Lucene search
K

545 matches found

Nuclei
Nuclei
added 15 hours ago29 views

Vtiger CRM v7.2.0 - Directory Listing

Vtiger CRM v7.2.0 contains a directory traversal vulnerability caused by improper access controls in /libraries and /layout directories, letting attackers display hidden files and list directories, exploit requires no authentication. id: CVE-2020-19363 info: name: Vtiger CRM v7.2.0 - Directory...

6.5CVSS6.6AI score0.03643EPSS
Exploits1References2
NVD
NVD
added 3 days ago9 views

CVE-2026-23698

Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents...

8.6CVSS0.00867EPSS
Exploits2References3
NVD
NVD
added 3 days ago7 views

CVE-2026-23697

Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module, bypassing the extension denylist in config.inc.php which omits the...

8.8CVSS0.00758EPSS
Exploits2References3
CVE
CVE
added 3 days ago13 views

CVE-2026-23697

Vtiger CRM before 8.4.0 is vulnerable to an authenticated file upload RCE via the Documents module. An attacker with low privileges can upload a .phar file containing arbitrary PHP code, bypassing the extension denylist in config.inc.php (which omits .phar). The uploaded file is stored with its o...

8.8CVSS6.8AI score0.00758EPSS
Exploits2References3
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-23697 Vtiger CRM < 8.4.0 Authenticated File Upload RCE via Documents Module

Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module, bypassing the extension denylist in config.inc.php which omits the...

8.8CVSS0.00758EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 3 days ago5 views

CVE-2026-23697

Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module, bypassing the extension denylist in config.inc.php which omits the...

8.8CVSS6.8AI score0.00758EPSS
Exploits2References4
EUVD
EUVD
added 3 days ago4 views

EUVD-2026-42054

Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents...

8.6CVSS6.7AI score0.00867EPSS
Exploits2References3
Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-23698 Vtiger CRM 8.4.0 Authenticated RCE via Module Import File Upload

Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents...

8.6CVSS0.00867EPSS
Exploits2References3
CVE
CVE
added 3 days ago11 views

CVE-2026-23698

Vtiger CRM up to 8.4.0 is affected by an authenticated remote code execution vulnerability in the admin ModuleManager import feature. A privileged administrator can upload a crafted ZIP archive which is extracted directly into the web root’s modules/ directory without proper file-type validation ...

8.6CVSS6.7AI score0.00867EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2026/04/14 1:22 a.m.6 views

CVE-2025-70936

Vtiger CRM 8.4.0 contains a reflected cross-site scripting XSS vulnerability in the MailManager module. Improper handling of user-controlled input in the folder parameter allows a specially crafted, double URL-encoded payload to be reflected and executed in the context of an authenticated user s...

5.4CVSS5.7AI score0.00138EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/13 9:30 p.m.9 views

EUVD-2025-209429

Vtiger CRM 8.4.0 contains a reflected cross-site scripting XSS vulnerability in the MailManager module. Improper handling of user-controlled input in the folder parameter allows a specially crafted, double URL-encoded payload to be reflected and executed in the context of an authenticated user s...

5.7AI score0.00138EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.9 views

Vtiger CRM 安全漏洞

Vtiger CRM is a customer relationship management system developed by Vtiger Corporation in the United States, based on SugarCRM. This system provides functions for managing, collecting, and analyzing customer information. Version Vtiger CRM 8.4.0 has a security vulnerability that stems from...

6.1CVSS5.8AI score0.00163EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/13 12:0 a.m.5 views

CVE-2025-70936

Vtiger CRM 8.4.0 contains a reflected cross-site scripting XSS vulnerability in the MailManager module. Improper handling of user-controlled input in the folder parameter allows a specially crafted, double URL-encoded payload to be reflected and executed in the context of an authenticated user s...

5.7AI score0.00138EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/13 12:0 a.m.21 views

CVE-2025-70936

Vtiger CRM 8.4.0 contains a reflected cross-site scripting XSS vulnerability in the MailManager module. Improper handling of user-controlled input in the folder parameter allows a specially crafted, double URL-encoded payload to be reflected and executed in the context of an authenticated user s...

0.00138EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/13 12:0 a.m.3 views

CVE-2026-26460

A HTML Injection vulnerability exists in the Dashboard module of Vtiger CRM 8.4.0. The application fails to properly neutralize user-supplied input in the tabid parameter of the DashBoardTab view getTabContents action, allowing an attacker to inject arbitrary HTML content into the dashboard...

5.9AI score0.00163EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/13 12:0 a.m.3 views

CVE-2026-26460

A HTML Injection vulnerability exists in the Dashboard module of Vtiger CRM 8.4.0. The application fails to properly neutralize user-supplied input in the tabid parameter of the DashBoardTab view getTabContents action, allowing an attacker to inject arbitrary HTML content into the dashboard...

5.9AI score0.00163EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/13 12:0 a.m.18 views

CVE-2026-26460

A HTML Injection vulnerability exists in the Dashboard module of Vtiger CRM 8.4.0. The application fails to properly neutralize user-supplied input in the tabid parameter of the DashBoardTab view getTabContents action, allowing an attacker to inject arbitrary HTML content into the dashboard...

0.00163EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 11:11 a.m.7 views

CVE-2016-10754

modules/Calendar/Activity.php in Vtiger CRM 6.5.0 allows SQL injection via the contactidlist parameter...

8.8CVSS8.1AI score0.01461EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:56 a.m.7 views

CVE-2022-38335

Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting XSS vulnerability via the e-mail template modules...

5.4CVSS5.9AI score0.00692EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:18 a.m.18 views

CVE-2025-1618

A vulnerability has been found in vTiger CRM 6.4.0/6.5.0 and classified as problematic. This vulnerability affects unknown code of the file /modules/Mobile/index.php. The manipulation of the argument operation leads to cross site scripting. The attack can be initiated remotely. The exploit has be...

5.3CVSS4.4AI score0.00369EPSS
Exploits0References1
Rows per page
Query Builder