Lucene search
K

19 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-39803

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.01255EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2025/05/23 3:59 a.m.20 views

CVE-2023-35810

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Second-Order PHP Object Injection vulnerability has been identified in the DocuSign module. By using crafted requests, custom PHP code can be injected and executed through the DocuSign module because of missing...

7.2CVSS7.3AI score0.01222EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/23 3:59 a.m.9 views

CVE-2023-35811

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. Two SQL Injection vectors have been identified in the REST API. By using crafted requests, custom SQL code can be injected through the REST API because of missing input validation. Regular user privileges can use...

8.8CVSS8.3AI score0.00967EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:12 a.m.9 views

CVE-2019-14974

SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.html?desktopurl= XSS...

6.1CVSS6.9AI score0.31043EPSS
Exploits1References1
OSV
OSV
added 2023/06/17 10:15 p.m.4 views

CVE-2023-35808

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using crafted requests, custom PHP code can be injected and executed through the Notes module because of missing input...

8.8CVSS7.2AI score0.01255EPSS
Exploits2References3
Prion
Prion
added 2023/06/17 10:15 p.m.18 views

Sql injection

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. Two SQL Injection vectors have been identified in the REST API. By using crafted requests, custom SQL code can be injected through the REST API because of missing input validation. Regular user privileges can use...

6.5CVSS9AI score0.00967EPSS
Exploits2References3Affected Software1
CNNVD
CNNVD
added 2023/06/17 12:0 a.m.4 views

SugarCRM Enterprise 代码问题漏洞

SugarCRM Enterprise is an enterprise version of an open source Customer Relationship Management CRM system from SugarCRM USA. The system supports differentiated marketing for different customer needs, managing and distributing sales leads, and enabling information sharing and tracking of sales...

8.8CVSS8.1AI score0.01255EPSS
Exploits2References5
CNNVD
CNNVD
added 2023/06/17 12:0 a.m.3 views

SugarCRM Enterprise SQL注入漏洞

SugarCRM Enterprise is an enterprise version of an open source Customer Relationship Management CRM system from SugarCRM USA. The system supports differentiated marketing for different customer needs, managing and distributing sales leads, and enabling information sharing and tracking of sales...

8.8CVSS8.3AI score0.00967EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2023/06/17 12:0 a.m.5 views

PT-2023-25325 · Sugarcrm · Sugarcrm Enterprise

Name of the Vulnerable Software and Affected Versions: SugarCRM Enterprise versions prior to 11.0.6 SugarCRM Enterprise versions 12.x prior to 12.0.3 Description: An Unrestricted File Upload issue has been identified in the Notes module due to missing input validation. This allows custom PHP code...

8.8CVSS7.5AI score0.01255EPSS
Exploits2References7
Positive Technologies
Positive Technologies
added 2023/06/17 12:0 a.m.5 views

PT-2023-25328 · Sugarcrm +1 · Sugarcrm Enterprise +1

Name of the Vulnerable Software and Affected Versions: SugarCRM Enterprise versions prior to 11.0.6 SugarCRM Enterprise versions 12.x prior to 12.0.3 Description: A Second-Order PHP Object Injection issue has been identified in the DocuSign module. This occurs due to missing input validation,...

7.2CVSS7.2AI score0.01222EPSS
Exploits2References7
CNNVD
CNNVD
added 2023/06/17 12:0 a.m.3 views

SugarCRM Enterprise 安全漏洞

SugarCRM Enterprise is an enterprise version of an open source Customer Relationship Management CRM system from SugarCRM USA. The system supports differentiated marketing for different customer needs, managing and distributing sales leads, and enabling information sharing and tracking of sales...

8.8CVSS8.2AI score0.01256EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2023/06/17 12:0 a.m.13 views

CVE-2023-35811

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. Two SQL Injection vectors have been identified in the REST API. By using crafted requests, custom SQL code can be injected through the REST API because of missing input validation. Regular user privileges can use...

8.2AI score0.00967EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2023/06/17 12:0 a.m.10 views

CVE-2023-35809

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Bean Manipulation vulnerability has been identified in the REST API. By using a crafted request, custom PHP code can be injected through the REST API because of missing input validation. Regular user privileges...

7AI score0.01256EPSS
Exploits2References3
CNNVD
CNNVD
added 2023/06/17 12:0 a.m.4 views

SugarCRM Enterprise 注入漏洞

SugarCRM Enterprise is an enterprise version of an open source Customer Relationship Management CRM system from SugarCRM USA. The system supports differentiated marketing for different customer needs, managing and distributing sales leads, and enabling information sharing and tracking of sales...

7.2CVSS7.1AI score0.01222EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2023/06/17 12:0 a.m.12 views

CVE-2023-35810

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Second-Order PHP Object Injection vulnerability has been identified in the DocuSign module. By using crafted requests, custom PHP code can be injected and executed through the DocuSign module because of missing...

7.3AI score0.01222EPSS
Exploits2References3
CNVD
CNVD
added 2019/08/15 12:0 a.m.3 views

SugarCRM Enterprise Cross-Site Scripting Vulnerability

SugarCRM Enterprise is an enterprise version of an open source Customer Relationship Management CRM system from SugarCRM USA. The system supports differentiated marketing, management and distribution of sales leads for different customer needs, and information sharing and tracking of sales...

6.1CVSS6.2AI score0.31043EPSS
Exploits1References1
OSV
OSV
added 2019/08/14 4:15 p.m.5 views

CVE-2019-14974

SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.html?desktopurl= XSS...

6.1CVSS6.3AI score0.31043EPSS
Exploits1References1
Prion
Prion
added 2019/08/14 4:15 p.m.15 views

Cross site scripting

SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.html?desktopurl= XSS...

4.3CVSS6.2AI score0.31043EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2019/08/14 3:44 p.m.70 views

CVE-2019-14974

CVE-2019-14974 : SugarCRM Enterprise 9.0.0 has a cross-site scripting (XSS) vulnerability exploitable via the path mobile/error-not-supported-platform.html?desktop_url. The Nuclei template confirms the issue and describes impact as arbitrary JavaScript execution in the victim’s browser, enabling ...

6.1CVSS6.2AI score0.31043EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder