901 matches found
CVE-2026-0513
CVE-2026-0513 describes an Open Redirect vulnerability in SAP Supplier Relationship Management (SICF Handler in SRM Catalog). An unauthenticated attacker can craft a malicious URL that, when visited by a victim, redirects to an attacker-controlled site. Impact is described as low for integrity; c...
PT-2026-2344
Name of the Vulnerable Software and Affected Versions SAP Supplier Relationship Management affected versions not specified Description An unauthenticated attacker could exploit an Open Redirect in the SICF Handler within the SRM Catalog component of SAP Supplier Relationship Management. This allo...
SAP Supplier Relationship Management 输入验证错误漏洞
SAP Supplier Relationship Management SRM is a supplier relationship management solution from SAP. The product automates purchasing and acquisition processes within an organization and between suppliers, and provides functionality such as invoicing. An input validation error vulnerability exists i...
CVE-2014-4161
Cross-site scripting XSS vulnerability in la/umTestSSO.jsp in SAP Supplier Relationship Management SRM allows remote attackers to inject arbitrary web script or HTML via the url parameter...
CVE-1999-0539
A trust relationship exists between two Unix hosts...
CVE-1999-0583
There is a one-way or two-way trust relationship between Windows NT domains...
CVE-2025-15442
CVE-2025-15442 affects CRMEB up to version 5.6.1. The vulnerability resides in the code path handling the file /adminapi/export/product_list, where manipulation of the argument cate_id leads to a SQL injection. A remote attacker could exploit this (no user interaction required). Public exploit gu...
WordPress CRM Memberships plugin <= 2.5 - Missing Authorization to Privilege Escalation via Unauthenticated Password Reset in 'ntzcrm_changepassword' AJAX Endpoint vulnerability
Missing Authorization to Privilege Escalation via Unauthenticated Password Reset in 'ntzcrmchangepassword' AJAX Endpoint vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin CRM Memberships versions = 2.5...
Small-Customer-Relationship-Management-CRM-in-PHP
No d...
CVE-2025-60090
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Insightly gf-insightly allows Object Injection.This issue affects WP Gravity Forms Insightly: from n/a through = 1.1.6...
CVE-2025-60089
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms FreshDesk Plugin gf-freshdesk allows Object Injection.This issue affects WP Gravity Forms FreshDesk Plugin: from n/a through = 1.3.5...
CVE-2025-60091 WordPress WP Gravity Forms Zoho CRM and Bigin plugin <= 1.2.9 - Deserialization of untrusted data vulnerability
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Zoho CRM and Bigin gf-zoho allows Object Injection.This issue affects WP Gravity Forms Zoho CRM and Bigin: from n/a through = 1.2.9...
EUVD-2025-202136
Missing Authorization vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms cf7-salesforce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integration for Salesforce and Contact Form 7,...
PT-2025-49402
Name of the Vulnerable Software and Affected Versions Chanjet CRM versions prior to 20251122 Description A SQL injection issue exists in Chanjet CRM. The issue is related to the manipulation of the gblOrgID parameter within the /tools/jxf dump table demo.php file. This manipulation affects an...
Chanjet CRM SQL注入漏洞
Chanjet CRM is a customer relationship management system from China's Chanjet. A SQL injection vulnerability exists in Chanjet CRM 20251121 and earlier versions, which stems from incorrect manipulation of the parameter gblOrgID in the file /tools/jxfdumptabledemo.php, which could lead to SQL...
CVE-2025-13313
The CRM Memberships plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 2.6. This is due to missing authorization and authentication checks on the ntzcrmchangepassword AJAX action. This makes it possible for unauthenticated attackers...
Sprocket Security Earns Repeat Recognition in G2’s Winter 2025 Relationship Index for Penetration Testing
Madison, United States, 5th December 2025, CyberNewsWire...
CVE-2025-13312
The CRM Memberships plugin for WordPress is vulnerable to unauthorized membership tag creation due to a missing capability check on the 'ntzcrmaddnewtag' function in all versions up to, and including, 2.5. This makes it possible for unauthenticated attackers to create arbitrary membership tags an...
CVE-2025-13312
CVE-2025-13312 – CRM Memberships (WordPress) Affected: CRM Memberships plugin for WordPress (all versions up to and including 2.5).Root cause: Missing capability check in the ntzcrm_add_new_tag AJAX path, enabling unauthenticated users to create arbitrary membership tags and alter CRM configurati...
EUVD-2024-55089
PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via id and adminremark parameters in quote-details.php...