Lucene search
K

377 matches found

Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.8 views

PT-2026-44408

EspoCRM is an open source customer relationship management application. Prior to 9.3.5, a business logic flaw Broken Access Control in EspoCRM 9.3.3 allows low-privileged users to pin arbitrary notes without having the required edit permissions for the parent object. Due to a "write first,...

4.3CVSS6AI score0.00292EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.9 views

EspoCRM 安全漏洞

EspoCRM is an open-source, web-based Customer Relationship Management system CRM. This system offers features such as sales automation, community management, and customer support. Versions of EspoCRM prior to 9.3.5 contained security vulnerabilities. These vulnerabilities were caused by business...

4.3CVSS5.9AI score0.00292EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.10 views

PT-2026-44407

EspoCRM is an open source customer relationship management application. Prior to 9.3.5, the POST /api/v1/EmailTemplate/:id/prepare endpoint accepts an emailAddress parameter and resolves the owning entity Contact, Lead, Account, or User without performing an ACL check. An authenticated user with...

6.5CVSS5.8AI score0.00346EPSS
Exploits0References2
Exploit DB
Exploit DB
added 2026/05/27 12:0 a.m.63 views

EspoCRM 9.3.3 - SSRF

Exploit Title: EspoCRM 9.3.3 - Authenticated SSRF via Alternative IPv4 Notation Google Dork: N/A Date: 2026-05-08 Exploit Author: Max Gabriel https://github.com/EntroVyx Vendor Homepage: https://www.espocrm.com/ Software Link: https://github.com/espocrm/espocrm/releases/tag/9.3.3 Version: 9.3.3...

4.3CVSS5.8AI score0.01978EPSS
Exploits5
RedhatCVE
RedhatCVE
added 2026/05/20 7:57 p.m.9 views

CVE-2026-33741

EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below allow authenticated users to upload SVG attachments through normal attachment-capable fields and later serve those SVG files as top-level inline documents through both the attachment and image entry...

6.8CVSS5.8AI score0.00211EPSS
Exploits0References1
NVD
NVD
added 2026/05/19 7:16 p.m.10 views

CVE-2026-33741

EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below allow authenticated users to upload SVG attachments through normal attachment-capable fields and later serve those SVG files as top-level inline documents through both the attachment and image entry...

6.8CVSS0.00211EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 6:14 p.m.14 views

CVE-2026-33741

EspoCRM prior to version 9.3.4 is affected by a Stored XSS via SVG attachments loading same-origin JavaScript. Versions 9.3.3 and earlier allow authenticated users to upload SVG attachments (through normal attachment fields) and later serve those SVGs as top-level inline documents via attachment ...

6.8CVSS5.8AI score0.00211EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/19 6:14 p.m.13 views

CVE-2026-33741 EspoCRM: Stored XSS via SVG attachment loading same-origin JavaScript

EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below allow authenticated users to upload SVG attachments through normal attachment-capable fields and later serve those SVG files as top-level inline documents through both the attachment and image entry...

6.8CVSS5.8AI score0.00211EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/19 6:14 p.m.12 views

EUVD-2026-30967

EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below allow authenticated users to upload SVG attachments through normal attachment-capable fields and later serve those SVG files as top-level inline documents through both the attachment and image entry...

6.8CVSS5.8AI score0.00211EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/19 6:14 p.m.32 views

CVE-2026-33741 EspoCRM: Stored XSS via SVG attachment loading same-origin JavaScript

EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below allow authenticated users to upload SVG attachments through normal attachment-capable fields and later serve those SVG files as top-level inline documents through both the attachment and image entry...

6.8CVSS0.00211EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/19 6:14 p.m.6 views

CVE-2026-33741

EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below allow authenticated users to upload SVG attachments through normal attachment-capable fields and later serve those SVG files as top-level inline documents through both the attachment and image entry...

6.8CVSS5.8AI score0.00211EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.8 views

PT-2026-41993

EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below allow authenticated users to upload SVG attachments through normal attachment-capable fields and later serve those SVG files as top-level inline documents through both the attachment and image entry...

6.8CVSS5.8AI score0.00211EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

EspoCRM 跨站脚本漏洞

EspoCRM is an open-source, web-based Customer Relationship Management system CRM developed by EspoCRM. This system offers features such as sales automation, community management, and customer support. Versions of EspoCRM 9.3.3 and earlier contained a cross-site scripting vulnerability. This...

6.8CVSS5.7AI score0.00211EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/11 8:39 p.m.92 views

Exploit for Basic XSS in Espocrm

CVE-2026-33657 - EspoCRM 9.3.3 Stored HTML Injection in Email...

5.4CVSS5.9AI score0.00176EPSS
Exploits2
GithubExploit
GithubExploit
added 2026/05/08 5:22 p.m.107 views

Exploit for Server-Side Request Forgery in Espocrm

CVE-2026-33534 - EspoCRM 9.3.3 Authenticated SSRF Authenticat...

4.3CVSS5.8AI score0.01978EPSS
Exploits5
Packet Storm News
Packet Storm News
added 2026/04/23 12:0 a.m.6 views

EspoCRM 9.3.3 API Security Audit Tool

This Python script is a lightweight, non-invasive security audit tool designed to test the API surface of EspoCRM version 9.3.3...

5.8AI score
Exploits0
NVD
NVD
added 2026/04/22 9:17 p.m.6 views

CVE-2026-33656

EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, EspoCRM's built-in formula scripting engine allowing updating attachment's sourceId thus allowing an authenticated admin to overwrite the sourceId field on Attachment entities. Because sourceId is...

9.1CVSS0.005EPSS
Exploits3References1
NVD
NVD
added 2026/04/22 9:17 p.m.6 views

CVE-2026-33733

EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, the admin template management endpoints accept attacker-controlled name and scope values and pass them into template path construction without normalization or traversal filtering. As a result, an...

7.2CVSS0.00448EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/22 8:5 p.m.5 views

CVE-2026-33733 EspoCRM has Admin TemplateManager path traversal that allows arbitrary file read write and delete

EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, the admin template management endpoints accept attacker-controlled name and scope values and pass them into template path construction without normalization or traversal filtering. As a result, an...

7.2CVSS5.8AI score0.00448EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/22 8:5 p.m.28 views

CVE-2026-33733 EspoCRM has Admin TemplateManager path traversal that allows arbitrary file read write and delete

EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, the admin template management endpoints accept attacker-controlled name and scope values and pass them into template path construction without normalization or traversal filtering. As a result, an...

7.2CVSS0.00448EPSS
Exploits1References1
Rows per page
Query Builder