Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.10 views

CVE-2026-33740

EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Email/importEml endpoint contains an Insecure Direct Object Reference IDOR vulnerability where the attacker-supplied fileId parameter is used to fetch any attachment directly from...

5.4CVSS5.5AI score0.00211EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/22 8:5 p.m.29 views

CVE-2026-33733 EspoCRM has Admin TemplateManager path traversal that allows arbitrary file read write and delete

EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, the admin template management endpoints accept attacker-controlled name and scope values and pass them into template path construction without normalization or traversal filtering. As a result, an...

7.2CVSS0.00448EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/13 8:37 p.m.17 views

CVE-2026-33740 EspoCRM: Email importEml can import and delete another user's attachment by raw fileId

EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Email/importEml endpoint contains an Insecure Direct Object Reference IDOR vulnerability where the attacker-supplied fileId parameter is used to fetch any attachment directly from...

5.4CVSS0.00211EPSS
Exploits1References3
OSV
OSV
added 2016/10/25 2:29 p.m.4 views

CVE-2016-5512

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-5521...

6.1CVSS5.8AI score0.01106EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2016/07/21 10:0 a.m.2 views

CVE-2016-3557

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via vectors related to File Load...

5.6AI score0.01673EPSS
Exploits0References3
CNVD
CNVD
added 2016/07/21 12:0 a.m.4 views

Oracle Agile PLM Information Disclosure Vulnerability (CNVD-2016-05328)

Oracle Agile Product Lifecycle Management PLM solutions enable organizations to manage product information, processes, and decisions across a global product network throughout the product lifecycle. A security vulnerability exists in Oracle Supply Chain Products Suite version 9.3.4, 9.3.5, Oracle...

3.5CVSS6.8AI score0.01413EPSS
Exploits0References1
CNVD
CNVD
added 2016/07/21 12:0 a.m.4 views

Unspecified Vulnerability in Oracle Agile PLM (CNVD-2016-05336)

Oracle Agile Product Lifecycle Management PLM solutions enable organizations to manage product information, processes, and decisions across a global product network throughout the product lifecycle. A security vulnerability exists in Oracle Supply Chain Products Suite version 9.3.4, 9.3.5, Oracle...

7.5CVSS6.8AI score0.02319EPSS
Exploits0References1
Rows per page
Query Builder