EUVD-2017-6750

Malware in sbrugna...

EUVD-2022-2079

Malicious code in bioql PyPI...

CVE-2025-5152 Chanjet CRM newActivityedit.php sql injection

A vulnerability classified as critical was found in Chanjet CRM up to 20250510. This vulnerability affects unknown code of the file /activity/newActivityedit.php?DontCheckLogin=1&id=null&ret=mod1. The manipulation of the argument gblOrgID leads to sql injection. The attack can be initiated...

CVE-2025-1360

Summary: CVE-2025-1360 affects Internet Web Solutions Sublime CRM up to version 20250207. The vulnerability exists in the HTTP POST Request Handler, specifically an unknown function in the file /crm/inicio.php, where manipulation of the msg_to parameter leads to cross-site scripting. It can be ex...

CVE-2021-33853

A Cross-Site Scripting XSS attack can cause arbitrary code javascript to run in a user’s browser while the browser is connected to a trusted website. As the vehicle for the attack, the application targets the users and not the application itself. Additionally, the XSS payload is executed when the...

OroCRM - Stored XSS Vulnerability

Exploit for php platform in category web applications Affected software: OroCRM is an easy-to-use, open source CRM with built in marketing automation tools for your commerce business. It's the CRM built for both sales and marketing! Discovered by: Provensec Website: http://www.provensec.com Autho...

CVE-2013-7224

Fat Free CRM before 0.12.1 does not restrict JSON serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.json...