Lucene search
K

403 matches found

NVD
NVD
added 2026/03/19 11:16 p.m.6 views

CVE-2026-29099

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the retrieve function in include/OutboundEmail/OutboundEmail.php fails to properly neutralize the user controlled $id parameter. It is assumed that the...

8.8CVSS0.00259EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/19 10:46 p.m.21 views

CVE-2026-29099 SuiteCRM has Authenticated Blind SQL Injection in OutboundEmail Legacy Functionality.

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the retrieve function in include/OutboundEmail/OutboundEmail.php fails to properly neutralize the user controlled $id parameter. It is assumed that the...

8.8CVSS0.00259EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/19 10:46 p.m.7 views

EUVD-2026-13357

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the retrieve function in include/OutboundEmail/OutboundEmail.php fails to properly neutralize the user controlled $id parameter. It is assumed that the...

8.8CVSS5.9AI score0.00259EPSS
Exploits0References2
CVE
CVE
added 2026/03/19 10:46 p.m.8 views

CVE-2026-29099

SuiteCRM versions 7.15 and 8.9 are affected by authenticated SQL injection in the retrieve() function of include/OutboundEmail/OutboundEmail.php, exploitable via two paths in the EmailUIAjax action. The user-controlled $id is not properly neutralized, allowing retrieval of arbitrary database info...

8.8CVSS5.9AI score0.00259EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/19 10:46 p.m.3 views

CVE-2026-29099 SuiteCRM has Authenticated Blind SQL Injection in OutboundEmail Legacy Functionality.

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the retrieve function in include/OutboundEmail/OutboundEmail.php fails to properly neutralize the user controlled $id parameter. It is assumed that the...

8.8CVSS6AI score0.00259EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.4 views

PT-2026-26437

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the retrieve function in include/OutboundEmail/OutboundEmail.php fails to properly neutralize the user controlled $id parameter. It is assumed that the...

8.8CVSS5.9AI score0.00259EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.7 views

SuiteCRM SQL注入漏洞

SuiteCRM is a customer relationship management system developed by the SuiteCRM team. Versions of SuiteCRM prior to 7.15.1 and 8.9.3 had an SQL injection vulnerability. This vulnerability stemmed from the retrieve function in the include/OutboundEmail/OutboundEmail.php file, which failed to...

8.8CVSS6AI score0.00259EPSS
Exploits0References2
OSV
OSV
added 2026/02/20 11:16 p.m.6 views

CVE-2019-25438

LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the login parameter of login.php or the username parameter of...

7.5CVSS6.1AI score0.00478EPSS
Exploits1References3
NVD
NVD
added 2026/02/20 11:16 p.m.5 views

CVE-2019-25438

LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the login parameter of login.php or the username parameter of...

8.8CVSS0.00478EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/20 10:54 p.m.23 views

CVE-2019-25438 LabCollector 5.423 SQL Injection via login.php

LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the login parameter of login.php or the username parameter of...

8.8CVSS0.00478EPSS
Exploits1References3
CVE
CVE
added 2026/02/20 10:54 p.m.12 views

CVE-2019-25438

CVE-2019-25438 affects LabCollector 5.423. The vulnerability is multiple SQL injection flaws exploitable by unauthenticated attackers through POST parameters, specifically login.php (login) and retrieve_password.php (user_name), enabling extraction of sensitive database information. No remediatio...

8.8CVSS6.4AI score0.00478EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.8 views

PT-2026-21031

Name of the Vulnerable Software and Affected Versions Seraphinite Solutions Seraphinite Accelerator versions through 2.22.15 Description A missing authorization issue exists in Seraphinite Accelerator, potentially allowing retrieval of embedded sensitive data. The issue affects the...

8.5AI score0.00273EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.6 views

PT-2026-21315

LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the login parameter of login.php or the user name parameter o...

8.8CVSS6.4AI score0.00478EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/19 8:26 a.m.3 views

CVE-2026-25008

Insertion of Sensitive Information Into Sent Data vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Retrieve Embedded Sensitive Data.This issue affects Ninja Tables: from n/a through = 5.2.5...

5.5AI score0.00215EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.4 views

PT-2026-6420

Impact The deriveVaultKey function calls retrieveCloudKey which always returns "foobarfoobarfoobarfoobarfoobarfo". When merged with the randomly generated 32-byte key using mergeKeys 16 bytes from each, the last 16 bytes are always "arfoobarfoobarfo". This enables an attacker with physical access...

7.8CVSS5.4AI score0.00134EPSS
Exploits0References7
GitLab Advisory Database
GitLab Advisory Database
added 2026/02/03 12:0 a.m.5 views

melange QEMU runner could write files outside workspace directory

An attacker who can influence the tar stream from a QEMU guest VM could write files outside the intended workspace directory on the host. The retrieveWorkspace function extracts tar entries without validating that paths stay within the workspace, allowing Path Traversal via ../ sequences...

8.4CVSS5.4AI score0.00167EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/27 9:15 p.m.7 views

CVE-2026-24117

A Server-Side Request Forgery SSRF flaw has been discovered in the Rekor transparency log tool. In versions 1.4.3 and below, attackers can trigger SSRF to arbitrary internal services because /api/v1/index/retrieve supports retrieving a public key via user-provided URL. Since the SSRF only can...

5.3CVSS5.7AI score0.00332EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/01/24 12:24 a.m.6 views

SUSE CVE-2026-24117

Rekor is a software supply chain transparency log. In versions 1.4.3 and below, attackers can trigger SSRF to arbitrary internal services because /api/v1/index/retrieve supports retrieving a public key via user-provided URL. Since the SSRF only can trigger GET requests, the request cannot mutate...

5.3CVSS5.7AI score0.00332EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/23 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-24117

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rekor is a software supply chain transparency log. In versions 1.4.3 and below, attackers can trigger SSRF to arbitrary internal services because...

5.3CVSS7.3AI score0.00332EPSS
Exploits0References4
Snyk
Snyk
added 2026/01/22 10:50 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the /api/v1/index/retrieve endpoint. An attacker can scan internal network resources by sending GET requests to retrieve a public key. Since only GET requests are allowed for this endpoint, it is not...

6.9CVSS5.5AI score0.00332EPSS
Exploits0References2
Rows per page
Query Builder