CVE-2026-37711

An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-al...

CVE-2019-25452

Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted POST requests with malicious SQL payloads in the elemid parameter to extrac...

CVE-2019-25452

Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted POST requests with malicious SQL payloads in the elemid parameter to extrac...

CVE-2025-69634

Cross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0.9 allows a remote attacker to escalate privileges via the notes field in perms.php NOTE: this is disputed by a third party who indicates that exploitation can only occur if an unprivileged user knows the token of an admin user...

EUVD-2020-30964

Dolibarr 11.0.3 contains a persistent cross-site scripting vulnerability in LDAP synchronization settings that allows attackers to inject malicious scripts through multiple parameters. Attackers can exploit the host, slave, and port parameters in /dolibarr/admin/ldap.php to execute arbitrary...

PT-2026-3153

Name of the Vulnerable Software and Affected Versions Dolibarr ERP-CRM version 14.0.2 Description Dolibarr ERP-CRM version 14.0.2 has a stored cross-site scripting issue in the ticket creation module. Low-privilege users can inject malicious scripts. An attacker can create a specially designed...

Linux Distros Unpatched Vulnerability : CVE-2025-56588

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dolibarr ERP & CRM v21.0.1 were discovered to contain a remote code execution RCE vulnerability in the User module configuration via the computed field paramete...

EUVD-2022-3317

Malicious code in bioql PyPI...

EUVD-2022-4485

Malicious code in bioql PyPI...

EUVD-2022-4924

Malicious code in bioql PyPI...

EUVD-2022-3760

Malicious code in bioql PyPI...

CVE-2025-56588

Dolibarr ERP & CRM v21.0.1 were discovered to contain a remote code execution RCE vulnerability in the User module configuration via the computed field parameter...

Linux Distros Unpatched Vulnerability : CVE-2022-0819

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1. CVE-2022-0819 Note that Nessus relies on the presence of the package as reported by the...

Linux Distros Unpatched Vulnerability : CVE-2017-14242

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the statut parameter...

Linux Distros Unpatched Vulnerability : CVE-2023-5323

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site Scripting XSS - Generic in GitHub repository dolibarr/dolibarr prior to 18.0. CVE-2023-5323 Note that Nessus relies on the presence of the package as...

Linux Distros Unpatched Vulnerability : CVE-2019-1010054

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dolibarr 7.0.0 is affected by: Cross Site Request Forgery CSRF. The impact is: allow malitious html to change user password, disable users and disable password...

Linux Distros Unpatched Vulnerability : CVE-2017-1000509

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dolibarr version 6.0.2 contains a Cross Site Scripting XSS vulnerability in Product details that can result in execution of javascript code. CVE-2017-1000509 No...

Linux Distros Unpatched Vulnerability : CVE-2019-16687

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section to card.php. A user with the Create/modify other users, groups and permissions privilege...

Linux Distros Unpatched Vulnerability : CVE-2024-5315

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially...

CVE-2020-14443

A SQL injection vulnerability in accountancy/customer/card.php in Dolibarr 11.0.3 allows remote authenticated users to execute arbitrary SQL commands via the id parameter...