74 matches found
CVE-2026-57949 ruoyi-vue-pro - Missing Authorization in CRM Follow-up Record GET Endpoint
ruoyi-vue-pro through 2026.05, fixed in commit c779a47, contains a missing authorization vulnerability in the CRM module's GET /admin-api/crm/follow-up-record/get endpoint that allows authenticated users to read any follow-up record by iterating sequential numeric IDs. Attackers can exploit this ...
CVE-2026-46624 Twenty: SQL Injection via the timeZone field
Twenty is an open source CRM. From 1.7.7 through 1.16.7, a critical Remote Code Execution RCE vulnerability exists in Twenty CRM via a chained SQL Injection and PostgreSQL COPY TO PROGRAM attack. If Postgres user is a super user then any authenticated user can execute arbitrary OS commands on the...
CVE-2026-38526
Webkul Krayin CRM v2.2.x is affected by an authenticated arbitrary file upload vulnerability at the /admin/tinymce/upload endpoint, allowing upload of a crafted PHP file to execute code on the server. The issue, described across CVE/NVD/CVEList entries, requires authentication and yields likely r...
EUVD-2026-1933
Imaster's MEMS Events CRM contains an SQL injection vulnerability in‘keyword’ parameter in ‘/memsdemo/exchangeoffers.php’...
CVE-2021-33853
A Cross-Site Scripting XSS attack can cause arbitrary code javascript to run in a user’s browser while the browser is connected to a trusted website. As the vehicle for the attack, the application targets the users and not the application itself. Additionally, the XSS payload is executed when the...
CVE-2025-68928 Frappe CRM vulnerable to authenticated XSS via website field
Frappe CRM is an open-source customer relationship management tool. Prior to version 1.56.2, authenticated users could set crafted URLs in a website field, which were not sanitized, causing cross-site scripting. Version 1.56.2 fixes the issue. No known workarounds are available...
EUVD-2024-55088
PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via the frmid and aremark parameters in manage-tickets.php...
EUVD-2019-12128
Malware in sbrugna...
EUVD-2017-1962
Malware in sbrugna...
EUVD-2015-2679
Malware in sbrugna...
EUVD-2017-1832
Malware in sbrugna...
EUVD-2016-0548
Malware in sbrugna...
EUVD-2019-12416
Malware in sbrugna...
EUVD-2016-0550
Malware in sbrugna...
EUVD-2021-20527
Malware in sbrugna...
EUVD-2016-6540
Malware in sbrugna...
EUVD-2017-6752
Malware in sbrugna...
EUVD-2018-6316
Malware in sbrugna...
EUVD-2016-0561
Malware in sbrugna...
EUVD-2025-18423
Malicious code in bioql PyPI...