Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

SuiteCRM — Vulnerabilities & Security Advisories 35

Browse all 35 CVE security advisories affecting SuiteCRM. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by SuiteCRM:SuiteCRMSuiteCRM-Core
CVE IDTitleCVSSSeverityPublished
CVE-2019-25664 SuiteCRM 7.10.7 SQL Injection via record Parameter — SuiteCRMCWE-89 7.1 High2026-04-05
CVE-2019-25663 SuiteCRM 7.10.7 SQL Injection via parentTab Parameter — SuiteCRMCWE-89 7.1 High2026-04-05
CVE-2026-32697 SuiteCRM: RecordHandler::getRecord() missing ACLAccess('view') check allows any authenticated user to read any record (IDOR) — SuiteCRM-CoreCWE-639 6.5 Medium2026-03-19
CVE-2026-29109 SuiteCRM Authenticated Remote Code Execution via Unsafe Deserialization in SavedSearch Filter Processing — SuiteCRM-CoreCWE-502 7.2 -2026-03-19
CVE-2026-29108 Authenticated SuiteCRM Users Can Retrieve The Password Hash of Any User — SuiteCRM-CoreCWE-200 6.5 Medium2026-03-19
CVE-2026-33289 SuiterCRM has LDAP Filter Injection in Authentication Module — SuiteCRMCWE-90 8.8 High2026-03-19
CVE-2026-33288 SuiteCRM has Authenticated SQL Injection in Authentication Module — SuiteCRMCWE-89 8.8 High2026-03-19
CVE-2026-29189 SuiteCRM has a REST API V8 IDOR: Missing ACL Checks on User Preferences and Relationship Endpoints — SuiteCRMCWE-639 8.1 High2026-03-19
CVE-2026-29107 SuiteCRM vulnerable to authenticated SSRF via PDF export — SuiteCRMCWE-918 5.0 Medium2026-03-19
CVE-2026-29106 SuiteCRM has blind XSS in return_id parameter — SuiteCRMCWE-79 5.9 Medium2026-03-19
CVE-2026-29105 SuiteCRM has Unauthenticated Open Redirect in Leads WebToLead Capture — SuiteCRMCWE-601 5.4 Medium2026-03-19
CVE-2026-29104 SuiteCRM Vulnerable to Authenticated Arbitrary File Upload via Configurator addfontresult View in SuiteCRM — SuiteCRMCWE-434 2.7 Low2026-03-19
CVE-2026-29103 SuiteCRM Vulnerable to Remote Code Execution via Module Loader Package Scanner Bypass — SuiteCRMCWE-94 9.1 Critical2026-03-19
CVE-2026-29102 SuiteCRM has Authenticated RCE in Modules — SuiteCRMCWE-94 7.2 High2026-03-19
CVE-2026-29101 SuiteCRM Vulnerable to Directory Traversal to DoS in Modules — SuiteCRMCWE-23 4.9 Medium2026-03-19
CVE-2026-29100 SuiteCRM has Reflected HTML Injection in Login Page via default_user_name Parameter — SuiteCRMCWE-79 7.1 High2026-03-19
CVE-2026-29099 SuiteCRM has Authenticated Blind SQL Injection in OutboundEmail Legacy Functionality. — SuiteCRMCWE-89 8.8 High2026-03-19
CVE-2026-29098 SuiteCRM has Relative Path Traversal via ModuleBuilder Modules ExportCustom Action — SuiteCRMCWE-23 4.9 Medium2026-03-19
CVE-2026-29097 SuiteCRM Server-Side Request Forgery and Denial of Service via RSS Feed Dashlet — SuiteCRMCWE-918 6.5 -2026-03-19
CVE-2026-29096 SuiteCRM vulnerable to Authenticated SQL Injection via unsanitized field_function in Report Fields — SuiteCRMCWE-89 8.1 High2026-03-19
CVE-2025-64493 SuiteCRM is Vulnerable to Authenticated Blind SQL Injection via GraphQL — SuiteCRM-CoreCWE-89 6.5 Medium2025-11-08
CVE-2025-64492 SuiteCRM is Vulnerable to Authenticated Time Based Blind SQL Injection — SuiteCRM-CoreCWE-89 8.8 High2025-11-08
CVE-2025-64491 SuiteCRM is vulnerable to unauthenticated reflected XSS through its Login page — SuiteCRMCWE-79 6.1 Medium2025-11-08
CVE-2025-64490 SuiteCRM's Inconsistent RBAC Enforcement Enables Access Control Bypass — SuiteCRMCWE-863 8.3 High2025-11-08
CVE-2025-64489 SuiteCRM: Privilege Escalation via Improper Session Invalidation and Inactive User Bypass — SuiteCRMCWE-269 8.3 High2025-11-08
CVE-2025-64488 SuiteCRM: Authenticated SQL Injection Possible in Reschedule Call Module — SuiteCRMCWE-89 8.8 -2025-11-07
CVE-2022-50590 SuiteCRM < 7.12.6 Type Confusion via 'deleteAttachment' Functionality — SuiteCRMCWE-843 7.5 -2025-11-06
CVE-2022-50589 SuiteCRM < 7.12.6 SQL Injection via 'export' Functionality — SuiteCRMCWE-89 9.8 -2025-11-06
CVE-2025-41384 Reflected Cross-Site Scripting (XSS) in SuiteCRM — SuiteCRMCWE-79 6.1AIMediumAI2025-10-27
CVE-2025-54787 SuiteCRM: Improper Authorization for attachment downloads — SuiteCRMCWE-285 3.7 Low2025-08-07

This page lists every published CVE security advisory associated with SuiteCRM. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.