Lucene search
K

7246 matches found

Nuclei
Nuclei
added yesterday27 views

CRM Perks Forms < 1.1.1 - Cross Site Scripting

The plugin does not sanitise and escape some parameters from a sample file before outputting them back in the page, leading to Reflected Cross-Site Scripting id: CVE-2022-38467 info: name: CRM Perks Forms 1.1.1 - Cross Site Scripting author: r3Y3r53 severity: medium description: | The plugin does...

6.1CVSS6.4AI score0.0081EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday12 views

CRM Perks Forms <= 1.1.4 - SQL Injection

CRM Perks CRM Perks Forms affected versions 1.1.4 and earlier contains a SQL injection caused by improper neutralization of special elements used in an SQL command, letting attackers execute arbitrary SQL commands, exploit requires user interaction. id: CVE-2024-30498 info: name: CRM Perks Forms ...

10CVSS7.6AI score0.02267EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday21 views

Vtiger CRM v7.2.0 - Directory Listing

Vtiger CRM v7.2.0 contains a directory traversal vulnerability caused by improper access controls in /libraries and /layout directories, letting attackers display hidden files and list directories, exploit requires no authentication. id: CVE-2020-19363 info: name: Vtiger CRM v7.2.0 - Directory...

6.5CVSS6.6AI score0.03643EPSS
Exploits1References2
Patchstack
Patchstack
added 2 days ago5 views

WordPress Groundhogg — CRM, Newsletters, and Marketing Automation plugin <= 4.5.8 - Authenticated (Custom+) SQL Injection vulnerability

Authenticated Custom+ SQL Injection vulnerability discovered by PRISM in WordPress Plugin Groundhogg versions = 4.5.8...

6.5CVSS5.8AI score0.00441EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2 days ago4 views

CVE-2026-51947

An issue in Pivotal CRM 6.6.4.08 and systems using patch-ghi-15381-cwe-502-20251225.zip fixed in Pivotal CRM 6.6.5.10 and PatchCWE50220260316.zip allows a remote attacker to execute arbitrary code via the Pivotal.Engine.Client.Services.Conversion.dll component. NOTE: this issue exists because of ...

9.8CVSS0.00573EPSS
Exploits0References3
CVE
CVE
added 2 days ago6 views

CVE-2026-51947

CVE-2026-51947 affects Pivotal CRM 6.6.4.08 and systems applying patch-ghi-15381-cwe-502-20251225.zip. The vulnerability arises from an incomplete fix for CVE-2026-39253 in the Pivotal.Engine.Client.Services.Conversion.dll, enabling remote code execution via network access. The issue is fixed in ...

9.8CVSS6.2AI score0.00573EPSS
Exploits0References3
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-51947

An issue in Pivotal CRM 6.6.4.08 and systems using patch-ghi-15381-cwe-502-20251225.zip fixed in Pivotal CRM 6.6.5.10 and PatchCWE50220260316.zip allows a remote attacker to execute arbitrary code via the Pivotal.Engine.Client.Services.Conversion.dll component. NOTE: this issue exists because of ...

0.00573EPSS
Exploits0References3
NVD
NVD
added 4 days ago8 views

CVE-2026-57949

ruoyi-vue-pro through 2026.05, fixed in commit c779a47, contains a missing authorization vulnerability in the CRM module's GET /admin-api/crm/follow-up-record/get endpoint that allows authenticated users to read any follow-up record by iterating sequential numeric IDs. Attackers can exploit this ...

7.1CVSS0.00231EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-40166

ruoyi-vue-pro through 2026.05, fixed in commit c779a47, contains a missing authorization vulnerability in the CRM module's GET /admin-api/crm/follow-up-record/get endpoint that allows authenticated users to read any follow-up record by iterating sequential numeric IDs. Attackers can exploit this ...

7.1CVSS5.9AI score0.00231EPSS
Exploits0References3
CVE
CVE
added 4 days ago7 views

CVE-2026-57949

ruoyi-vue-pro (through 2026.05) contains a missing authorization vulnerability in the CRM module’s GET /admin-api/crm/follow-up-record/get endpoint. The issue allows an authenticated user to read any follow-up record by iterating sequential numeric IDs, exfiltrating follow-up notes, file attachme...

7.1CVSS5.9AI score0.00231EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-57949 ruoyi-vue-pro - Missing Authorization in CRM Follow-up Record GET Endpoint

ruoyi-vue-pro through 2026.05, fixed in commit c779a47, contains a missing authorization vulnerability in the CRM module's GET /admin-api/crm/follow-up-record/get endpoint that allows authenticated users to read any follow-up record by iterating sequential numeric IDs. Attackers can exploit this ...

7.1CVSS0.00231EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.9 views

Oracle Siebel Server <= 26.5 (June 2026 CSPU)

The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in the June 2026 CSPU advisory. - Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel CRM component: Marketing. Supported versions that are affected are 17.0-26....

9.8CVSS5.9AI score0.00483EPSS
Exploits0References14
NVD
NVD
added 2026/06/23 8:16 p.m.12 views

CVE-2026-39253

An issue in Pivotal CRM v.6.6.04.08 allows a remote attacker to execute arbitrary code via the Pivotal.Core.Common.dll and Pivotal.Engine.Client.Services.Conversion.dll components...

8.1CVSS0.00805EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/23 12:0 a.m.4 views

CVE-2026-39253

An issue in Pivotal CRM v.6.6.04.08 allows a remote attacker to execute arbitrary code via the Pivotal.Core.Common.dll and Pivotal.Engine.Client.Services.Conversion.dll components...

8.1CVSS6.3AI score0.00805EPSS
Exploits0References3
CVE
CVE
added 2026/06/23 12:0 a.m.5 views

CVE-2026-39253

CVE-2026-39253 affects Pivotal CRM v6.6.04.08. The vulnerability enables a remote attacker to execute arbitrary code via the components Pivotal.Core.Common.dll and Pivotal.Engine.Client.Services.Conversion.dll , caused by insecure deserialization (CWE-502). The CVSSv3.1 base score is 8.1 (HIGH) w...

8.1CVSS6.3AI score0.00805EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.7 views

PT-2026-51582

Name of the Vulnerable Software and Affected Versions Pivotal CRM version 6.6.04.08 Description A remote attacker can execute arbitrary code through the Pivotal.Core.Common.dll and Pivotal.Engine.Client.Services.Conversion.dll components. Recommendations At the moment, there is no information abo...

8.1CVSS6.2AI score0.00805EPSS
Exploits0References6
NVD
NVD
added 2026/06/17 10:54 a.m.10 views

CVE-2026-46925

Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM component: Siebel Cloud Manager. Supported versions that are affected are 17.0-26.5. Difficult to exploit vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the...

8.3CVSS0.00265EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:54 a.m.7 views

CVE-2026-46926

Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM component: Siebel Cloud Manager. Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Siebel CRM Cloud Applications...

8.8CVSS0.0012EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:54 a.m.7 views

CVE-2026-46919

Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM component: Siebel Cloud Manager. Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Cloud...

9.8CVSS0.00362EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:54 a.m.7 views

CVE-2026-46921

Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM component: Siebel Cloud Manager. Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel CRM Cloud...

8.8CVSS0.00403EPSS
Exploits0References1
Rows per page
Query Builder