| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-35534 | ChurchCRM has Stored XSS in PersonView.php via Facebook Field Attribute Injection | ChurchCRM | CRM | High | 7.6 | 2026-04-07 15:47:44 | Deep Dive |
| CVE-2026-22666 | Dolibarr ERP/CRM < 23.0.2 Authenticated RCE via dol_eval_standard() | Dolibarr | Dolibarr ERP/CRM | High | 7.2 | 2026-04-07 12:41:31 | Deep Dive |
| CVE-2026-5370 | krayin laravel-crm Activities Module/Notes inbox.spec.ts composeMail cross site scripting | krayin | laravel-crm | Low | 3.5 | 2026-04-02 17:30:15 | Deep Dive |
| CVE-2026-32527 | WordPress WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.5 - Broken Access Control vulnerability | CRM Perks | WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms | 中危 | - | 2026-03-25 16:15:09 | Deep Dive |
| CVE-2026-25430 | WordPress Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.2.2 - Broken Access Control vulnerability | CRM Perks | Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms | Medium | 6.5 | 2026-03-25 16:14:49 | Deep Dive |
| CVE-2026-3567 | RepairBuddy <= 4.1132 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Modification via wc_rep_shop_settings_submission AJAX Action | sweetdaisy86 | RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress | Medium | 5.3 | 2026-03-20 23:25:13 | Deep Dive |
| CVE-2026-32880 | ChurchCRM is vulnerable to Stored XSS through JSON handling in SystemSettings.php | ChurchCRM | CRM | Medium | 6.4 | 2026-03-20 01:04:08 | Deep Dive |
| CVE-2026-4165 | Worksuite HR, CRM and Project Management create cross site scripting | Worksuite | HR, CRM and Project Management | Low | 2.4 | 2026-03-15 05:02:08 | Deep Dive |
| CVE-2026-3265 | go2ismail Free-CRM Security API improper authorization | go2ismail | Free-CRM | Medium | 6.3 | 2026-02-26 22:32:08 | Deep Dive |
| CVE-2026-3264 | go2ismail Free-CRM Administrative redirect | go2ismail | Free-CRM | Medium | 6.3 | 2026-02-26 22:02:08 | Deep Dive |
| CVE-2019-25452 | Dolibarr ERP/CRM 10.0.1 SQL Injection via elemid | Dolibarr | Dolibarr ERP/CRM | High | 7.5 | 2026-02-22 13:18:26 | Deep Dive |
| CVE-2019-25450 | Dolibarr ERP/CRM 10.0.1 SQL Injection via card.php | Dolibarr | Dolibarr ERP/CRM | High | 7.5 | 2026-02-22 13:18:25 | Deep Dive |
| CVE-2026-22356 | WordPress Jetpack CRM plugin <= 6.7.0 - Local File Inclusion vulnerability | Automattic | Jetpack CRM | - | - | 2026-02-20 15:47:01 | Deep Dive |
| CVE-2026-26059 | ChurchCRM has Stored Cross-Site Scripting (XSS) in GroupEditor.php | ChurchCRM | CRM | 中危 | - | 2026-02-19 18:45:53 | Deep Dive |
| CVE-2026-0488 | Code Injection vulnerability in SAP CRM and SAP S/4HANA (Scripting Editor) | SAP_SE | SAP CRM and SAP S/4HANA (Scripting Editor) | Critical | 9.9 | 2026-02-10 03:01:09 | Deep Dive |
| CVE-2026-24855 | ChurchCRM has Stored Cross-Site Scripting (XSS) in Create Events in Church Calendar, Leading to Account Takeover | ChurchCRM | CRM | - | - | 2026-01-30 15:08:31 | Deep Dive |
| CVE-2026-24854 | Church CRM has SQL injection in PaddleNumEditor.php | ChurchCRM | CRM | High | 8.8 | 2026-01-30 15:05:12 | Deep Dive |
| CVE-2020-37006 | berliCRM 1.0.24 - 'src_record' SQL Injection | crm-now GmbH | berliCRM | High | 8.2 | 2026-01-29 14:28:29 | Deep Dive |
| CVE-2020-37004 | Ultimate Project Manager CRM PRO 2.0.5 - SQLi Credentials Leakage | codexcube | Ultimate Project Manager CRM PRO | High | 8.2 | 2026-01-29 14:28:29 | Deep Dive |
| CVE-2026-24595 | WordPress Zoho CRM Lead Magnet plugin <= 1.8.1.9 - Broken Access Control vulnerability | zohocrm | Zoho CRM Lead Magnet | Medium | 5.4 | 2026-01-23 14:29:02 | Deep Dive |