Lucene search
+L

901 matches found

cve
cve
added 2026/01/13 1:15 a.m.26 views

CVE-2026-0513

CVE-2026-0513 describes an Open Redirect vulnerability in SAP Supplier Relationship Management (SICF Handler in SRM Catalog). An unauthenticated attacker can craft a malicious URL that, when visited by a victim, redirects to an attacker-controlled site. Impact is described as low for integrity; c...

4.7CVSS6.4AI score0.00171EPSS
Exploits0References2Affected Software1
ptsecurity
ptsecurity
added 2026/01/13 12:0 a.m.11 views

PT-2026-2344

Name of the Vulnerable Software and Affected Versions SAP Supplier Relationship Management affected versions not specified Description An unauthenticated attacker could exploit an Open Redirect in the SICF Handler within the SRM Catalog component of SAP Supplier Relationship Management. This allo...

4.7CVSS6.2AI score0.00171EPSS
Exploits0References4
cnnvd
cnnvd
added 2026/01/13 12:0 a.m.3 views

SAP Supplier Relationship Management 输入验证错误漏洞

SAP Supplier Relationship Management SRM is a supplier relationship management solution from SAP. The product automates purchasing and acquisition processes within an organization and between suppliers, and provides functionality such as invoicing. An input validation error vulnerability exists i...

4.7CVSS5.7AI score0.00171EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/01/09 12:52 p.m.9 views

CVE-2014-4161

Cross-site scripting XSS vulnerability in la/umTestSSO.jsp in SAP Supplier Relationship Management SRM allows remote attackers to inject arbitrary web script or HTML via the url parameter...

4.3CVSS5.9AI score0.01161EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/07 9:42 a.m.7 views

CVE-1999-0539

A trust relationship exists between two Unix hosts...

10CVSS7AI score0.01855EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/07 9:38 a.m.5 views

CVE-1999-0583

There is a one-way or two-way trust relationship between Windows NT domains...

10CVSS7AI score0.01907EPSS
Exploits0References1
cve
cve
added 2026/01/04 11:2 a.m.21 views

CVE-2025-15442

CVE-2025-15442 affects CRMEB up to version 5.6.1. The vulnerability resides in the code path handling the file /adminapi/export/product_list, where manipulation of the argument cate_id leads to a SQL injection. A remote attacker could exploit this (no user interaction required). Public exploit gu...

7.2CVSS5.3AI score0.00329EPSS
Exploits1References5Affected Software1
patchstack
patchstack
added 2025/12/31 12:0 a.m.8 views

WordPress CRM Memberships plugin <= 2.5 - Missing Authorization to Privilege Escalation via Unauthenticated Password Reset in 'ntzcrm_changepassword' AJAX Endpoint vulnerability

Missing Authorization to Privilege Escalation via Unauthenticated Password Reset in 'ntzcrmchangepassword' AJAX Endpoint vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin CRM Memberships versions = 2.5...

9.8CVSS5.9AI score0.00495EPSS
Exploits0References1Affected Software1
githubexploit
githubexploit
added 2025/12/27 1:43 p.m.136 views

Small-Customer-Relationship-Management-CRM-in-PHP

No d...

7AI score
Exploits0
nvd
nvd
added 2025/12/18 8:16 a.m.6 views

CVE-2025-60090

Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Insightly gf-insightly allows Object Injection.This issue affects WP Gravity Forms Insightly: from n/a through = 1.1.6...

9.8CVSS0.00386EPSS
Exploits0References1
osv
osv
added 2025/12/18 8:16 a.m.6 views

CVE-2025-60089

Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms FreshDesk Plugin gf-freshdesk allows Object Injection.This issue affects WP Gravity Forms FreshDesk Plugin: from n/a through = 1.3.5...

9.8CVSS5.8AI score0.00386EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/12/18 7:22 a.m.4 views

CVE-2025-60091 WordPress WP Gravity Forms Zoho CRM and Bigin plugin <= 1.2.9 - Deserialization of untrusted data vulnerability

Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Zoho CRM and Bigin gf-zoho allows Object Injection.This issue affects WP Gravity Forms Zoho CRM and Bigin: from n/a through = 1.2.9...

9.8CVSS6.6AI score0.00386EPSS
Exploits0References1
euvd
euvd
added 2025/12/09 6:30 p.m.7 views

EUVD-2025-202136

Missing Authorization vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms cf7-salesforce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integration for Salesforce and Contact Form 7,...

6.5AI score0.00204EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2025/12/07 12:0 a.m.5 views

PT-2025-49402

Name of the Vulnerable Software and Affected Versions Chanjet CRM versions prior to 20251122 Description A SQL injection issue exists in Chanjet CRM. The issue is related to the manipulation of the gblOrgID parameter within the /tools/jxf dump table demo.php file. This manipulation affects an...

7.5CVSS7.5AI score0.00264EPSS
Exploits0References11
cnnvd
cnnvd
added 2025/12/07 12:0 a.m.4 views

Chanjet CRM SQL注入漏洞

Chanjet CRM is a customer relationship management system from China's Chanjet. A SQL injection vulnerability exists in Chanjet CRM 20251121 and earlier versions, which stems from incorrect manipulation of the parameter gblOrgID in the file /tools/jxfdumptabledemo.php, which could lead to SQL...

7.5CVSS7.7AI score0.00264EPSS
Exploits0References5
redhatcve
redhatcve
added 2025/12/06 5:1 a.m.7 views

CVE-2025-13313

The CRM Memberships plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 2.6. This is due to missing authorization and authentication checks on the ntzcrmchangepassword AJAX action. This makes it possible for unauthenticated attackers...

9.8CVSS6AI score0.00495EPSS
Exploits0References1
hackread
hackread
added 2025/12/05 3:24 p.m.5 views

Sprocket Security Earns Repeat Recognition in G2’s Winter 2025 Relationship Index for Penetration Testing

Madison, United States, 5th December 2025, CyberNewsWire...

7AI score
Exploits0
nvd
nvd
added 2025/12/05 5:16 a.m.3 views

CVE-2025-13312

The CRM Memberships plugin for WordPress is vulnerable to unauthorized membership tag creation due to a missing capability check on the 'ntzcrmaddnewtag' function in all versions up to, and including, 2.5. This makes it possible for unauthenticated attackers to create arbitrary membership tags an...

5.3CVSS0.00236EPSS
Exploits0References3
cve
cve
added 2025/12/05 4:29 a.m.18 views

CVE-2025-13312

CVE-2025-13312 – CRM Memberships (WordPress) Affected: CRM Memberships plugin for WordPress (all versions up to and including 2.5).Root cause: Missing capability check in the ntzcrm_add_new_tag AJAX path, enabling unauthenticated users to create arbitrary membership tags and alter CRM configurati...

5.3CVSS5.2AI score0.00236EPSS
Exploits0References3
euvd
euvd
added 2025/11/17 6:30 p.m.5 views

EUVD-2024-55089

PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via id and adminremark parameters in quote-details.php...

6.5CVSS7.5AI score0.00235EPSS
Exploits1References3
Rows per page
Query Builder