8 matches found
EUVD-2025-23899
Malicious code in bioql PyPI...
CVE-2025-54787 SuiteCRM: Improper Authorization for attachment downloads
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. There is a vulnerability in SuiteCRM version 7.14.6 which allows unauthenticated downloads of any file from the upload-directory, as long as it is named by an ID e.g. attachments. An...
CVE-2025-54787 SuiteCRM: Improper Authorization for attachment downloads
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. There is a vulnerability in SuiteCRM version 7.14.6 which allows unauthenticated downloads of any file from the upload-directory, as long as it is named by an ID e.g. attachments. An...
CVE-2025-54788
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In versions and below, the InboundEmail module allows the arbitrary execution of queries in the backend database, leading to SQL injection. This can have wide-reaching implications on...
CVE-2025-54783 SuiteCRM: Reflected Cross Site Scripting (XSS) through HTTP Referrer header
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions 7.14.6 and below have a Reflected Cross-Site Scripting XSS vulnerability. This vulnerability allows an attacker to execute JavaScript code by modifying the HTTP Referer header to inclu...
CVE-2025-54783 SuiteCRM: Reflected Cross Site Scripting (XSS) through HTTP Referrer header
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions 7.14.6 and below have a Reflected Cross-Site Scripting XSS vulnerability. This vulnerability allows an attacker to execute JavaScript code by modifying the HTTP Referer header to inclu...
CVE-2025-54788 SuiteCRM: Authenticated Blind SQL Injection in InboundEmail module
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In versions and below, the InboundEmail module allows the arbitrary execution of queries in the backend database, leading to SQL injection. This can have wide-reaching implications on...
CVE-2025-54788 SuiteCRM: Authenticated Blind SQL Injection in InboundEmail module
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In versions and below, the InboundEmail module allows the arbitrary execution of queries in the backend database, leading to SQL injection. This can have wide-reaching implications on...