CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

54 matches found

EUVD•added 2026/05/19 6:14 p.m.•11 views

EUVD-2026-30967

EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below allow authenticated users to upload SVG attachments through normal attachment-capable fields and later serve those SVG files as top-level inline documents through both the attachment and image entry...

6.8CVSS5.8AI score0.00211EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:56 a.m.•8 views

CVE-2022-38845

Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user. Any authenticated user importing the crafted CSV file may end up running the malicious...

6.1CVSS6.3AI score0.00619EPSS

Exploits1References1

EUVD•added 2025/10/14 2:38 p.m.•2 views

EUVD-2025-34207

EspoCRM is an open source customer relationship management application. In versions before 9.1.9, a vulnerability allows arbitrary user creation, including administrative accounts, through a combination of stored SVG injection and lack of CSRF protection. An attacker with Knowledge Base edit...

5.4CVSS6.3AI score0.0013EPSS

Exploits1References1

Positive Technologies•added 2025/10/14 12:0 a.m.•3 views

PT-2025-41935

Name of the Vulnerable Software and Affected Versions EspoCRM versions prior to 9.1.9 Description EspoCRM is a customer relationship management application. A flaw allows the creation of arbitrary user accounts, including those with administrative privileges. This is achieved through a combinatio...

5.4CVSS6.5AI score0.0013EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2019-5566

Malware in sbrugna...

6.1CVSS6.3AI score0.00865EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2019-5708

Malware in sbrugna...

5.4CVSS5.5AI score0.0108EPSS

Exploits1References5