Lucene search
K

103 matches found

Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.4 views

PT-2025-50009

Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through = 3.4.5...

7AI score0.00222EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/12/08 3:46 a.m.7 views

WordPress WP-CRM System plugin <= 3.4.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin WP-CRM System versions = 3.4.6...

5.3CVSS5.3AI score0.00222EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-17281

Malicious code in bioql PyPI...

5.3CVSS5.7AI score0.00273EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-13755

Malicious code in bioql PyPI...

7.2CVSS7.7AI score0.00467EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2024-52891

Malicious code in bioql PyPI...

6.5CVSS8.8AI score0.00334EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-28355

Malicious code in bioql PyPI...

5.9CVSS8.6AI score0.00359EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/16 4:32 a.m.19 views

CVE-2025-10389

A security flaw has been discovered in CRMEB up to 5.6.1. Impacted is the function Save of the file app/services/system/admin/SystemAdminServices.php of the component Administrator Password Handler. Performing manipulation of the argument ID results in improper authorization. The attack may be...

5.5CVSS6.6AI score0.00357EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/14 12:0 a.m.4 views

CRMEB 授权问题漏洞

CRMEB is a Java mall system of CRMEB open source. An authorization issue vulnerability exists in CRMEB 5.6.1 and earlier versions, which stems from improper manipulation of the parameter ID of the function editAddress in the file app/services/user/UserAddressServices.php, which could lead to...

8.8CVSS5.3AI score0.00337EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/06/08 1:19 p.m.8 views

CVE-2025-49270

Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP-CRM System: from n/a through = 3.4.2...

5.3CVSS5.9AI score0.00273EPSS
Exploits0References1
NVD
NVD
added 2025/06/06 1:15 p.m.4 views

CVE-2025-49270

Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP-CRM System: from n/a through = 3.4.2...

5.3CVSS0.00273EPSS
Exploits0References1
CVE
CVE
added 2025/06/06 12:53 p.m.38 views

CVE-2025-49270

CVE-2025-49270 is a Missing Authorization vulnerability in WP-CRM System (affected: up to 3.4.2) where ACL checks fail to constrain access to certain functionality. Red Hat lists it as Missing Authorization; Wordfence notes the CVE in WP-CRM System and marks it as patched in a newer release. Publ...

5.3CVSS5.9AI score0.00273EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/06 12:53 p.m.14 views

CVE-2025-49270 WordPress WP-CRM System plugin <= 3.4.2 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP-CRM System: from n/a through = 3.4.2...

5.3CVSS0.00273EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/06 12:0 a.m.2 views

WordPress plugin WP-CRM System 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

5.3CVSS5.4AI score0.00273EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/06 12:0 a.m.4 views

PT-2025-24215 · Mario Peshev · Wp-Crm System

Name of the Vulnerable Software and Affected Versions: Mario Peshev WP-CRM System versions 3.4.2 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by Access Control Lists ACLs. This means that...

5.3CVSS5AI score0.00273EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 10:5 a.m.9 views

CVE-2024-30434

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP-CRM System allows Stored XSS.This issue affects WP-CRM System: from n/a through 3.2.9...

5.9CVSS8.6AI score0.00359EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:41 a.m.19 views

CVE-2024-55991

Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through = 3.2.9.1...

6.5CVSS7.2AI score0.00334EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/09 3:24 p.m.10 views

CVE-2025-47629

Deserialization of Untrusted Data vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Object Injection.This issue affects WP-CRM System: from n/a through = 3.4.5...

7.2CVSS7.2AI score0.00467EPSS
Exploits0References1
NVD
NVD
added 2025/05/07 3:16 p.m.23 views

CVE-2025-47629

Deserialization of Untrusted Data vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Object Injection.This issue affects WP-CRM System: from n/a through = 3.4.5...

7.2CVSS0.00467EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/07 2:20 p.m.25 views

CVE-2025-47629 WordPress WP-CRM System plugin <= 3.4.5 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Object Injection.This issue affects WP-CRM System: from n/a through = 3.4.5...

7.2CVSS0.00467EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/07 2:20 p.m.8 views

CVE-2025-47629 WordPress WP-CRM System <= 3.4.1 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in Mario Peshev WP-CRM System allows Object Injection. This issue affects WP-CRM System: from n/a through 3.4.1...

7.2CVSS7AI score0.00467EPSS
Exploits0References1
Rows per page
Query Builder