content-Type-Options response headers. This allows an...

8.7CVSS5.4AI score0.00258EPSS
Exploits1References1
NVD
NVD
added 2026/05/26 6:16 p.m.16 views

CVE-2026-46624

Twenty is an open source CRM. From 1.7.7 through 1.16.7, a critical Remote Code Execution RCE vulnerability exists in Twenty CRM via a chained SQL Injection and PostgreSQL COPY TO PROGRAM attack. If Postgres user is a super user then any authenticated user can execute arbitrary OS commands on the...

9.9CVSS0.00483EPSS
Exploits1References1
NVD
NVD
added 2026/05/26 5:16 p.m.15 views

CVE-2026-44729

Twenty is an open source CRM. In 1.18.0 and earlier, the file serving endpoints in Twenty CRM at /files/ and /file/:fileFolder/:id serve uploaded files using fileStream.piperes without setting any Content-Type, Content-Disposition, or X-Content-Type-Options response headers. This allows an...

8.7CVSS0.00258EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/26 5:1 p.m.17 views

EUVD-2026-31907

Twenty is an open source CRM. From 1.7.7 through 1.16.7, a critical Remote Code Execution RCE vulnerability exists in Twenty CRM via a chained SQL Injection and PostgreSQL COPY TO PROGRAM attack. If Postgres user is a super user then any authenticated user can execute arbitrary OS commands on the...

9.9CVSS6.2AI score0.00483EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/26 5:1 p.m.11 views

CVE-2026-46624 Twenty: SQL Injection via the timeZone field

Twenty is an open source CRM. From 1.7.7 through 1.16.7, a critical Remote Code Execution RCE vulnerability exists in Twenty CRM via a chained SQL Injection and PostgreSQL COPY TO PROGRAM attack. If Postgres user is a super user then any authenticated user can execute arbitrary OS commands on the...

9.9CVSS6.2AI score0.00483EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/26 5:1 p.m.47 views

CVE-2026-46624 Twenty: SQL Injection via the timeZone field

Twenty is an open source CRM. From 1.7.7 through 1.16.7, a critical Remote Code Execution RCE vulnerability exists in Twenty CRM via a chained SQL Injection and PostgreSQL COPY TO PROGRAM attack. If Postgres user is a super user then any authenticated user can execute arbitrary OS commands on the...

9.9CVSS0.00483EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/26 5:1 p.m.7 views

CVE-2026-46624

Twenty is an open source CRM. From 1.7.7 through 1.16.7, a critical Remote Code Execution RCE vulnerability exists in Twenty CRM via a chained SQL Injection and PostgreSQL COPY TO PROGRAM attack. If Postgres user is a super user then any authenticated user can execute arbitrary OS commands on the...

9.9CVSS6.2AI score0.00483EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/26 4:56 p.m.9 views

CVE-2026-44729

Twenty is an open source CRM. In 1.18.0 and earlier, the file serving endpoints in Twenty CRM at /files/ and /file/:fileFolder/:id serve uploaded files using fileStream.piperes without setting any Content-Type, Content-Disposition, or X-Content-Type-Options response headers. This allows an...

8.7CVSS5.8AI score0.00258EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/05/26 4:56 p.m.34 views

CVE-2026-44729 Twenty: Stored Cross-Site Scripting via Unsanitized File Serving (Missing Content-Type/Content-Disposition Headers)

Twenty is an open source CRM. In 1.18.0 and earlier, the file serving endpoints in Twenty CRM at /files/ and /file/:fileFolder/:id serve uploaded files using fileStream.piperes without setting any Content-Type, Content-Disposition, or X-Content-Type-Options response headers. This allows an...

8.7CVSS0.00258EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/26 4:56 p.m.11 views

CVE-2026-44729 Twenty: Stored Cross-Site Scripting via Unsanitized File Serving (Missing Content-Type/Content-Disposition Headers)

Twenty is an open source CRM. In 1.18.0 and earlier, the file serving endpoints in Twenty CRM at /files/ and /file/:fileFolder/:id serve uploaded files using fileStream.piperes without setting any Content-Type, Content-Disposition, or X-Content-Type-Options response headers. This allows an...

8.7CVSS5.8AI score0.00258EPSS
Exploits1References1
CVE
CVE
added 2026/05/26 4:56 p.m.26 views

CVE-2026-44729

Twenty CRM versions 1.18.0 and earlier expose file serving endpoints at /files/* and /file/:fileFolder/:id that serve uploaded files via fileStream.pipe(res) without Content-Type, Content-Disposition, or X-Content-Type-Options headers. An authenticated attacker can upload an HTML file containing ...

8.7CVSS5.8AI score0.00258EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.12 views

Twenty 安全漏洞

Twenty is an open-source CRM platform developed by Twenty. Versions 1.7.7 to 1.16.7 of Twenty contain security vulnerabilities. These vulnerabilities stem from SQL injection attacks via uncleaned timeZone parameters and PostgreSQL COPY TO PROGRAM attacks, which may allow authenticated users to...

9.9CVSS6.1AI score0.00483EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.20 views

PT-2026-43352

Name of the Vulnerable Software and Affected Versions Twenty CRM versions 1.7.7 through 1.16.7 Description A Remote Code Execution RCE issue exists via a chained SQL Injection and PostgreSQL COPY TO PROGRAM attack. If the Postgres user is a superuser, any authenticated user can execute arbitrary ...

9.9CVSS6.3AI score0.00483EPSS
Exploits1References5
NVD
NVD
added 2026/05/05 8:16 p.m.10 views

CVE-2026-33975

Twenty is an open source CRM built with NestJS Node.js. In versions 1.18.0 and earlier, the SSRF protection in twenty-server's SecureHttpClientService can be bypassed using IPv4-mapped IPv6 addresses in URL IP literals. Node.js's URL parser normalizes IPv4-mapped IPv6 addresses to compressed hex...

8.3CVSS0.0024EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/05 7:19 p.m.13 views

CVE-2026-33975 twenty-server SSRF protection bypass via IPv4-mapped IPv6 address normalization

Twenty is an open source CRM built with NestJS Node.js. In versions 1.18.0 and earlier, the SSRF protection in twenty-server's SecureHttpClientService can be bypassed using IPv4-mapped IPv6 addresses in URL IP literals. Node.js's URL parser normalizes IPv4-mapped IPv6 addresses to compressed hex...

8.3CVSS5.8AI score0.0024EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.10 views

Twenty 代码问题漏洞

Twenty is an open-source CRM platform developed by Twenty. Versions of Twenty 1.18.0 and earlier have code vulnerabilities. These vulnerabilities stem from a flaw in the SSRF protection mechanism, which can be bypassed by IPv6 addresses mapped via IPv4. The Node.js URL parser standardizes IPv6...

8.3CVSS5.9AI score0.0024EPSS
Exploits0References2
CVE
CVE
added 2026/04/21 4:22 p.m.30 views

CVE-2026-35451

CVE-2026-35451 affects the Twenty open source CRM, specifically the BlockNote editor. Before version 1.20.6 there is a Stored XSS in the FileBlock component: an attacker can inject a javascript: URI into the url property of a file block due to lack of protocol validation and insufficient server-s...

5.7CVSS6.1AI score0.00244EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/06 7:45 p.m.5 views

CVE-2026-27023

Twenty is an open source CRM. Prior to version 1.18, the SSRF protection in SecureHttpClientService validated request URLs at the request level but did not validate redirect targets. An authenticated user who could control outbound request URLs e.g., webhook endpoints, image URLs could bypass...

5CVSS5.7AI score0.00199EPSS
Exploits0References1
Rows per page
Query Builder