Lucene search
K

3327 matches found

CNNVD
CNNVD
added 2026/01/17 12:0 a.m.5 views

WordPress plugin: Integrating Dynamics 365 CRM – Cross-site Script Vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

4.4CVSS5.7AI score0.00207EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/17 12:0 a.m.7 views

PT-2026-3358

The Integrate Dynamics 365 CRM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

4.4CVSS5AI score0.00207EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/01/16 11:53 p.m.7 views

WordPress Integrate Dynamics 365 CRM plugin <= 1.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Field Mapping Configuration vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Field Mapping Configuration vulnerability discovered by Teerachai Somprasong in WordPress Plugin Integrate Dynamics 365 CRM versions = 1.1.1...

4.4CVSS5.8AI score0.00207EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.5 views

Microsoft Dynamics 安全漏洞

Microsoft Dynamics is a suite of ERP business solutions for multinational organizations from Microsoft USA. The product includes financial management, production management and business intelligence management. A security vulnerability exists in Microsoft Dynamics. An attacker exploiting this...

4.4CVSS5.8AI score0.00399EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:52 a.m.7 views

CVE-2022-42733

A vulnerability has been identified in syngo Dynamics All versions VA40G HF01. syngo Dynamics application server hosts a web service using an operation with improper read access control that could allow files to be retrieved from any folder accessible to the account assigned to the website’s...

7.5CVSS6.6AI score0.00624EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:51 a.m.17 views

CVE-2022-42894

A vulnerability has been identified in syngo Dynamics All versions VA40G HF01. An unauthenticated Server-Side Request Forgery SSRF vulnerability was identified in one of the web services exposed on the syngo Dynamics application that could allow for the leaking of NTLM credentials as well as loca...

7.5CVSS6.8AI score0.00577EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:51 a.m.8 views

CVE-2022-42891

A vulnerability has been identified in syngo Dynamics All versions VA40G HF01. syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow to write data in any folder accessible to the account assigned to the website’s application...

7.5CVSS6.7AI score0.00548EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:51 a.m.18 views

CVE-2022-42734

A vulnerability has been identified in syngo Dynamics All versions VA40G HF01. syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow to write data in any folder accessible to the account assigned to the website’s application...

7.5CVSS6.8AI score0.00548EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:30 a.m.7 views

CVE-2023-29422

Missing Authorization vulnerability in AlexaCRM Dynamics 365 Integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamics 365 Integration: from n/a through 1.3.13...

4.3CVSS8.5AI score0.00371EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:6 a.m.5 views

CVE-2024-34550

Insertion of Sensitive Information into Log File vulnerability in AlexaCRM Dynamics 365 Integration.This issue affects Dynamics 365 Integration: from n/a through 1.3.17...

5.3CVSS5.2AI score0.00584EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/06 12:0 a.m.3 views

All-Dynamics enlogic:show 安全漏洞

All-Dynamics enlogic:show is a digital signage management system from All-Dynamics, Germany. A security vulnerability exists in All-Dynamics enlogic:show version 2.0.2, which stems from the presence of a session fixation vulnerability that could lead to bypassing authentication and performing...

8.5CVSS6.8AI score0.00318EPSS
Exploits1References6
EUVD
EUVD
added 2025/12/10 9:31 p.m.5 views

EUVD-2020-30832

All-Dynamics Digital Signage System 2.0.2 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft a malicious web page that automatically submits forms to create a new user with global...

8.6CVSS6.3AI score0.00233EPSS
Exploits1References5
NVD
NVD
added 2025/12/10 9:16 p.m.22 views

CVE-2020-36900

All-Dynamics Digital Signage System 2.0.2 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft a malicious web page that automatically submits forms to create a new user with global...

8.8CVSS0.00233EPSS
Exploits1References4
CVE
CVE
added 2025/12/10 9:4 p.m.17 views

CVE-2020-36900

All-Dynamics Digital Signage System 2.0.2 is affected by a cross-site request forgery that allows creation of administrative users via an attacker-crafted page. The root cause is insufficient request validation in the user-management flow, enabling an authenticated user to be coerced into submitt...

8.8CVSS6.4AI score0.00233EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.6 views

All-Dynamics Digital Signage System 跨站请求伪造漏洞

All-Dynamics Digital Signage System is a fully dynamic digital signage system from All-Dynamics, Germany. A cross-site request forgery vulnerability exists in All-Dynamics Digital Signage System version 2.0.2, which stems from a lack of request validation and could lead to a cross-site request...

8.8CVSS6.7AI score0.00233EPSS
Exploits1References4
CVE
CVE
added 2025/11/20 10:18 p.m.26 views

CVE-2025-64655

CVE-2025-64655 : Multiple sources corroborate an improper authorization vulnerability in the Dynamics OmniChannel SDK Storage Containers that could allow network-based privilege elevation. Affected product is the Dynamics OmniChannel SDK Storage Containers; root cause is improper authorization le...

9.8CVSS6.4AI score0.00424EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/11/20 10:18 p.m.29 views

CVE-2025-64655 Dynamics OmniChannel SDK Storage Containers Elevation of Privilege Vulnerability

...

8.8CVSS0.00424EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/20 10:18 p.m.8 views

CVE-2025-64655 Dynamics OmniChannel SDK Storage Containers Elevation of Privilege Vulnerability

...

8.8CVSS6.6AI score0.00424EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/11/20 10:18 p.m.2 views

CVE-2025-64655

Improper authorization in Dynamics OmniChannel SDK Storage Containers allows an unauthorized attacker to elevate privileges over a network...

9.8CVSS5.5AI score0.00424EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2025/11/20 8:0 a.m.16 views

Dynamics OmniChannel SDK Storage Containers Elevation of Privilege Vulnerability

Improper authorization in Dynamics OmniChannel SDK Storage Containers allows an unauthorized attacker to elevate privileges over a network...

9.8CVSS6.9AI score0.00424EPSS
Exploits0
Rows per page
Query Builder