7 matches found
CVE-2026-33740
EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Email/importEml endpoint contains an Insecure Direct Object Reference IDOR vulnerability where the attacker-supplied fileId parameter is used to fetch any attachment directly from...
CVE-2026-33733 EspoCRM has Admin TemplateManager path traversal that allows arbitrary file read write and delete
EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, the admin template management endpoints accept attacker-controlled name and scope values and pass them into template path construction without normalization or traversal filtering. As a result, an...
CVE-2026-33740 EspoCRM: Email importEml can import and delete another user's attachment by raw fileId
EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Email/importEml endpoint contains an Insecure Direct Object Reference IDOR vulnerability where the attacker-supplied fileId parameter is used to fetch any attachment directly from...
CVE-2016-5512
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-5521...
CVE-2016-3557
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via vectors related to File Load...
Oracle Agile PLM Information Disclosure Vulnerability (CNVD-2016-05328)
Oracle Agile Product Lifecycle Management PLM solutions enable organizations to manage product information, processes, and decisions across a global product network throughout the product lifecycle. A security vulnerability exists in Oracle Supply Chain Products Suite version 9.3.4, 9.3.5, Oracle...
Unspecified Vulnerability in Oracle Agile PLM (CNVD-2016-05336)
Oracle Agile Product Lifecycle Management PLM solutions enable organizations to manage product information, processes, and decisions across a global product network throughout the product lifecycle. A security vulnerability exists in Oracle Supply Chain Products Suite version 9.3.4, 9.3.5, Oracle...