Lucene search
K

377 matches found

CVE
CVE
added 2026/04/13 8:32 p.m.12 views

CVE-2026-33659

EspoCRM 9.3.3 and earlier are affected by SSRF via POST /api/v1/Attachment/fromImageUrl (and fromImageUrl) due to a DNS rebinding (TOCTOU) flaw. Host validation uses dns_get_record(), but the actual HTTP request resolves with curl’s internal resolver (gethostbyname()), allowing mismatched IP look...

3.5CVSS6.4AI score0.00333EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/04/13 8:32 p.m.19 views

CVE-2026-33659 EspoCRM: SSRF via DNS Rebinding in Attachment fromImageUrl Endpoint Allows Internal Network Access

EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Attachment/fromImageUrl endpoint is vulnerable to Server-Side Request Forgery SSRF via a DNS rebinding TOCTOU condition. Host validation uses dnsgetrecord but the actual HTTP...

3.5CVSS0.00333EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/13 8:32 p.m.1 views

EUVD-2026-22083

EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Attachment/fromImageUrl endpoint is vulnerable to Server-Side Request Forgery SSRF via a DNS rebinding TOCTOU condition. Host validation uses dnsgetrecord but the actual HTTP...

3.5CVSS6.4AI score0.00333EPSS
Exploits1References3
NVD
NVD
added 2026/04/13 8:16 p.m.3 views

CVE-2026-33657

EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have a stored HTML injection vulnerability that allows any authenticated user with standard non-administrative privileges to inject arbitrary HTML into system-generated email notifications by crafting...

5.4CVSS0.00176EPSS
Exploits2References2
NVD
NVD
added 2026/04/13 8:16 p.m.7 views

CVE-2026-33534

EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have an authenticated Server-Side Request Forgery SSRF vulnerability that allows bypassing the internal-host validation logic by using alternative IPv4 representations such as octal notation e.g.,...

4.3CVSS0.01978EPSS
Exploits5References2
Cvelist
Cvelist
added 2026/04/13 7:41 p.m.16 views

CVE-2026-33657 EspoCRM: Stored HTML injection in email notifications about stream notes via unescaped post field

EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have a stored HTML injection vulnerability that allows any authenticated user with standard non-administrative privileges to inject arbitrary HTML into system-generated email notifications by crafting...

4.6CVSS0.00176EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/04/13 7:41 p.m.3 views

CVE-2026-33657

EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have a stored HTML injection vulnerability that allows any authenticated user with standard non-administrative privileges to inject arbitrary HTML into system-generated email notifications by crafting...

4.6CVSS5.8AI score0.00176EPSS
Exploits2References3Affected Software1
EUVD
EUVD
added 2026/04/13 7:41 p.m.4 views

EUVD-2026-22081

EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have a stored HTML injection vulnerability that allows any authenticated user with standard non-administrative privileges to inject arbitrary HTML into system-generated email notifications by crafting...

4.6CVSS5.8AI score0.00176EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/04/13 7:41 p.m.2 views

CVE-2026-33657 EspoCRM: Stored HTML injection in email notifications about stream notes via unescaped post field

EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have a stored HTML injection vulnerability that allows any authenticated user with standard non-administrative privileges to inject arbitrary HTML into system-generated email notifications by crafting...

4.6CVSS5.8AI score0.00176EPSS
Exploits2References2
CVE
CVE
added 2026/04/13 7:41 p.m.13 views

CVE-2026-33657

CVE-2026-33657 affects EspoCRM up to version 9.3.3, where an stored HTML injection vulnerability allows an authenticated user with standard privileges to inject HTML into system-generated email notifications. Root cause: server-side Handlebars templates render the unescaped post field (triple-bra...

5.4CVSS5.8AI score0.00176EPSS
Exploits2References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/13 7:20 p.m.1 views

CVE-2026-33534

EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have an authenticated Server-Side Request Forgery SSRF vulnerability that allows bypassing the internal-host validation logic by using alternative IPv4 representations such as octal notation e.g.,...

6.5CVSS5.8AI score0.01978EPSS
Exploits5References3Affected Software1
Cvelist
Cvelist
added 2026/04/13 7:20 p.m.23 views

CVE-2026-33534 EspoCRM has authenticated SSRF via internal-host validation bypass using alternative IPv4 notation

EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have an authenticated Server-Side Request Forgery SSRF vulnerability that allows bypassing the internal-host validation logic by using alternative IPv4 representations such as octal notation e.g.,...

4.3CVSS0.01978EPSS
Exploits5References2
Vulnrichment
Vulnrichment
added 2026/04/13 7:20 p.m.2 views

CVE-2026-33534 EspoCRM has authenticated SSRF via internal-host validation bypass using alternative IPv4 notation

EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have an authenticated Server-Side Request Forgery SSRF vulnerability that allows bypassing the internal-host validation logic by using alternative IPv4 representations such as octal notation e.g.,...

4.3CVSS6.5AI score0.01978EPSS
Exploits5References2
CVE
CVE
added 2026/04/13 7:20 p.m.21 views

CVE-2026-33534

EspoCRM

4.3CVSS5.8AI score0.01978EPSS
Exploits5References2Affected Software1
EUVD
EUVD
added 2026/04/13 7:20 p.m.8 views

EUVD-2026-22079

EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have an authenticated Server-Side Request Forgery SSRF vulnerability that allows bypassing the internal-host validation logic by using alternative IPv4 representations such as octal notation e.g.,...

6.5CVSS5.8AI score0.01978EPSS
Exploits5References2
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.11 views

EspoCRM 代码问题漏洞

EspoCRM is an open-source, web-based Customer Relationship Management system CRM developed by EspoCRM. This system offers features such as sales automation, community management, and customer support. Versions of EspoCRM 9.3.3 and earlier contained code vulnerabilities. These vulnerabilities...

4.3CVSS5.9AI score0.01978EPSS
Exploits5References4
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.4 views

PT-2026-32508

EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have an authenticated Server-Side Request Forgery SSRF vulnerability that allows bypassing the internal-host validation logic by using alternative IPv4 representations such as octal notation e.g.,...

6.5CVSS5.8AI score0.01978EPSS
Exploits5References4
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.4 views

EspoCRM 代码问题漏洞

EspoCRM is an open-source, web-based Customer Relationship Management system CRM developed by EspoCRM. This system offers features such as sales automation, community management, and customer support. Versions of EspoCRM 9.3.3 and earlier contained code vulnerabilities. These vulnerabilities...

3.5CVSS5.9AI score0.00333EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.4 views

PT-2026-32509

EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have a stored HTML injection vulnerability that allows any authenticated user with standard non-administrative privileges to inject arbitrary HTML into system-generated email notifications by crafting...

4.6CVSS5.8AI score0.00176EPSS
Exploits2References4
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.7 views

EspoCRM 安全漏洞

EspoCRM is an open-source, web-based Customer Relationship Management system CRM developed by EspoCRM. This system offers features such as sales automation, community management, and customer support. EspoCRM versions 9.3.3 and earlier contained security vulnerabilities. These vulnerabilities wer...

5.4CVSS5.8AI score0.00176EPSS
Exploits2References2
Rows per page
Query Builder