| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-50335 | Authenticated XSS in "Publish Key" Field Allowing Unauthorized Administrator User Creation in SuiteCRM | salesagility | SuiteCRM | Medium | 4.9 | 2024-11-05 18:42:14 | Deep Dive |
| CVE-2024-50333 | RCE in ModuleBuilder in SuiteCRM | salesagility | SuiteCRM | Medium | 6.6 | 2024-11-05 18:41:24 | Deep Dive |
| CVE-2024-50332 | Authenticated Blind SQL Injection in DeleteRelationShip in SuiteCRM | salesagility | SuiteCRM | High | 8.8 | 2024-11-05 18:40:15 | Deep Dive |
| CVE-2024-49774 | ModuleScanner flaws in SuiteCRM | salesagility | SuiteCRM | High | 7.2 | 2024-11-05 18:37:05 | Deep Dive |
| CVE-2024-49773 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SuiteCRM | salesagility | SuiteCRM | Medium | 5.3 | 2024-11-05 18:35:11 | Deep Dive |
| CVE-2024-49772 | Authenticated SQL injection in AM_ProjectTemplates controller in SuiteCRM | salesagility | SuiteCRM | High | 8.8 | 2024-11-05 18:31:21 | Deep Dive |
| CVE-2024-45392 | SuiteCRM has wrong deletion permission checks on API delete call | salesagility | SuiteCRM | High | 7.7 | 2024-09-05 16:34:14 | Deep Dive |
| CVE-2024-36419 | SuiteCRM-Core Host Header Injection in /legacy | salesagility | SuiteCRM-Core | Medium | 4.3 | 2024-06-10 21:15:38 | Deep Dive |
| CVE-2024-36418 | SuiteCRM authenticated RCE using connectors | salesagility | SuiteCRM | High | 8.5 | 2024-06-10 20:16:48 | Deep Dive |
| CVE-2024-36416 | SuiteCRM v4 API Excessive log data DOS | salesagility | SuiteCRM | High | 8.6 | 2024-06-10 20:03:05 | Deep Dive |
| CVE-2024-36417 | SuiteCRM Stored XSS Vulnerability Allows Code Execution via Malicious iFrame | salesagility | SuiteCRM | Medium | 5.7 | 2024-06-10 19:55:57 | Deep Dive |
| CVE-2024-36415 | SuiteCRM Improper Control of Filename for Include Statement in PHP and Unrestricted Upload of File with Dangerous content leads to authenticated remote code execution | salesagility | SuiteCRM | Critical | 9.1 | 2024-06-10 19:49:54 | Deep Dive |
| CVE-2024-36414 | SuiteCRM authenticated Server-Side Request Forgery | salesagility | SuiteCRM | High | 7.7 | 2024-06-10 19:40:19 | Deep Dive |
| CVE-2024-36413 | SuiteCRM authenticated Reflected Cross-Site Scripting | salesagility | SuiteCRM | High | 8.9 | 2024-06-10 19:38:55 | Deep Dive |
| CVE-2024-36412 | SuiteCRM unauthenticated SQL Injection | salesagility | SuiteCRM | Critical | 10.0 | 2024-06-10 19:35:44 | Deep Dive |
| CVE-2024-36411 | SuiteCRM authenticated SQL Injection in EmailUIAjax displayView controller | salesagility | SuiteCRM | Critical | 9.6 | 2024-06-10 19:33:50 | Deep Dive |
| CVE-2024-36410 | SuiteCRM authenticated SQL Injection in EmailUIAjax messages count controller | salesagility | SuiteCRM | Critical | 9.6 | 2024-06-10 17:24:09 | Deep Dive |
| CVE-2024-36409 | SuiteCRM authenticated SQL Injection in TreeData entrypoint | salesagility | SuiteCRM | Critical | 9.6 | 2024-06-10 17:21:28 | Deep Dive |
| CVE-2024-36408 | SuiteCRM authenticated SQL Injection in Alerts | salesagility | SuiteCRM | Critical | 9.6 | 2024-06-10 16:46:01 | Deep Dive |
| CVE-2024-36407 | SuiteCRM unauthenticated user password reset on php7 | salesagility | SuiteCRM | Low | 3.7 | 2024-06-10 16:38:17 | Deep Dive |