| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-49772 | Authenticated SQL injection in AM_ProjectTemplates controller in SuiteCRM | salesagility | SuiteCRM | High | 8.8 | 2024-11-05 18:31:21 | Deep Dive |
| CVE-2024-45392 | SuiteCRM has wrong deletion permission checks on API delete call | salesagility | SuiteCRM | High | 7.7 | 2024-09-05 16:34:14 | Deep Dive |
| CVE-2024-36419 | SuiteCRM-Core Host Header Injection in /legacy | salesagility | SuiteCRM-Core | Medium | 4.3 | 2024-06-10 21:15:38 | Deep Dive |
| CVE-2024-36418 | SuiteCRM authenticated RCE using connectors | salesagility | SuiteCRM | High | 8.5 | 2024-06-10 20:16:48 | Deep Dive |
| CVE-2024-36416 | SuiteCRM v4 API Excessive log data DOS | salesagility | SuiteCRM | High | 8.6 | 2024-06-10 20:03:05 | Deep Dive |
| CVE-2024-36417 | SuiteCRM Stored XSS Vulnerability Allows Code Execution via Malicious iFrame | salesagility | SuiteCRM | Medium | 5.7 | 2024-06-10 19:55:57 | Deep Dive |
| CVE-2024-36415 | SuiteCRM Improper Control of Filename for Include Statement in PHP and Unrestricted Upload of File with Dangerous content leads to authenticated remote code execution | salesagility | SuiteCRM | Critical | 9.1 | 2024-06-10 19:49:54 | Deep Dive |
| CVE-2024-36414 | SuiteCRM authenticated Server-Side Request Forgery | salesagility | SuiteCRM | High | 7.7 | 2024-06-10 19:40:19 | Deep Dive |
| CVE-2024-36413 | SuiteCRM authenticated Reflected Cross-Site Scripting | salesagility | SuiteCRM | High | 8.9 | 2024-06-10 19:38:55 | Deep Dive |
| CVE-2024-36412 | SuiteCRM unauthenticated SQL Injection | salesagility | SuiteCRM | Critical | 10.0 | 2024-06-10 19:35:44 | Deep Dive |
| CVE-2024-36411 | SuiteCRM authenticated SQL Injection in EmailUIAjax displayView controller | salesagility | SuiteCRM | Critical | 9.6 | 2024-06-10 19:33:50 | Deep Dive |
| CVE-2024-36410 | SuiteCRM authenticated SQL Injection in EmailUIAjax messages count controller | salesagility | SuiteCRM | Critical | 9.6 | 2024-06-10 17:24:09 | Deep Dive |
| CVE-2024-36409 | SuiteCRM authenticated SQL Injection in TreeData entrypoint | salesagility | SuiteCRM | Critical | 9.6 | 2024-06-10 17:21:28 | Deep Dive |
| CVE-2024-36408 | SuiteCRM authenticated SQL Injection in Alerts | salesagility | SuiteCRM | Critical | 9.6 | 2024-06-10 16:46:01 | Deep Dive |
| CVE-2024-36407 | SuiteCRM unauthenticated user password reset on php7 | salesagility | SuiteCRM | Low | 3.7 | 2024-06-10 16:38:17 | Deep Dive |
| CVE-2024-36406 | SuiteCRM vulnerable to open redirects | salesagility | SuiteCRM | Medium | 5.4 | 2024-06-10 15:06:22 | Deep Dive |
| CVE-2023-47643 | SuiteCRM has Unauthenticated Graphql Introspection Enabled | salesagility | SuiteCRM-Core | Low | 3.1 | 2023-11-21 19:32:22 | Deep Dive |
| CVE-2023-6131 | Code Injection in salesagility/suitecrm | salesagility | salesagility/suitecrm | 高危 | - | 2023-11-14 16:27:57 | Deep Dive |
| CVE-2023-6130 | Path Traversal: '\..\filename' in salesagility/suitecrm | salesagility | salesagility/suitecrm | 高危 | - | 2023-11-14 16:19:29 | Deep Dive |
| CVE-2023-6128 | Cross-site Scripting (XSS) - Reflected in salesagility/suitecrm | salesagility | salesagility/suitecrm | 中危 | - | 2023-11-14 16:11:05 | Deep Dive |