Lucene search
K

7273 matches found

EUVD
EUVD
added 6 hours ago7 views

EUVD-2026-43592

SAP CRM WebClient UI allows an attacker to inject and execute malicious scripts in the context of the application due to the absence of a Content Security Policy CSP configuration for certain restrictive directives. This vulnerability has a low impact on the integrity of the application...

4.1CVSS6.2AI score
Exploits0References2
NVD
NVD
added yesterday3 views

CVE-2026-57715

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPManageNinja Fluent CRM fluent-crm allows Reflected XSS.This issue affects Fluent CRM: from n/a through = 3.1.7...

7.1CVSS0.00251EPSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-57708

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CRM Perks Contact Form Entries contact-form-entries allows Reflected XSS.This issue affects Contact Form Entries: from n/a through = 1.5.2...

7.1CVSS0.00251EPSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-57421

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CRM Perks CRM Perks Forms crm-perks-forms allows Reflected XSS.This issue affects CRM Perks Forms: from n/a through = 1.1.7...

7.1CVSS0.00251EPSS
Exploits0References1
CVE
CVE
added yesterday11 views

CVE-2026-57715

CVE-2026-57715 affects the WordPress Fluent CRM plugin (Fluent CRM) up to version

7.1CVSS6.1AI score0.00251EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday9 views

CVE-2026-57715 WordPress Fluent CRM plugin <= 3.1.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPManageNinja Fluent CRM fluent-crm allows Reflected XSS.This issue affects Fluent CRM: from n/a through = 3.1.7...

7.1CVSS0.00251EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday9 views

CVE-2026-57421 WordPress CRM Perks Forms plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CRM Perks CRM Perks Forms crm-perks-forms allows Reflected XSS.This issue affects CRM Perks Forms: from n/a through = 1.1.7...

7.1CVSS0.00251EPSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-57421

CRM Perks Forms WordPress plugin (versions

7.1CVSS6.1AI score0.00251EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday14 views

CRM Perks Forms <= 1.1.4 - SQL Injection

CRM Perks CRM Perks Forms affected versions 1.1.4 and earlier contains a SQL injection caused by improper neutralization of special elements used in an SQL command, letting attackers execute arbitrary SQL commands, exploit requires user interaction. id: CVE-2024-30498 info: name: CRM Perks Forms ...

10CVSS7.2AI score0.02267EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday58 views

Vtiger CRM v7.2.0 - Directory Listing

Vtiger CRM v7.2.0 contains a directory traversal vulnerability caused by improper access controls in /libraries and /layout directories, letting attackers display hidden files and list directories, exploit requires no authentication. id: CVE-2020-19363 info: name: Vtiger CRM v7.2.0 - Directory...

6.5CVSS6.6AI score0.03613EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday60 views

CRM Perks Forms < 1.1.1 - Cross Site Scripting

The plugin does not sanitise and escape some parameters from a sample file before outputting them back in the page, leading to Reflected Cross-Site Scripting id: CVE-2022-38467 info: name: CRM Perks Forms 1.1.1 - Cross Site Scripting author: r3Y3r53 severity: medium description: | The plugin does...

6.1CVSS6.4AI score0.0081EPSS
Exploits0References5
NVD
NVD
added 3 days ago9 views

CVE-2025-5017

The Catalyst Connect Zoho CRM Client Portal plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uid’ parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

4.9CVSS0.00258EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago8 views

EUVD-2025-210456

The Catalyst Connect Zoho CRM Client Portal plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uid’ parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

4.9CVSS6.1AI score0.00258EPSS
Exploits0References3
CVE
CVE
added 3 days ago16 views

CVE-2025-5017

Summary: The Catalyst Connect Zoho CRM Client Portal WordPress plugin (≤ 2.2.0) is vulnerable to time-based SQL Injection via the uid parameter. The root cause is insufficient escaping of user input and lack of proper query parameterization, enabling authenticated attackers with Administrator-lev...

4.9CVSS6.1AI score0.00258EPSS
Exploits0References3
CVE
CVE
added 4 days ago6 views

CVE-2026-61460

Krayin CRM up to version 2.2.3 is affected by an insecure direct object reference vulnerability in LeadController, PersonController, OrganizationController, QuoteController, and ActivityController. The root cause is missing record-level ownership validation in edit, update, and destroy methods, e...

8.8CVSS6.1AI score0.0028EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-61460 Krayin CRM Insecure Direct Object Reference via Controllers

Krayin CRM through 2.2.3 contains an insecure direct object reference vulnerability in LeadController, PersonController, OrganizationController, QuoteController, and ActivityController that allows authenticated users to edit, update, or delete records owned by other users. Attackers can modify CR...

8.8CVSS0.0028EPSS
Exploits0References3
Patchstack
Patchstack
added 5 days ago5 views

WordPress Fluent CRM plugin <= 3.1.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin Fluent CRM versions = 3.1.7...

7.1CVSS6.1AI score0.00251EPSS
Exploits0Affected Software1
NVD
NVD
added last week10 views

CVE-2026-23698

Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents...

8.6CVSS0.00867EPSS
Exploits2References3
NVD
NVD
added last week9 views

CVE-2026-23697

Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module, bypassing the extension denylist in config.inc.php which omits the...

8.8CVSS0.00758EPSS
Exploits2References3
Cvelist
Cvelist
added last week34 views

CVE-2026-23697 Vtiger CRM < 8.4.0 Authenticated File Upload RCE via Documents Module

Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module, bypassing the extension denylist in config.inc.php which omits the...

8.8CVSS0.00758EPSS
Exploits2References3
Rows per page
Query Builder